mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-20 04:02:27 +00:00
Code Issues Releases Activity
6d244f048c
freebsd-ports/security/vuxml/vuln-2009.xml
Baptiste Daroussin e14ed8232d Rework vuxml a bit to make them validable again 
modify tidy.xsl to make it generates manually the xml declaration
xsl is not able to generate a list of entity otherwise.

Remove copyright form included files, they are redudundant anyway and
in the end only the vuln.xml file is distribued with entities expanded

Rework a bit the entity declaration in order for the document to look
great after expansion (as it did before we introduced the expansion
mechanism)

All validation are now processed direcly on the flattened file.

This is based on a patch from mfechner here

Submitted by:		mfechner
Differential Revision:	https://reviews.freebsd.org/D28299
2021-01-25 17:16:21 +00:00

6913 lines
243 KiB
XML
Raw Blame History

<vuln vid="751823d4-f189-11de-9344-00248c9b4be7">
<topic>drupal -- multiple cross-site scripting</topic>
<affects>
<package>
<name>drupal5</name>
<range><lt>5.21</lt></range>
</package>
<package>
<name>drupal6</name>
<range><lt>6.15</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Drupal Team reports:</p>
<blockquote cite="http://drupal.org/node/661586">
<p>The Contact module does not correctly handle certain user input
when displaying category information. Users privileged to create
contact categories can insert arbitrary HTML and script code into the
contact module administration page. Such a cross-site scripting attack
may lead to the malicious user gaining administrative access.</p>
<p>The Menu module does not correctly handle certain user input when
displaying the menu administration overview. Users privileged to
create new menus can insert arbitrary HTML and script code into the
menu module administration page. Such a cross-site scripting attack
may lead to the malicious user gaining administrative access.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-4370</cvename>
<url>http://drupal.org/node/661586</url>
</references>
<dates>
<discovery>2009-12-16</discovery>
<entry>2009-12-25</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="4d6076fe-ee7a-11de-9cd0-001a926c7637">
<topic>fuser -- missing user's privileges check</topic>
<affects>
<package>
<name>fuser</name>
<range><lt>1142334561_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Denis Barov reports:</p>
<blockquote>
<p>sysutils/fuser allows user to send any signal to any process when
installed with suid bit.</p>
</blockquote>
</body>
</description>
<references>
<freebsdpr>ports/141852</freebsdpr>
</references>
<dates>
<discovery>2009-09-15</discovery>
<entry>2009-12-21</entry>
</dates>
</vuln>
<vuln vid="4465c897-ee5c-11de-b6ef-00215c6a37bb">
<topic>monkey -- improper input validation vulnerability</topic>
<affects>
<package>
<name>monkey</name>
<range><lt>0.9.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Census Labs reports:</p>
<blockquote cite="http://census-labs.com/news/2009/12/14/monkey-httpd/">
<p>We have discovered a remotely exploitable
"improper input validation" vulnerability in the Monkey
web server that allows an attacker to perform denial of
service attacks by repeatedly crashing worker threads
that process HTTP requests.</p>
</blockquote>
</body>
</description>
<references>
<url>http://census-labs.com/news/2009/12/14/monkey-httpd/</url>
<url>http://groups.google.com/group/monkeyd/browse_thread/thread/055b4e9b83973861/</url>
</references>
<dates>
<discovery>2009-12-14</discovery>
<entry>2009-12-21</entry>
</dates>
</vuln>
<vuln vid="39a25a63-eb5c-11de-b650-00215c6a37bb">
<topic>php -- multiple vulnerabilities</topic>
<affects>
<package>
<name>php5</name>
<range><lt>5.2.12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PHP developers reports:</p>
<blockquote cite="http://www.php.net/releases/5_2_12.php">
<p>This release focuses on improving the stability of the
PHP 5.2.x branch with over 60 bug fixes, some of which
are security related. All users of PHP 5.2 are encouraged
to upgrade to this release.</p>
<p>Security Enhancements and Fixes in PHP 5.2.12:</p>
<ul>
<li>Fixed a safe_mode bypass in tempnam() identified by
Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)</li>
<li>Fixed a open_basedir bypass in posix_mkfifo()
identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)</li>
<li>Added "max_file_uploads" INI directive, which can
be set to limit the number of file uploads per-request
to 20 by default, to prevent possible DOS via temporary
file exhaustion, identified by Bogdan Calin.
