US-CERT: United States Computer Emergency Readiness Team
National Cyber Alert System
Cyber Security Bulletin SB09-299
Last updated October 26, 2009
Cyber Security Bulletin SB09-299
Vulnerability Summary for the Week of October 19, 2009
|
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. |
| High Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
adobe -- acrobat adobe -- acrobat_reader |
Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. | 2009-10-19 | 9.3 | CVE-2009-2980 CERT VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors. | 2009-10-19 | 9.3 | CVE-2009-2981 CERT VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors. | 2009-10-19 | 9.3 | CVE-2009-2982 CERT VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | 2009-10-19 | 9.3 | CVE-2009-2983 CERT VUPEN CONFIRM |
|
adobe -- acrobat |
Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x before 9.2, and possibly 7.x through 7.1.4 and 8.x through 8.1.7, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. | 2009-10-19 | 9.3 | CVE-2009-2984 CERT VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996. | 2009-10-19 | 9.3 | CVE-2009-2985 CERT VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. | 2009-10-19 | 9.3 | CVE-2009-2986 CERT VUPEN CONFIRM |
|
adobe -- acrobat |
Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors. | 2009-10-19 | 9.3 | CVE-2009-2989 CERT VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors. | 2009-10-19 | 9.3 | CVE-2009-2990 CERT VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors. | 2009-10-19 | 9.3 | CVE-2009-2991 CERT VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information. | 2009-10-19 | 9.3 | CVE-2009-2993 CERT CERT-VN VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. | 2009-10-19 | 9.3 | CVE-2009-2994 CERT VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2985. | 2009-10-19 | 9.3 | CVE-2009-2996 CERT VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. | 2009-10-19 | 9.3 | CVE-2009-2997 CERT VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458. | 2009-10-19 | 9.3 | CVE-2009-2998 CERT VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998. | 2009-10-19 | 9.3 | CVE-2009-3458 CERT VUPEN CONFIRM |
|
adobe -- acrobat |
Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | 2009-10-19 | 9.3 | CVE-2009-3460 CERT VUPEN CONFIRM |
|
adobe -- acrobat |
Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors. | 2009-10-19 | 9.3 | CVE-2009-3461 CERT VUPEN CONFIRM |
|
baidu -- baidux uitv -- uiplayer |
Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code via the filename parameter. | 2009-10-19 | 9.3 | CVE-2009-2970 BUGTRAQ MISC |
|
boxalino -- boxalino |
Directory traversal vulnerability in client/desktop/default.htm in Boxalino before 09.05.25-0421 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. | 2009-10-22 | 7.5 | CVE-2009-1479 BUGTRAQ MISC |
|
citrix -- xencenterweb |
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. | 2009-10-22 | 7.5 | CVE-2009-3758 XF VUPEN BID BUGTRAQ MILW0RM SECTRACK MISC |
|
citrix -- xencenterweb |
Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party information. | 2009-10-22 | 7.5 | CVE-2009-3760 VUPEN BID BUGTRAQ MILW0RM SECTRACK MISC |
|
emc -- documentum_applicationxtender_workflow_manager |
Heap-based buffer overflow in aws_tmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to execute arbitrary code via crafted packet data to TCP port 2606. | 2009-10-22 | 10.0 | CVE-2008-3684 MISC SECUNIA |
|
emc -- documentum_applicationxtender_workflow_manager |
Directory traversal vulnerability in aws_tmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to upload arbitrary files, and execute arbitrary code, via directory traversal sequences in requests to TCP port 2606. | 2009-10-22 | 10.0 | CVE-2008-3685 MISC SECUNIA |
|
foolabs -- xpdf poppler -- poppler |
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188. | 2009-10-21 | 9.3 | CVE-2009-3603 VUPEN VUPEN BID CONFIRM CONFIRM |
|
foolabs -- xpdf poppler -- poppler |
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow. | 2009-10-21 | 9.3 | CVE-2009-3604 CONFIRM VUPEN VUPEN BID CONFIRM |
|
foolabs -- xpdf poppler -- poppler |
Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. | 2009-10-21 | 9.3 | CVE-2009-3606 VUPEN VUPEN BID SECTRACK CONFIRM |
|
foolabs -- xpdf poppler -- poppler |
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. | 2009-10-21 | 9.3 | CVE-2009-3608 CONFIRM VUPEN BID SECTRACK CONFIRM CONFIRM |
|
gallium.inria -- camimages |
Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows. | 2009-10-20 | 7.5 | CVE-2009-3296 BID DEBIAN CONFIRM CONFIRM |
|
kreotek -- phpbms |
Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to modules/bms/invoices_discount_ajax.php, (2) f parameter to dbgraphic.php, and (3) tid parameter in a show action to advancedsearch.php. | 2009-10-22 | 7.5 | CVE-2009-3754 XF MILW0RM |
