US-CERT: United States Computer Emergency Readiness Team
National Cyber Alert System
Cyber Security Bulletin SB09-201
Last updated July 20, 2009
Cyber Security Bulletin SB09-201
Vulnerability Summary for the Week of July 13, 2009
|
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. |
| High Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
| mathtex -- mathtex | The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag. | 2009-07-14 | 10.0 | CVE-2009-1383 VUPEN BUGTRAQ SECUNIA MISC |
|
adbnewssender -- adbnewssender |
Directory traversal vulnerability in maillinglist/setup/step1.php.inc in ADbNewsSender before 1.5.6, and 2.0 before RC2, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter to setup/index.php. | 2009-07-13 | 7.5 | CVE-2009-2444 VUPEN BID CONFIRM |
|
adbnewssender -- adbnewssender |
Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter. | 2009-07-13 | 7.5 | CVE-2009-2449 CONFIRM |
|
cisco -- customer_response_applications cisco -- ip_qm cisco -- unified_ccx cisco -- unified_ip_contact_center_express cisco -- unified_ip_ivr cisco -- crs |
Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors. | 2009-07-16 | 9.0 | CVE-2009-2047 BID CISCO |
|
citrix -- licensing |
Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors, related to "underlying components of the License Management Console." | 2009-07-14 | 10.0 | CVE-2009-2452 CONFIRM |
|
citrix -- presentation_server citrix -- xenapp |
Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors. | 2009-07-14 | 7.5 | CVE-2009-2453 VUPEN SECTRACK BID CONFIRM |
|
forkosh -- mimetex |
Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when downloaded before 20090713, allow remote attackers to execute arbitrary code via a TeX file with long (1) picture, (2) circle, or (3) input tags. | 2009-07-14 | 10.0 | CVE-2009-1382 VUPEN MISC |
|
forkosh -- mimetex |
Multiple unspecified vulnerabilities in mimeTeX, when downloaded before 20090713, have unknown impact and attack vectors related to the (1) \environ, (2) \input, and (3) \counter TeX directives. | 2009-07-14 | 10.0 | CVE-2009-2459 VUPEN |
|
forkosh -- mathtex |
Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when downloaded before 20090713, have unspecified impact and remote attack vectors. | 2009-07-14 | 10.0 | CVE-2009-2460 VUPEN MISC |
|
hp -- procurve_threat_management_services_zl_module |
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors, aka PR_41209. | 2009-07-14 | 10.0 | CVE-2009-1422 HP HP |
|
hp -- procurve_threat_management_services_zl_module |
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors, aka PR_39898, a different vulnerability than CVE-2009-1424 and CVE-2009-1425. | 2009-07-14 | 7.8 | CVE-2009-1423 HP HP |
|
hp -- procurve_threat_management_services_zl_module |
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors, aka PR_39412, a different vulnerability than CVE-2009-1423 and CVE-2009-1425. | 2009-07-14 | 7.8 | CVE-2009-1424 HP HP |
|
hp -- procurve_threat_management_services_zl_module |
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors, aka PR_18770, a different vulnerability than CVE-2009-1423 and CVE-2009-1424. | 2009-07-14 | 7.8 | CVE-2009-1425 HP HP |
|
isc -- dhcp |
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. | 2009-07-14 | 10.0 | CVE-2009-0692 CERT-VN |
|
libtiff -- libtiff |
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. | 2009-07-14 | 9.3 | CVE-2009-2347 CONFIRM VUPEN BID MISC MANDRIVA CONFIRM CONFIRM |
|
linux -- kernel linux -- linux_kernel |
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR). | 2009-07-16 | 7.2 | CVE-2009-1895 VUPEN CONFIRM MISC |
|
mathtex -- mathtex |
mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors. | 2009-07-14 | 7.2 | CVE-2009-2461 VUPEN BUGTRAQ SECUNIA MISC |
|
microsoft -- windows_2000 microsoft -- windows_server_2003 microsoft -- windows_server_2008 microsoft -- windows_vista microsoft -- windows_xp |
Heap-based buffer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record, aka "Embedded OpenType Font Heap Overflow Vulnerability." | 2009-07-15 | 9.3 | CVE-2009-0231 MS |
|
microsoft -- windows_2000 microsoft -- windows_server_2003 microsoft -- windows_server_2008 microsoft -- windows_vista microsoft -- windows_xp |
Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability." | 2009-07-15 | 9.3 | CVE-2009-0232 MS |
|
microsoft -- office_publisher |
Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability." | 2009-07-15 | 9.3 | CVE-2009-0566 MS |
|
microsoft -- isa_server |
Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability." | 2009-07-15 | 9.0 | CVE-2009-1135 MS |
|
microsoft -- isa_server microsoft -- office microsoft -- office_web_components microsoft -- office_xp |
The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components for the 2007 Microsoft Office system SP1, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method. | 2009-07-15 | 9.3 | CVE-2009-1136 MISC CONFIRM MISC MISC CONFIRM CONFIRM |
|
microsoft -- directx microsoft -- windows_2000 microsoft -- windows_server_2003 microsoft -- windows_xp |
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability." | 2009-07-15 | 9.3 | CVE-2009-1538 MS |
|
microsoft -- directx microsoft -- windows_2000 microsoft -- windows_server_2003 microsoft -- windows_xp |
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability." | 2009-07-15 | 9.3 | CVE-2009-1539 MS |
|
microsoft -- virtual_pc microsoft -- virtual_server |
The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability." | 2009-07-15 | 9.0 | CVE-2009-1542 MS |
|
mim.infinix -- infinix |
Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX 1.2.003 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters in a calendar action, or (3) a search term in the search form. | 2009-07-14 | 7.5 | CVE-2009-2451 BID BUGTRAQ BUGTRAQ MILW0RM |
|
mozilla -- firefox |
Stack-based buffer overflow in Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long Unicode string argument to the write method. | 2009-07-16 | 10.0 | CVE-2009-2479 XF BID MILW0RM |
|
mysql -- mysql |
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. | 2009-07-13 | 8.5 | CVE-2009-2446 XF OSVDB |
|
oracle -- database_server |
Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2009-07-14 | 7.5 | CVE-2009-1019 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Network Foundation component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 2009-07-14 | 9.0 | CVE-2009-1020 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Network Foundation component in Oracle Database 11.1.0.6 allows remote authenticated users to affect integrity and availability via unknown vectors. | 2009-07-14 | 7.5 | CVE-2009-1963 CONFIRM |
|
oracle -- secure_backup |
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2009-07-14 | 10.0 | CVE-2009-1977 CONFIRM |
|
oracle -- secure_backup |
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 2009-07-14 | 9.0 | CVE-2009-1978 CONFIRM |
|
php-nuke -- php-nuke |
SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action. | 2009-07-14 | 7.5 | CVE-2008-6865 BUGTRAQ OSVDB |
|
php-nuke -- current_issue_module |
SQL injection vulnerability in modules.php in the Current_Issue module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a summary action. | 2009-07-14 | 7.5 | CVE-2008-6866 BUGTRAQ OSVDB |
|
pulseaudio -- pulseaudio |
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink. | 2009-07-17 | 7.2 | CVE-2009-1894 CONFIRM BID |
|
scripts_for_sites -- ez_career |
SQL injection vulnerability in content.php in Scripts For Sites (SFS) EZ Career allows remote attackers to execute arbitrary SQL commands via the topic parameter. | 2009-07-14 | 7.5 | CVE-2008-6867 XF BID MILW0RM SECUNIA OSVDB |
|
sun -- opensolaris sun -- solaris |
Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_120, allows remote attackers to cause a denial of service (panic) via unspecified packets. | 2009-07-16 | 10.0 | CVE-2009-2486 CONFIRM |
|
sun -- opensolaris sun -- solaris |
Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors. | 2009-07-16 | 7.8 | CVE-2009-2487 CONFIRM |
|
tallemu -- online_armor_personal_firewall_av+ tallemu -- personal_firewall |
The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Armor Personal Firewall AV+ before 3.5.0.12, and Personal Firewall 3.5 before 3.5.0.14, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\OAmon containing arbitrary kernel addresses, as demonstrated using the 0x830020C3 IOCTL. | 2009-07-13 | 7.2 | CVE-2009-2450 XF |