(CVE-2009-4017, Ilia)</li>
<li>Added protection for $_SESSION from interrupt
corruption and improved "session.save_path" check,
identified by Stefan Esser. (CVE-2009-4143, Stas)</li>
<li>Fixed bug #49785 (insufficient input string
validation of htmlspecialchars()). (CVE-2009-4142,
Moriyoshi, hello at iwamot dot com)</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3557</cvename>
<cvename>CVE-2009-3558</cvename>
<cvename>CVE-2009-4017</cvename>
<cvename>CVE-2009-4142</cvename>
<cvename>CVE-2009-4143</cvename>
<url>http://www.php.net/releases/5_2_12.php</url>
</references>
<dates>
<discovery>2009-12-17</discovery>
<entry>2009-12-17</entry>
</dates>
</vuln>
<vuln vid="e7bc5600-eaa0-11de-bd9c-00215c6a37bb">
<topic>postgresql -- multiple vulnerabilities</topic>
<affects>
<package>
<name>postgresql-client</name>
<name>postgresql-server</name>
<range><ge>7.4</ge><lt>7.4.27</lt></range>
<range><ge>8.0</ge><lt>8.0.23</lt></range>
<range><ge>8.1</ge><lt>8.1.19</lt></range>
<range><ge>8.2</ge><lt>8.2.15</lt></range>
<range><ge>8.3</ge><lt>8.3.9</lt></range>
<range><ge>8.4</ge><lt>8.4.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PostgreSQL project reports:</p>
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4034">
<p>PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,
8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,
and 8.4.x before 8.4.2 does not properly handle a '\0' character
in a domain name in the subject's Common Name (CN) field of an
X.509 certificate, which (1) allows man-in-the-middle attackers
to spoof arbitrary SSL-based PostgreSQL servers via a crafted
server certificate issued by a legitimate Certification Authority,
and (2) allows remote attackers to bypass intended client-hostname
restrictions via a crafted client certificate issued by a legitimate
Certification Authority, a related issue to CVE-2009-2408.</p>
</blockquote>
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4136">
<p>PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,
8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,
and 8.4.x before 8.4.2 does not properly manage session-local
state during execution of an index function by a database
superuser, which allows remote authenticated users to gain
privileges via a table with crafted index functions, as
demonstrated by functions that modify (1) search_path or
(2) a prepared statement, a related issue to CVE-2007-6600
and CVE-2009-3230.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-4034</cvename>
<cvename>CVE-2009-4136</cvename>
</references>
<dates>
<discovery>2009-11-20</discovery>
<entry>2009-12-17</entry>
</dates>
</vuln>
<vuln vid="5486669e-ea9f-11de-bd9c-00215c6a37bb">
<topic>tptest -- pwd Remote Stack Buffer Overflow</topic>
<affects>
<package>
<name>tptest</name>
<range><gt>0</gt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/33785">
<p>TPTEST is prone to a remote stack-based buffer-overflow
vulnerability. An attacker can exploit this issue to
execute arbitrary code within the context of the affected
application. Failed exploit attempts will result in a
denial-of-service condition.</p>
</blockquote>
</body>
</description>
<references>
<bid>33785</bid>
</references>
<dates>
<discovery>2009-02-16</discovery>
<entry>2009-12-17</entry>
</dates>
</vuln>
<vuln vid="01c57d20-ea26-11de-bd39-00248c9b4be7">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><gt>3.5.*,1</gt><lt>3.5.6,1</lt></range>
<range><gt>3.*,1</gt><lt>3.0.16,1</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>3.0.16,1</lt></range>
</package>
<package>
<name>seamonkey</name>
<name>linux-seamonkey</name>
<range><lt>2.0.1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><ge>3.0</ge><lt>3.0.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2009-71 GeckoActiveXObject exception messages can be used to
enumerate installed COM objects</p>
<p>MFSA 2009-70 Privilege escalation via chrome window.opener</p>
<p>MFSA 2009-69 Location bar spoofing vulnerabilities</p>
<p>MFSA 2009-68 NTLM reflection vulnerability</p>
<p>MFSA 2009-67 Integer overflow, crash in libtheora video
library</p>
<p>MFSA 2009-66 Memory safety fixes in liboggplay media library</p>
<p>MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/
1.9.0.16)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3388</cvename>
<cvename>CVE-2009-3389</cvename>
<cvename>CVE-2009-3979</cvename>
<cvename>CVE-2009-3980</cvename>
<cvename>CVE-2009-3981</cvename>
<cvename>CVE-2009-3982</cvename>
<cvename>CVE-2009-3983</cvename>
<cvename>CVE-2009-3984</cvename>
<cvename>CVE-2009-3985</cvename>
<cvename>CVE-2009-3986</cvename>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-71.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-70.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-69.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-68.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-67.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-66.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-65.html</url>
</references>
<dates>
<discovery>2009-12-16</discovery>
<entry>2009-12-16</entry>
<modified>2010-01-21</modified>
</dates>
</vuln>
<vuln vid="1b3f854b-e4bd-11de-b276-000d8787e1be">
<topic>freeradius -- remote packet of death vulnerability</topic>
<affects>
<package>
<name>freeradius</name>
<range><lt>1.1.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>freeRADIUS Vulnerability Notifications reports:</p>
<blockquote cite="http://freeradius.org/security.html">
<p>2009.09.09 v1.1.7 - Anyone who can send packets to
the server can crash it by sending a Tunnel-Password
attribute in an Access-Request packet. This
vulnerability is not otherwise exploitable. We have
released 1.1.8 to correct this vulnerability.</p>
<p>This issue is similar to the previous Tunnel-Password
issue noted below. The vulnerable versions are 1.1.3
through 1.1.7. Version 2.x is not affected.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3111</cvename>
<url>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3111</url>
<url>http://freeradius.org/security.html</url>
<url>http://www.milw0rm.com/exploits/9642</url>
</references>
<dates>
<discovery>2009-09-09</discovery>
<entry>2009-12-14</entry>
<modified>2009-12-14</modified>
</dates>
</vuln>
<vuln vid="bec38383-e6cb-11de-bdd4-000c2930e89b">
<topic>pligg -- Cross-Site Scripting and Cross-Site Request Forgery</topic>
<affects>
<package>
<name>pligg</name>
<range><lt>1.0.3b</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/37349">
<p>Russ McRee has discovered some vulnerabilities in Pligg, which can
be exploited by malicious people to conduct cross-site scripting and
request forgery attacks.</p>
<p>Input passed via the "Referer" HTTP header to various scripts (e.g.