|
libgd -- gd_graphics_library php -- php |
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information. | 2009-10-19 | 7.5 | CVE-2009-3546 VUPEN |
|
linux -- kernel |
The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping. | 2009-10-19 | 7.8 | CVE-2009-3613 CONFIRM |
|
lucvil -- patplayer |
Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URI in a playlist (.m3u) file. | 2009-10-16 | 9.3 | CVE-2009-3717 XF VUPEN MILW0RM SECUNIA OSVDB |
|
mysql-ocaml -- mysql-ocaml |
The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | 2009-10-22 | 7.5 | CVE-2009-2942 OSVDB DEBIAN SECUNIA |
|
opial -- opial |
SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter. | 2009-10-22 | 7.5 | CVE-2009-3752 XF BID MILW0RM SECUNIA |
|
opial -- opial |
Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request to the file in userimages, related to register.php. | 2009-10-22 | 7.5 | CVE-2009-3753 XF BID MILW0RM SECUNIA |
|
oracle -- database_server |
Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2009-10-22 | 10.0 | CVE-2009-1979 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2009-10-22 | 10.0 | CVE-2009-1985 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2009-10-22 | 10.0 | CVE-2009-1992 CONFIRM |
|
oracle -- bea_product_suite |
Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, and CVE-2009-2676. | 2009-10-22 | 10.0 | CVE-2009-3403 CONFIRM |
|
poppler -- poppler |
Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. | 2009-10-21 | 9.3 | CVE-2009-3607 CONFIRM XF VUPEN BID SECUNIA CONFIRM |
|
postgresql-ocaml -- postgresql-ocaml |
The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | 2009-10-22 | 7.5 | CVE-2009-2943 OSVDB DEBIAN SECUNIA |
|
pygresql -- pygresql |
The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | 2009-10-22 | 7.5 | CVE-2009-2940 OSVDB DEBIAN SECUNIA |
|
santostefano_giovanni -- toylog |
SQL injection vulnerability in read.php in ToyLog 0.1 allows remote attackers to execute arbitrary SQL commands via the idm parameter. | 2009-10-22 | 7.5 | CVE-2009-3750 XF MILW0RM SECUNIA OSVDB |
|
tatsuhiro_tsujikawa -- aria2 |
Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information. | 2009-10-20 | 7.6 | CVE-2009-3617 CONFIRM MLIST CONFIRM |
|
vmware -- fusion |
Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. | 2009-10-16 | 7.8 | CVE-2009-3282 VUPEN CONFIRM SECTRACK SECUNIA MLIST |
| Back to top | ||||
| Medium Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
adium -- adium pidgin -- pidgin |
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. | 2009-10-20 | 5.0 | CVE-2009-3615 CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document. | 2009-10-19 | 4.3 | CVE-2009-2979 CERT VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Unspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Windows allows remote attackers to cause a denial of service via unknown vectors. | 2009-10-19 | 4.3 | CVE-2009-2987 CERT VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors. | 2009-10-19 | 4.3 | CVE-2009-2988 CERT VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors. | 2009-10-19 | 4.3 | CVE-2009-2992 CERT VUPEN CONFIRM |
|
adobe -- acrobat |
Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service via unspecified vectors. | 2009-10-19 | 4.3 | CVE-2009-2995 CERT VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug." | 2009-10-19 | 5.1 | CVE-2009-3462 CERT VUPEN CONFIRM |
|
citrix -- xencenterweb |
Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php. NOTE: some of these details are obtained from third party information. | 2009-10-22 | 4.3 | CVE-2009-3757 XF VUPEN BID BUGTRAQ MILW0RM SECTRACK MISC |
|
citrix -- xencenterweb |
Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information. | 2009-10-22 | 6.0 | CVE-2009-3759 XF VUPEN BID BUGTRAQ MILW0RM SECTRACK MISC |
|
emc -- replistor |
rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote attackers to cause a denial of service via a crafted packet to TCP port 7144. | 2009-10-22 | 5.0 | CVE-2009-3744 BID BUGTRAQ MISC |
|
foolabs -- xpdf poppler -- poppler |
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. | 2009-10-21 | 4.3 | CVE-2009-3609 CONFIRM VUPEN BID CONFIRM |
|
ibm -- rational_requisitepro |
Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp. | 2009-10-20 | 4.3 | CVE-2009-3730 VUPEN AIXAPAR |
|
ibm -- rational_appscan |
Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string. | 2009-10-22 | 4.3 | CVE-2009-3745 CONFIRM |
|
innovationdp -- fdr |
Innovation Data Processing FDR allows remote attackers to cause a denial of service (service outage) via a sequence of TCP SYN packets to many ports, as demonstrated using nmap. NOTE: the vendor's testing reportedly found that no denial of service occurred. | 2009-10-19 | 5.0 | CVE-2006-6404 OSVDB MISC |