|
tingan -- ht-mp3player |
Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a .ht3 file. | 2009-07-16 | 9.3 | CVE-2009-2485 MILW0RM |
|
videolan -- vlc_media_player |
Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file. | 2009-07-16 | 9.3 | CVE-2009-2484 VUPEN BID MILW0RM SECUNIA CONFIRM |
|
xigla -- absolute_faq_manager_.net |
Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | 2009-07-14 | 7.5 | CVE-2008-6854 XF BID MILW0RM SECUNIA |
|
xigla -- absolute_news_feed |
Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie. | 2009-07-14 | 7.5 | CVE-2008-6855 XF BID MILW0RM SECUNIA |
|
xigla -- absolute_news_manager.net |
Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | 2009-07-14 | 7.5 | CVE-2008-6856 XF BID MILW0RM SECUNIA |
|
xigla -- absolute_podcast.net |
Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | 2009-07-14 | 7.5 | CVE-2008-6857 XF BID MILW0RM SECUNIA OSVDB |
|
xigla -- absolute_banner_manager.net |
Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | 2009-07-14 | 7.5 | CVE-2008-6858 XF BID MILW0RM SECUNIA |
|
xigla -- absolute_poll_manager_xe |
Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | 2009-07-14 | 7.5 | CVE-2008-6860 XF BID MILW0RM |
|
xigla -- absolute_newsletter |
Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | 2009-07-14 | 7.5 | CVE-2008-6861 XF BID MILW0RM SECUNIA |
|
xigla -- absolute_content_rotator |
Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | 2009-07-14 | 7.5 | CVE-2008-6862 XF BID MILW0RM SECUNIA |
|
xigla -- absolute_form_processor.net |
Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | 2009-07-14 | 7.5 | CVE-2008-6863 XF BID MILW0RM SECUNIA |
|
xigla -- absolute_live_support_.net |
Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | 2009-07-14 | 7.5 | CVE-2008-6864 XF BID MILW0RM SECUNIA |
| Back to top | ||||
| Medium Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
atmail -- @tmail |
Multiple cross-site scripting (XSS) vulnerabilities in webadmin/admin.php in @mail 5.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) type and (2) func parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2009-07-14 | 5.0 | CVE-2009-2455 SECUNIA |
|
citrix -- web_interface |
Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6, 5.0, and 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2009-07-14 | 4.3 | CVE-2009-2454 CONFIRM |
|
esoftpro -- online_guestbook_pro |
Multiple cross-site scripting (XSS) vulnerabilities in ogp_show.php in Online Guestbook Pro 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) display parameter. | 2009-07-13 | 4.3 | CVE-2009-2447 MISC SECUNIA |
|
esoftpro -- online_guestbook_pro |
Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the search_choice parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2009-07-13 | 4.3 | CVE-2009-2448 SECUNIA |
|
isc -- dhcp |
dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests. | 2009-07-17 | 5.0 | CVE-2009-1892 BID DEBIAN |
|
isc -- dhcp redhat -- enterprise_linux |
The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command. | 2009-07-17 | 6.9 | CVE-2009-1893 CONFIRM XF BID REDHAT SECTRACK SECUNIA |
|
mcafee -- smartfilter |
SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in admin_backup.xml files and uses insecure permissions for this file, which allows local users to gain privileges. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2009-07-10 | 4.6 | CVE-2009-2429 XF SECUNIA FULLDISC |
|
movabletype -- six_apart_movable_type |
Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type 4.24, and 4.25 when global templates are not initialized, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2009-07-16 | 4.3 | CVE-2009-2480 XF VUPEN BID CONFIRM SECUNIA JVNDB JVN |
|
mozilla -- firefox |
The Just-in-time (JIT) JavaScript compiler in Mozilla Firefox 3.5 allows remote attackers to execute arbitrary code via a crafted document containing P and FONT elements. | 2009-07-15 | 6.9 | CVE-2009-2477 VUPEN MILW0RM MISC SECUNIA MISC CONFIRM |
|
mozilla -- firefox |
Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug." | 2009-07-16 | 5.0 | CVE-2009-2478 CONFIRM CONFIRM |
|
netbsd -- netbsd |
The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group. | 2009-07-16 | 6.9 | CVE-2009-2482 XF SECTRACK BID SECUNIA OSVDB |