admin/admin_config.php, admin/admin_modules.php, delete.php, editlink.php,
submit.php, submit_groups.php, user_add_remove_links.php, and
user_settings.php) is not properly sanitised before being returned to
the user. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of an affected site.</p>
<p>The application allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the requests.
This can be exploited to e.g. create an arbitrary user with administrative
privileges if a logged-in administrative user visits a malicious web
site.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-4786</cvename>
<cvename>CVE-2009-4787</cvename>
<cvename>CVE-2009-4788</cvename>
<url>http://secunia.com/advisories/37349/</url>
<url>http://www.pligg.com/blog/775/pligg-cms-1-0-3-release/</url>
</references>
<dates>
<discovery>2009-12-02</discovery>
<entry>2009-12-12</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="fcbf56dd-e667-11de-920a-00248c9b4be7">
<topic>piwik -- php code execution</topic>
<affects>
<package>
<name>piwik</name>
<range><lt>0.5.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/37649">
<p>Stefan Esser has reported a vulnerability in Piwik, which can be
exploited by malicious people to compromise a vulnerable system.</p>
<p>The vulnerability is caused due to the core/Cookie.php script using
"unserialize()" with user controlled input. This can be exploited to
e.g. execute arbitrary PHP code via the "__wakeup()" or "__destruct()"
methods of a serialized object passed via an HTTP cookie.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-4137</cvename>
<url>http://secunia.com/advisories/37649/</url>
<url>http://www.sektioneins.de/de/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/index.html</url>
<url>http://piwik.org/blog/2009/12/piwik-response-to-shocking-news-in-php-exploitation/</url>
</references>
<dates>
<discovery>2009-12-10</discovery>
<entry>2009-12-11</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="30211c45-e52a-11de-b5cd-00e0815b8da8">
<topic>dovecot -- Insecure directory permissions</topic>
<affects>
<package>
<name>dovecot</name>
<range><ge>1.2.*</ge><lt>1.2.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Dovecot author reports:</p>
<blockquote cite="http://www.dovecot.org/list/dovecot-news/2009-November/000143.html">
<p>Dovecot v1.2.x had been creating base_dir (and its parents if
necessary) with 0777 permissions. The base_dir's permissions get
changed to 0755 automatically at startup, but you may need to
chmod the parent directories manually.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3897</cvename>
<bid>37084</bid>
<url>http://secunia.com/advisories/37443</url>
</references>
<dates>
<discovery>2009-11-20</discovery>
<entry>2009-12-10</entry>
</dates>
</vuln>
<vuln vid="3c1a672e-e508-11de-9f4a-001b2134ef46">
<topic>linux-flashplugin -- multiple vulnerabilities</topic>
<affects>
<package>
<name>linux-flashplugin</name>
<range><lt>9.0r260</lt></range>
</package>
<package>
<name>linux-f8-flashplugin</name>
<name>linux-f10-flashplugin</name>
<range><lt>10.0r42</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Adobe Product Security Incident Response Team reports:</p>
<blockquote cite="http://www.adobe.com/support/security/bulletins/apsb09-19.html">
<p>Critical vulnerabilities have been identified in Adobe
Flash Player version 10.0.32.18 and earlier. These
vulnerabilities could cause the application to crash and
could potentially allow an attacker to take control of the
affected system.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3794</cvename>
<cvename>CVE-2009-3796</cvename>
<cvename>CVE-2009-3797</cvename>
<cvename>CVE-2009-3798</cvename>
<cvename>CVE-2009-3799</cvename>
<cvename>CVE-2009-3800</cvename>
<cvename>CVE-2009-3951</cvename>
<url>http://www.zerodayinitiative.com/advisories/ZDI-09-092/</url>
<url>http://www.zerodayinitiative.com/advisories/ZDI-09-093/</url>
<url>http://www.adobe.com/support/security/bulletins/apsb09-19.html</url>
</references>
<dates>
<discovery>2009-07-14</discovery>
<entry>2009-12-09</entry>
</dates>
</vuln>
<vuln vid="eab8c3bd-e50c-11de-9cd0-001a926c7637">
<topic>ruby -- heap overflow vulnerability</topic>
<affects>
<package>
<name>ruby</name>
<range><ge>1.9.1,1</ge><lt>1.9.1.376,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The official ruby site reports:</p>
<blockquote cite="http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/">
<p>There is a heap overflow vulnerability in String#ljust,
String#center and String#rjust. This has allowed an attacker to run
arbitrary code in some rare cases.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-4124</cvename>
<url>http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/</url>
</references>
<dates>
<discovery>2009-11-30</discovery>
<entry>2009-12-09</entry>
</dates>
</vuln>
<vuln vid="714c1406-e4cf-11de-883a-003048590f9e">
<topic>rt -- Session fixation vulnerability</topic>
<affects>
<package>
<name>rt</name>
<range><lt>3.8.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/37546">
<p>A vulnerability has been reported in RT, which can be exploited by
malicious people to conduct session fixation attacks.