|
kreotek -- phpbms |
Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php and (2) modules\base\myaccount.php; and the PATH_INFO to (3) modules_view.php, (4) tabledefs_options.php, and (5) adminsettings.php in phpbms\modules\base\. | 2009-10-22 | 4.3 | CVE-2009-3755 XF MILW0RM |
|
kreotek -- phpbms |
phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) the show action in advancedsearch.php, and (4) choicelist.php, which reveals the installation path in an error message. | 2009-10-22 | 5.0 | CVE-2009-3756 XF MILW0RM |
|
linux -- kernel |
The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions. | 2009-10-19 | 4.9 | CVE-2005-4881 MLIST MLIST MLIST MLIST MLIST CONFIRM MLIST CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
|
linux -- kernel |
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. | 2009-10-19 | 4.9 | CVE-2009-3228 MLIST MLIST MLIST MLIST MLIST MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
|
linux -- kernel |
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. | 2009-10-19 | 4.9 | CVE-2009-3612 CONFIRM CONFIRM |
|
linux -- kernel |
Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a crafted optlen value in an SO_BINDTODEVICE operation. | 2009-10-20 | 4.9 | CVE-2009-2909 MLIST |
|
linux -- kernel |
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode. | 2009-10-20 | 4.9 | CVE-2009-2910 FEDORA CONFIRM CONFIRM |
|
linux -- kernel |
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. | 2009-10-22 | 4.9 | CVE-2009-3620 CONFIRM |
|
linux -- kernel linux -- kernel |
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. | 2009-10-22 | 4.9 | CVE-2009-3621 CONFIRM MLIST MLIST CONFIRM MLIST CONFIRM |
|
opial -- opial |
Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 allows remote attackers to inject arbitrary web script or HTML via the genres_parent parameter. | 2009-10-22 | 4.3 | CVE-2009-3751 XF BID MILW0RM SECUNIA |
|
oracle -- database_server |
Unspecified vulnerability in the Data Mining component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality, integrity, and availability, related to SYS.DMP_SYS. | 2009-10-22 | 6.5 | CVE-2009-1007 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LTRIC (WMSYS.LTRIC). | 2009-10-22 | 5.5 | CVE-2009-1018 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 2009-10-22 | 5.5 | CVE-2009-1964 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Net Foundation Layer component in Oracle Database 9.2.0.8 and 10.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2009-10-22 | 5.4 | CVE-2009-1965 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_IMMEDIATE. | 2009-10-22 | 5.5 | CVE-2009-1993 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to MDSYS.PRVT_CMT_CBK. | 2009-10-22 | 6.5 | CVE-2009-1994 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_AQ_INV. | 2009-10-22 | 4.9 | CVE-2009-1995 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Authentication component in Oracle Database 10.2.0.3 and 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors. | 2009-10-22 | 5.0 | CVE-2009-1997 CONFIRM |
|
oracle -- industry_applications |
Unspecified vulnerability in the Oracle Communications Order and Service Management component in Oracle Industry Applications 2.8.0, 6.2.0, 6.3.0, and 6.3.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 2009-10-22 | 4.9 | CVE-2009-1998 CONFIRM |
|
oracle -- application_server |
Unspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions allows remote attackers to affect integrity via unknown vectors. | 2009-10-22 | 4.3 | CVE-2009-1999 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors. | 2009-10-22 | 5.0 | CVE-2009-2000 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the PL/SQL component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 2009-10-22 | 6.5 | CVE-2009-2001 CONFIRM |
|
oracle -- bea_product_suite |
Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 8.1.6, 9.2.3, 10.0.1, 10.2.1, and 10.3.1.0.0 allows remote attackers to affect integrity via unknown vectors. | 2009-10-22 | 4.3 | CVE-2009-2002 CONFIRM |
|
oracle -- e-business_suite |
Unspecified vulnerability in the Agile Engineering Data Management (EDM) component in Oracle E-Business Suite 6.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2009-10-22 | 5.4 | CVE-2009-3392 CONFIRM |
|
oracle -- e-business_suite |
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors. | 2009-10-22 | 4.3 | CVE-2009-3393 CONFIRM |
|
oracle -- e-business_suite |
Unspecified vulnerability in the AutoVue component in Oracle E-Business Suite 19.3.2 allows remote attackers to affect availability via unknown vectors. | 2009-10-22 | 5.0 | CVE-2009-3395 CONFIRM |
|
oracle -- bea_product_suite |