|
netbsd -- netbsd |
libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via a malformed externalized plist (XML form) containing an undefined element. | 2009-07-16 | 4.9 | CVE-2009-2483 XF SECTRACK BID SECUNIA OSVDB NETBSD |
|
novell -- edirectory |
Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow. | 2009-07-14 | 5.0 | CVE-2009-0192 VUPEN BID BUGTRAQ CONFIRM MISC SECUNIA |
|
novell -- edirectory |
The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN). | 2009-07-14 | 5.0 | CVE-2009-2456 VUPEN BID CONFIRM SECUNIA |
|
novell -- edirectory |
The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malformed bind LDAP packet. | 2009-07-14 | 5.0 | CVE-2009-2457 VUPEN |
|
openhandsetalliance -- android |
Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone. | 2009-07-17 | 6.9 | CVE-2009-2348 BID BUGTRAQ MLIST MISC CONFIRM CONFIRM CONFIRM |
|
oracle -- application_server oracle -- bea_product_suite |
The design of the W3C XML Signature Syntax and Processing (XMLDsig) standard, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; and other products uses a parameter that defines an HMAC truncation length but does not require a minimum for this length, which allows attackers to bypass HMAC protection and spoof HMAC-based signatures by specifying a truncation length with a small number of bits. | 2009-07-14 | 6.4 | CVE-2009-0217 CERT-VN |
|
oracle -- database_server |
Unspecified vulnerability in the Upgrade component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 2009-07-14 | 5.5 | CVE-2009-0987 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.05, and 10.2.04 allows remote authenticated users to affect integrity via unknown vectors. | 2009-07-14 | 4.0 | CVE-2009-1015 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 2009-07-14 | 5.5 | CVE-2009-1021 CONFIRM |
|
oracle -- database_server oracle -- enterprise_manager |
Unspecified vulnerability in the Config Management component in (1) Oracle Database 11.1.0.7 and (2) Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 2009-07-14 | 5.5 | CVE-2009-1966 CONFIRM |
|
oracle -- database_server oracle -- enterprise_manager |
Unspecified vulnerability in the Config Management component in (1) Oracle Database 11.1.0.7 and (2) Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 2009-07-14 | 5.5 | CVE-2009-1967 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. | 2009-07-14 | 5.0 | CVE-2009-1968 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors. | 2009-07-14 | 5.0 | CVE-2009-1970 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Virtual Private Database component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to VPD policies. | 2009-07-14 | 5.5 | CVE-2009-1973 CONFIRM |
|
oracle -- bea_product_suite |
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Servlet Container Package. | 2009-07-14 | 6.8 | CVE-2009-1974 CONFIRM |
|
oracle -- bea_product_suite |
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality, integrity, and availability, related to the WLS Console Package. | 2009-07-14 | 6.8 | CVE-2009-1975 CONFIRM |
|
oracle -- application_server |
Unspecified vulnerability in the HTTP Server component in Oracle Application Server 10.1.2.3 allows remote attackers to affect integrity via unknown vectors. | 2009-07-14 | 4.3 | CVE-2009-1976 CONFIRM |
|
oracle -- e-business_suite |
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 2009-07-14 | 6.0 | CVE-2009-1980 CONFIRM |
|
oracle -- e-business_suite |
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2 and 12.0.6 allows remote attackers to affect integrity via unknown vectors. | 2009-07-14 | 4.3 | CVE-2009-1982 CONFIRM |
|
oracle -- e-business_suite |
Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows remote attackers to affect integrity via unknown vectors. | 2009-07-14 | 4.3 | CVE-2009-1983 CONFIRM |
|
oracle -- e-business_suite |
Unspecified vulnerability in the Application Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Patch Administrator. | 2009-07-14 | 4.4 | CVE-2009-1984 CONFIRM |
|