The vulnerability is caused due to an error in the handling of
sessions and can be exploited to hijack another user's session by
tricking the user into logging in after following a specially crafted
link.</p>
</blockquote>
</body>
</description>
<references>
<bid>37162</bid>
<cvename>CVE-2009-3585</cvename>
</references>
<dates>
<discovery>2009-12-01</discovery>
<entry>2009-12-09</entry>
</dates>
</vuln>
<vuln vid="5f030587-e39a-11de-881e-001aa0166822">
<topic>expat2 -- Parser crash with specially formatted UTF-8 sequences</topic>
<affects>
<package>
<name>expat2</name>
<name>linux-f10-expat</name>
<range><lt>2.0.1_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>CVE reports:</p>
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">
<p>The updatePosition function in lib/xmltok_impl.c in
libexpat in Expat 2.0.1, as used in Python, PyXML,
w3c-libwww, and other software, allows context-dependent
attackers to cause a denial of service (application crash)
via an XML document with crafted UTF-8 sequences that
trigger a buffer over-read.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3720</cvename>
</references>
<dates>
<discovery>2009-01-17</discovery>
<entry>2009-12-08</entry>
</dates>
</vuln>
<vuln vid="e9fca207-e399-11de-881e-001aa0166822">
<topic>expat2 -- buffer over-read and crash</topic>
<affects>
<package>
<name>expat2</name>
<range><lt>2.0.1_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>CVE reports:</p>
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">
<p>The big2_toUtf8 function in lib/xmltok.c in libexpat in
Expat 2.0.1, as used in the XML-Twig module for Perl, allows
context-dependent attackers to cause a denial of service
(application crash) via an XML document with malformed UTF-8
sequences that trigger a buffer over-read, related to the
doProlog function in lib/xmlparse.c.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3560</cvename>
</references>
<dates>
<discovery>2009-10-05</discovery>
<entry>2009-12-08</entry>
</dates>
</vuln>
<vuln vid="6431c4db-deb4-11de-9078-0030843d3802">
<topic>opera -- multiple vulnerabilities</topic>
<affects>
<package>
<name>opera</name>
<range><lt>10.10.20091120</lt></range>
</package>
<package>
<name>linux-opera</name>
<range><lt>10.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Opera Team reports:</p>
<blockquote cite="http://www.opera.com/docs/changelogs/unix/1010/">
<ul>
<li>Fixed a heap buffer overflow in string to number conversion</li>
<li>Fixed an issue where error messages could leak onto unrelated
sites</li>
<li>Fixed a moderately severe issue, as reported by Chris Evans of
the Google Security Team; details will be disclosed at a later
date.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0689</cvename>
<cvename>CVE-2009-4071</cvename>
<url>http://www.opera.com/support/kb/view/941/</url>
<url>http://www.opera.com/support/kb/view/942/</url>
</references>
<dates>
<discovery>2009-11-23</discovery>
<entry>2009-12-01</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="77c14729-dc5e-11de-92ae-02e0184b8d35">
<topic>libtool -- Library Search Path Privilege Escalation Issue</topic>
<affects>
<package>
<name>libtool</name>
<range><lt>2.2.6b</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia.com</p>
<blockquote cite="http://secunia.com/advisories/37414/">
<p>Do not attempt to load an unqualified module.la file from the
current directory (by default) since doing so is insecure and is
not compliant with the documentation.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3736</cvename>
<url>http://secunia.com/advisories/37414/</url>
<url>http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html</url>
</references>
<dates>
<discovery>2009-11-25</discovery>
<entry>2009-11-28</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="94edff42-d93d-11de-a434-0211d880e350">
<topic>libvorbis -- multiple vulnerabilities</topic>
<affects>
<package>
<name>libvorbis</name>
<range><lt>1.2.3_1,3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Ubuntu security team reports:</p>
<blockquote cite="http://www.ubuntu.com/usn/usn-861-1">
<p>It was discovered that libvorbis did not correctly
handle certain malformed vorbis files. If a user were
tricked into opening a specially crafted vorbis file
with an application that uses libvorbis, an attacker
could cause a denial of service or possibly execute
arbitrary code with the user's privileges.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-1420</cvename>
<cvename>CVE-2009-3379</cvename>
</references>
<dates>
<discovery>2009-11-24</discovery>
<entry>2009-11-24</entry>
</dates>
</vuln>
<vuln vid="92ca92c1-d859-11de-89f9-001517351c22">
<topic>bugzilla -- information leak</topic>
<affects>
<package>
<name>bugzilla</name>
<range><gt>3.3.1</gt><lt>3.4.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Bugzilla Security Advisory reports:</p>