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2.3, 10.0.1, and 10.3 allows remote attackers to affect integrity, related to WLS Console. | 2009-10-22 | 4.3 | CVE-2009-3396 CONFIRM |
|
oracle -- e-business_suite |
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors. | 2009-10-22 | 4.3 | CVE-2009-3397 CONFIRM |
|
oracle -- bea_product_suite |
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0.6 and 8.1.5 allows remote attackers to affect integrity, related to WLS Console. | 2009-10-22 | 4.3 | CVE-2009-3399 CONFIRM |
|
oracle -- e-business_suite |
Unspecified vulnerability in the Oracle Advanced Benefits component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 2009-10-22 | 5.5 | CVE-2009-3400 CONFIRM |
|
oracle -- jd_edwards_enterpriseone oracle -- peoplesoft_enterprise |
Unspecified vulnerability in the PeopleSoft PeopleTools & Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.23 allows remote authenticated users to affect integrity via unknown vectors. | 2009-10-22 | 4.0 | CVE-2009-3404 CONFIRM |
|
oracle -- jd_edwards_enterpriseone oracle -- peoplesoft_enterprise |
Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.1.4 allows remote authenticated users to affect integrity and availability via unknown vectors. | 2009-10-22 | 4.1 | CVE-2009-3405 CONFIRM |
|
oracle -- application_server |
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors. | 2009-10-22 | 4.3 | CVE-2009-3407 CONFIRM |
|
oracle -- e-business_suite |
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2009-10-22 | 5.1 | CVE-2009-3408 CONFIRM |
|
tbmnet -- tbmnetcms |
Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter. NOTE: this was originally reported for tbmnet.php, but that program does not exist in the TBmnetCMS 1.0 distribution. | 2009-10-22 | 4.3 | CVE-2009-3747 XF BID SECUNIA MISC |
|
websense -- personal_email_manager websense -- websense_email_security |
Multiple cross-site scripting (XSS) vulnerabilities in the Web Administrator in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allow remote attackers to inject arbitrary web script or HTML via the (1) FileName, (2) IsolatedMessageID, (3) ServerName, (4) Dictionary, (5) Scoring, and (6) MessagePart parameters to web/msgList/viewmsg/actions/msgAnalyse.asp; the (7) Queue, (8) FileName, (9) IsolatedMessageID, and (10) ServerName parameters to actions/msgForwardToRiskFilter.asp and viewHeaders.asp in web/msgList/viewmsg/; and (11) the subject in an e-mail message that is held in a Queue. | 2009-10-22 | 4.3 | CVE-2009-3748 VUPEN BID BUGTRAQ MISC SECUNIA CONFIRM |
|
websense -- email_security websense -- personal_email_manager |
The Web Administrator service (STEMWADM.EXE) in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allows remote attackers to cause a denial of service (crash) by sending a HTTP GET request to TCP port 8181 and closing the socket before the service can send a response. | 2009-10-22 | 5.0 | CVE-2009-3749 CONFIRM CONFIRM |
| Back to top | ||||
| Low Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
oracle -- database_server |
Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.7 allows remote authenticated users to affect integrity via unknown vectors. | 2009-10-22 | 3.5 | CVE-2009-1971 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL and DBMS_SQL. | 2009-10-22 | 2.1 | CVE-2009-1972 CONFIRM |
|
oracle -- application_server |
Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors. | 2009-10-22 | 1.7 | CVE-2009-1990 CONFIRM |
|
oracle -- database_server |
Unspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to CTXSYS.DRVXTABC. | 2009-10-22 | 3.6 | CVE-2009-1991 CONFIRM |
|
oracle -- e-business_suite |
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows local users to affect confidentiality via unknown vectors. | 2009-10-22 | 1.7 | CVE-2009-3401 CONFIRM |
|
oracle -- e-business_suite |
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality via unknown vectors. | 2009-10-22 | 2.1 | CVE-2009-3402 CONFIRM |
|
oracle -- jd_edwards_enterpriseone oracle -- peoplesoft_enterprise |
Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.2.1 allows remote authenticated users to affect confidentiality via unknown vectors. | 2009-10-22 | 2.7 | CVE-2009-3406 CONFIRM |
|
oracle -- jd_edwards_enterpriseone oracle -- peoplesoft_enterprise |
Unspecified vulnerability in the PeopleSoft Enterprise HCM (TAM) component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 9.0 Bundle 10 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 2009-10-22 | 3.6 | CVE-2009-3409 CONFIRM |
|
sun -- solaris |
XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711. | 2009-10-22 | 1.9 | CVE-2009-3746 SUNALERT CONFIRM |
|
systemtap -- systemtap |
SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records. | 2009-10-22 | 1.9 | CVE-2009-2911 MLIST |
| Back to top | ||||
PDF Version