oracle -- jd_edwards_enterpriseone oracle -- peoplesoft_enterprise |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools - Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.21 allows remote attackers to affect integrity via unknown vectors. | 2009-07-14 | 5.0 | CVE-2009-1987 CONFIRM |
|
oracle -- jd_edwards_enterpriseone oracle -- peoplesoft_enterprise |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS eProfile Manager component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 14, and 9.0 allows remote authenticated users to affect confidentiality via unknown vectors. | 2009-07-14 | 4.0 | CVE-2009-1988 CONFIRM |
|
oracle -- jd_edwards_enterpriseone oracle -- peoplesoft_enterprise |
Unspecified vulnerability in the PeopleSoft Enterprise FMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 14, and 9.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 2009-07-14 | 5.5 | CVE-2009-1989 CONFIRM |
|
sixapart -- movable_type |
mt-wizard.cgi in Six Apart Movable Type before 4.261 when global templates are not initialized allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors. | 2009-07-16 | 5.8 | CVE-2009-2481 XF VUPEN BID |
|
sun -- java_system_web_server |
Sun Java System Web Server (aka Sun ONE Web Server) 6.1, 6.1 SP10, 6.1 SP11, and 7.0 Update 5 on Windows allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI. | 2009-07-13 | 5.0 | CVE-2009-2445 VUPEN OSVDB SECTRACK SECUNIA MISC |
|
sun -- sun_fire_server |
Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100 graphic cards on system boards with part number 375-3463 and a hardware dash level -04 or later, allows remote attackers to cause a denial of service (panic) via unknown vectors. | 2009-07-14 | 5.4 | CVE-2009-2458 SUNALERT |
|
sun -- opensolaris sun -- solaris |
Unspecified vulnerability in the NFSv4 module in the kernel in Sun Solaris 10, and OpenSolaris snv_102 through snv_119, allows local users to cause a denial of service (client panic) via vectors involving "file operations." | 2009-07-16 | 4.9 | CVE-2009-2488 SUNALERT CONFIRM |
|
sun -- ray_server_software |
The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to access the sessions of arbitrary users via unknown vectors related to "resource leaks." | 2009-07-16 | 4.4 | CVE-2009-2491 SUNALERT CONFIRM |
|
tor -- tor |
The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors. NOTE: some of these details are obtained from third party information. | 2009-07-10 | 5.0 | CVE-2009-2426 XF VUPEN BID OSVDB MLIST |
|
xigla -- absolute_control_panel_xe |
Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | 2009-07-14 | 6.5 | CVE-2008-6859 XF BID MILW0RM SECUNIA |
| Back to top | ||||
| Low Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
cisco -- customer_response_applications cisco -- ip_qm cisco -- unified_ccx cisco -- unified_ip_contact_center_express cisco -- unified_ip_ivr cisco -- crs |
Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors. | 2009-07-16 | 3.5 | CVE-2009-2048 CISCO |
|
oracle -- database_server |
Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality via unknown vectors. | 2009-07-14 | 2.1 | CVE-2009-1969 CONFIRM |
|
oracle -- siebel_enterprise_suite |
Unspecified vulnerability in the Highly Interactive Client component in Siebel Product Suite 7.5.3, 7.7.2, 7.8.2, 8.0.0.5, and 8.1.0 allows local users to affect confidentiality and integrity via unknown vectors. | 2009-07-14 | 3.0 | CVE-2009-1981 CONFIRM |
|
oracle -- e-business_suite |
Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality via unknown vectors. | 2009-07-14 | 2.6 | CVE-2009-1986 CONFIRM |
|
six_apart -- movable_type six_apart_ltd -- movable_type sixapart -- movable_type |
Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480. | 2009-07-17 | 2.6 | CVE-2009-2492 VUPEN JVNDB |
|
sun -- ray_server_software |
Unspecified vulnerability in the utdmsession program in Sun Ray Server Software (SRSS) 4.0 allows local users to access the sessions of arbitrary users via unknown vectors. | 2009-07-16 | 2.1 | CVE-2009-2489 SUNALERT CONFIRM |
|
sun -- ray_server_software |
Unspecified vulnerability in the utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to cause a denial of service (audio outage) or possibly gain privileges via unknown vectors related to "resource leaks." | 2009-07-16 | 1.9 | CVE-2009-2490 SUNALERT CONFIRM |
| Back to top | ||||
PDF Version