<blockquote cite="http://www.bugzilla.org/security/3.4.3/">
<p>When a bug is in a group, none of its information
(other than its status and resolution) should be visible
to users outside that group. It was discovered that
as of 3.3.2, Bugzilla was showing the alias of the bug
(a very short string used as a shortcut for looking up
the bug) to users outside of the group, if the protected
bug ended up in the "Depends On" or "Blocks" list of any
other bug.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3386</cvename>
<url>http://www.bugzilla.org/security/3.4.3/</url>
</references>
<dates>
<discovery>2009-11-18</discovery>
<entry>2009-11-23</entry>
</dates>
</vuln>
<vuln vid="04104985-d846-11de-84e4-00215af774f0">
<topic>cacti -- cross-site scripting issues</topic>
<affects>
<package>
<name>cacti</name>
<range><lt>0.8.7e4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The cacti development team reports:</p>
<blockquote cite="http://docs.cacti.net/#cross-site_scripting_fixes">
<p>The Cross-Site Scripting patch has been posted.</p>
<p>This patch addresses cross-site scripting issues reported
by Moritz Naumann.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-4032</cvename>
<url>http://docs.cacti.net/#cross-site_scripting_fixes</url>
</references>
<dates>
<discovery>2009-11-21</discovery>
<entry>2009-11-23</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="0640198a-d117-11de-b667-0030843d3802">
<topic>wordpress -- multiple vulnerabilities</topic>
<affects>
<package>
<name>wordpress</name>
<range><lt>2.8.6,1</lt></range>
</package>
<package>
<name>de-wordpress</name>
<range><lt>2.8.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/37332/">
<p>The security issue is caused due to the wp_check_filetype()
function in /wp-includes/functions.php improperly validating uploaded
files. This can be exploited to execute arbitrary PHP code by
uploading a malicious PHP script with multiple extensions.</p>
<p>Successful exploitation of this vulnerability requires that Apache
is not configured to handle the mime-type for media files with an e.g.
"gif", "jpg", "png", "tif", "wmv" extension.</p>
<p>Input passed via certain parameters to press-this.php is not
properly sanitised before being displayed to the user. This can be
exploited to insert arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when the malicious data is being viewed.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3890</cvename>
<cvename>CVE-2009-3891</cvename>
<url>http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/</url>
<url>http://secunia.com/advisories/37332/</url>
</references>
<dates>
<discovery>2009-11-12</discovery>
<entry>2009-11-14</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="68bda678-caab-11de-a97e-be89dfd1042e">
<topic>p5-HTML-Parser -- denial of service</topic>
<affects>
<package>
<name>p5-HTML-Parser</name>
<range><lt>3.63</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>CVE reports:</p>
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3627">
<p>The decode_entities function in util.c in HTML-Parser before
3.63 allows context-dependent attackers to cause a denial of service
(infinite loop) via an incomplete SGML numeric character reference,
which triggers generation of an invalid UTF-8 character.</p>
</blockquote>
</body>
</description>
<references>
<bid>36807</bid>
<cvename>CVE-2009-3627</cvename>
<url>http://secunia.com/advisories/37155</url>
</references>
<dates>
<discovery>2009-10-23</discovery>
<entry>2009-11-06</entry>
</dates>
</vuln>
<vuln vid="4e8344a3-ca52-11de-8ee8-00215c6a37bb">
<topic>gd -- '_gdGetColors' remote buffer overflow vulnerability</topic>
<affects>
<package>
<name>gd</name>
<range><lt>2.0.35_2,1</lt></range>
</package>
<package>
<name>php5-gd</name>
<range><lt>5.2.11_2</lt></range>
</package>
<package>
<name>php4-gd</name>
<range><lt>4.4.9_4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>CVE reports:</p>
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546">
<p>The _gdGetColors function in gd_gd.c in PHP 5.2.11 and
5.3.0, and the GD Graphics Library 2.x, does not properly
verify a certain colorsTotal structure member, which might
allow remote attackers to conduct buffer overflow or buffer
over-read attacks via a crafted GD file, a different
vulnerability than CVE-2009-3293.</p>
</blockquote>
</body>
</description>
<references>
<bid>36712</bid>
<cvename>CVE-2009-3546</cvename>
<url>http://secunia.com/advisories/37069</url>
<url>http://secunia.com/advisories/37080</url>
</references>
<dates>
<discovery>2009-10-15</discovery>
<entry>2009-11-05</entry>
<modified>2010-06-17</modified>
</dates>
</vuln>
<vuln vid="6693bad2-ca50-11de-8ee8-00215c6a37bb">
<topic>typo3 -- multiple vulnerabilities in TYPO3 Core</topic>
<affects>
<package>
<name>typo3</name>
<range><lt>4.2.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>TYPO3 develop team reports:</p>
<blockquote cite="http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/">
<p>Affected versions: TYPO3 versions 4.0.13 and below, 4.1.12
and below, 4.2.9 and below, 4.3.0beta1 and below.</p>
<p>SQL injection, Cross-site scripting (XSS), Information
disclosure, Frame hijacking, Remote shell command execution
and Insecure Install Tool authentication/session handling.</p>
</blockquote>
</body>
</description>
<references>
<bid>36801</bid>
<cvename>CVE-2009-3628</cvename>
<cvename>CVE-2009-3629</cvename>
<cvename>CVE-2009-3630</cvename>
<cvename>CVE-2009-3631</cvename>
<cvename>CVE-2009-3632</cvename>
<cvename>CVE-2009-3633</cvename>
<cvename>CVE-2009-3634</cvename>
<cvename>CVE-2009-3635</cvename>
<cvename>CVE-2009-3636</cvename>
<url>http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/</url>
<url>http://secunia.com/advisories/37122/</url>
</references>
<dates>
<discovery>2009-10-22</discovery>
<entry>2009-11-05</entry>
</dates>
</vuln>
<vuln vid="3149ab1c-c8b9-11de-b87b-0011098ad87f">
<topic>vlc -- stack overflow in MPA, AVI and ASF demuxer</topic>
<affects>
<package>
<name>vlc</name>
<range><ge>0.5.0</ge><lt>1.0.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>VideoLAN reports:</p>
<blockquote cite="http://www.videolan.org/security/sa0901.html">
<p>When parsing a MP4, ASF or AVI file with an overly deep box
structure, a stack overflow might occur. It would overwrite the
return address and thus redirect the execution flow.</p>
<p>If successful, a malicious third party could trigger execution
of arbitrary code within the context of the VLC media player.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.videolan.org/security/sa0901.html</url>
</references>
<dates>
<discovery>2009-09-14</discovery>
<entry>2009-11-03</entry>
</dates>
</vuln>
<vuln vid="6f358f5a-c7ea-11de-a9f3-0030843d3802">
<topic>KDE -- multiple vulnerabilities</topic>
<affects>
<package>
<name>kdebase-runtime</name>
<range><ge>4.0.*</ge><lt>4.3.1_2</lt></range>
</package>
<package>
<name>kdelibs</name>
<range><ge>4.0.*</ge><lt>4.3.1_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>oCERT reports:</p>
<blockquote cite="http://www.ocert.org/advisories/ocert-2009-015.html">
<p>Ark input sanitization errors: The KDE archiving tool, Ark,
performs insufficient validation which leads to specially crafted
archive files, using unknown MIME types, to be rendered using a KHTML
instance, this can trigger uncontrolled XMLHTTPRequests to remote
sites.</p>
<p>IO Slaves input sanitization errors: KDE protocol handlers perform
insufficient input validation, an attacker can craft malicious URI
that would trigger JavaScript execution. Additionally the 'help://'
protocol handler suffer from directory traversal. It should be noted
that the scope of this issue is limited as the malicious URIs cannot
be embedded in Internet hosted content.</p>
<p>KMail input sanitization errors: The KDE mail client, KMail, performs
insufficient validation which leads to specially crafted email
attachments, using unknown MIME types, to be rendered using a KHTML
instance, this can trigger uncontrolled XMLHTTPRequests to remote
sites.</p>
<p>The exploitation of these vulnerabilities is unlikely according to
Portcullis and KDE but the execution of active content is nonetheless
unexpected and might pose a threat.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.ocert.org/advisories/ocert-2009-015.html</url>
</references>
<dates>
<discovery>2009-10-30</discovery>
<entry>2009-11-02</entry>
</dates>
</vuln>
<vuln vid="2fda6bd2-c53c-11de-b157-001999392805">
<topic>opera -- multiple vulnerabilities</topic>
<affects>
<package>
<name>opera</name>
<range><lt>10.01.20091019</lt></range>
</package>
<package>
<name>linux-opera</name>
<range><lt>10.01</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Opera Team Reports:</p>
<blockquote cite="http://www.opera.com/docs/changelogs/unix/1001/">
<ul>
<li>Fixed an issue where certain domain names could allow execution
of arbitrary code, as reported by Chris Weber of Casaba Security</li>
<li>Fixed an issue where scripts can run on the feed subscription
page, as reported by Inferno</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3831</cvename>
<url>http://www.opera.com/support/kb/view/938/</url>
<url>http://www.opera.com/support/kb/view/939/</url>
</references>
<dates>
<discovery>2009-10-28</discovery>
<entry>2009-10-31</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="83d7d149-b965-11de-a515-0022156e8794">
<topic>Enhanced cTorrent -- stack-based overflow</topic>
<affects>
<package>
<name>ctorrent</name>
<range><lt>3.3.2_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Securityfocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/34584">
<p>cTorrent and dTorrent are prone to a remote buffer-overflow
vulnerability because the software fails to properly
bounds-check user-supplied input before copying it to an
insufficiently sized memory buffer.</p>
<p>Successful exploits allow remote attackers to execute
arbitrary machine code in the context of a vulnerable
application. Failed exploit attempts will likely result in
denial-of-service conditions.</p>
</blockquote>
</body>
</description>
<references>
<bid>34584</bid>
<cvename>CVE-2009-1759</cvename>
<url>http://sourceforge.net/tracker/?func=detail&amp;aid=2782875&amp;group_id=202532&amp;atid=981959</url>
</references>
<dates>
<discovery>2009-10-15</discovery>
<entry>2009-10-28</entry>
</dates>
</vuln>
<vuln vid="c87aa2d2-c3c4-11de-ab08-000f20797ede">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><gt>3.5.*,1</gt><lt>3.5.4,1</lt></range>
<range><gt>3.*,1</gt><lt>3.0.15,1</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>3.0.15</lt></range>
</package>
<package>
<name>seamonkey</name>
<name>linux-seamonkey</name>
<range><lt>2.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mozilla Foundation reports:</p>
<blockquote cite="http://www.mozilla.org/security/announce/">
<p>MFSA 2009-64 Crashes with evidence of memory
corruption (rv:1.9.1.4/ 1.9.0.15)</p>
<p>MFSA 2009-63 Upgrade media libraries to fix memory
safety bugs</p>
<p>MFSA 2009-62 Download filename spoofing with RTL
override</p>
<p>MFSA 2009-61 Cross-origin data theft through
document.getSelection()</p>
<p>MFSA 2009-59 Heap buffer overflow in string to
number conversion</p>
<p>MFSA 2009-57 Chrome privilege escalation in
XPCVariant::VariantDataToJS()</p>
<p>MFSA 2009-56 Heap buffer overflow in GIF color map
parser</p>
<p>MFSA 2009-55 Crash in proxy auto-configuration
regexp parsing</p>
<p>MFSA 2009-54 Crash with recursive web-worker calls</p>
<p>MFSA 2009-53 Local downloaded file tampering</p>
<p>MFSA 2009-52 Form history vulnerable to stealing</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3380</cvename>
<cvename>CVE-2009-3381</cvename>
<cvename>CVE-2009-3382</cvename>
<cvename>CVE-2009-3383</cvename>
<cvename>CVE-2009-3379</cvename>
<cvename>CVE-2009-3378</cvename>
<cvename>CVE-2009-3377</cvename>
<cvename>CVE-2009-3376</cvename>
<cvename>CVE-2009-3375</cvename>
<cvename>CVE-2009-1563</cvename>
<cvename>CVE-2009-3374</cvename>
<cvename>CVE-2009-3373</cvename>
<cvename>CVE-2009-3372</cvename>
<cvename>CVE-2009-3371</cvename>
<cvename>CVE-2009-3274</cvename>
<cvename>CVE-2009-3370</cvename>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-64.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-63.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-62.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-61.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-59.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-57.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-56.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-55.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-54.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-53.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-52.html</url>
</references>
<dates>
<discovery>2009-10-27</discovery>
<entry>2009-10-28</entry>
<modified>2009-12-14</modified>
</dates>
</vuln>
<vuln vid="2544f543-c178-11de-b175-001cc0377035">
<topic>elinks -- buffer overflow vulnerability</topic>
<affects>
<package>
<name>elinks</name>
<range><lt>0.11.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/36574/discuss">
<p>ELinks is prone to an off-by-one buffer-overflow vulnerability
because the application fails to accurately reference the last
element of a buffer.</p>
<p>Attackers may leverage this issue to execute arbitrary code in
the context of the application. Failed attacks will cause
denial-of-service conditions.</p>
</blockquote>
</body>
</description>
<references>
<bid>36574</bid>
<cvename>CVE-2008-7224</cvename>
<mlist msgid="20080204235429.GA28006@diku.dk">http://linuxfromscratch.org/pipermail/elinks-users/2008-February/001604.html</mlist>
<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380347</url>
</references>
<dates>
<discovery>2006-07-29</discovery>
<entry>2009-10-25</entry>
</dates>
</vuln>
<vuln vid="692ab645-bf5d-11de-849b-00151797c2d4">
<topic>squidGuard -- multiple vulnerabilities</topic>
<affects>
<package>
<name>squidGuard</name>
<range><lt>1.4_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SquidGuard website reports:</p>
<blockquote cite="http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091015">
<p>Patch 20091015 fixes one buffer overflow problem
in sgLog.c when overlong URLs are requested.
SquidGuard will then go into emergency mode were
no blocking occurs. This is not required in this
situation.</p>
</blockquote>
<blockquote cite="http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019">
<p>Patch 20091019 fixes two bypass problems with URLs
which length is close to the limit defined by MAX_BUF
(default: 4096) in squidGuard and MAX_URL (default:
4096 in squid 2.x and 8192 in squid 3.x) in squid.
For this kind of URLs the proxy request exceeds MAX_BUF
causing squidGuard to complain about not being able to
parse the squid request. Increasing the buffer limit
to be higher than the one defined in MAX_URL solves the
issue.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3700</cvename>
<cvename>CVE-2009-3826</cvename>
<url>http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091015</url>
<url>http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019</url>
</references>
<dates>
<discovery>2009-10-15</discovery>
<entry>2009-10-22</entry>
<modified>2010-05-06</modified>
</dates>
</vuln>
<vuln vid="8581189c-bd5f-11de-8709-0017a4cccfc6">
<topic>Xpdf -- Multiple Vulnerabilities</topic>
<affects>
<package>
<name>xpdf</name>
<range><lt>3.02_11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote cite="http://www.securityfocus.com/archive/1/507261">
<p>Some vulnerabilities have been reported in Xpdf, which can be
exploited by malicious people to potentially compromise a user's
system.</p>
<p>1) Multiple integer overflows in "SplashBitmap::SplashBitmap()"
can be exploited to cause heap-based buffer overflows.</p>
<p>2) An integer overflow error in "ObjectStream::ObjectStream()"
can be exploited to cause a heap-based buffer overflow.</p>
<p>3) Multiple integer overflows in "Splash::drawImage()" can be
exploited to cause heap-based buffer overflows.</p>
<p>4) An integer overflow error in "PSOutputDev::doImageL1Sep()"
can be exploited to cause a heap-based buffer overflow when
converting a PDF document to a PS file.</p>
<p>Successful exploitation of the vulnerabilities may allow execution
of arbitrary code by tricking a user into opening a specially crafted
PDF file.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.securityfocus.com/archive/1/507261</url>
<url>http://secunia.com/advisories/37053/</url>
</references>
<dates>
<discovery>2009-10-14</discovery>
<entry>2009-10-20</entry>
</dates>
</vuln>
<vuln vid="87917d6f-ba76-11de-bac2-001a4d563a0f">
<topic>django -- denial-of-service attack</topic>
<affects>
<package>
<name>py23-django</name>
<name>py24-django</name>
<name>py25-django</name>
<name>py26-django</name>
<name>py30-django</name>
<name>py31-django</name>
<range><lt>1.1.1</lt></range>
</package>
<package>
<name>py23-django-devel</name>
<name>py24-django-devel</name>
<name>py25-django-devel</name>
<name>py26-django-devel</name>
<name>py30-django-devel</name>
<name>py31-django-devel</name>
<range><lt>11603,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Django project reports:</p>
<blockquote cite="http://www.djangoproject.com/weblog/2009/oct/09/security/">
<p>Django's forms library includes field types which perform
regular-expression-based validation of email addresses and
URLs. Certain addresses/URLs could trigger a pathological
performance case in these regular expression, resulting in
the server process/thread becoming unresponsive, and consuming
excessive CPU over an extended period of time. If deliberately
triggered, this could result in an effectively
denial-of-service attack.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3695</cvename>
<url>http://www.djangoproject.com/weblog/2009/oct/09/security/</url>
</references>
<dates>
<discovery>2009-10-09</discovery>
<entry>2009-10-16</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="4769914e-b844-11de-b159-0030843d3802">
<topic>phpmyadmin -- XSS and SQL injection vulnerabilities</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><lt>3.2.2.1</lt></range>
</package>
<package>
<name>phpMyAdmin211</name>
<range><lt>2.11.9.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>phpMyAdmin Team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2009-6.php">
<p>Cross-site scripting (XSS) vulnerability allows remote attackers to
inject arbitrary web script or HTML via a crafted MySQL table name.</p>
<p>SQL injection vulnerability allows remote attackers to inject SQL via
various interface parameters of the PDF schema generator feature.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3696</cvename>
<cvename>CVE-2009-3697</cvename>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2009-6.php</url>
</references>
<dates>
<discovery>2009-10-13</discovery>
<entry>2009-10-13</entry>
</dates>
</vuln>
<vuln vid="437a68cf-b752-11de-b6eb-00e0815b8da8">
<topic>php5 -- Multiple security issues</topic>
<affects>
<package>
<name>php5</name>
<range><lt>5.2.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Vendor reports</p>
<blockquote cite="http://www.php.net/releases/5_2_11.php">
<p>Security Enhancements and Fixes in PHP 5.2.11:
Fixed certificate validation inside
php_openssl_apply_verification_policy.
Fixed sanity check for the color index in imagecolortransparent.
Added missing sanity checks around exif processing.
Fixed bug 44683 popen crashes when an invalid mode is passed.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.php.net/releases/5_2_11.php</url>
<cvename>CVE-2009-3291</cvename>
<cvename>CVE-2009-3292</cvename>
<cvename>CVE-2009-3293</cvename>
</references>
<dates>
<discovery>2009-09-17</discovery>
<entry>2009-10-12</entry>
</dates>
</vuln>
<vuln vid="ebeed063-b328-11de-b6a5-0030843d3802">
<topic>virtualbox -- privilege escalation</topic>
<affects>
<package>
<name>virtualbox</name>
<range><lt>3.0.51.r22902_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Sun reports:</p>
<blockquote cite="http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1">
<p>A security vulnerability in the VBoxNetAdpCtl configuration tool
for certain Sun VirtualBox 3.0 packages may allow local unprivileged
users who are authorized to run VirtualBox to execute arbitrary
commands with root privileges.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3692</cvename>
<url>http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1</url>
<url>http://secunia.com/advisories/36929</url>
</references>
<dates>
<discovery>2009-10-07</discovery>
<entry>2009-10-07</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="50383bde-b25b-11de-8c83-02e0185f8d72">
<topic>FreeBSD -- Devfs / VFS NULL pointer race condition</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>6.3</ge><lt>6.3_13</lt></range>
<range><ge>6.4</ge><lt>6.4_7</lt></range>
<range><ge>7.1</ge><lt>7.1_8</lt></range>
<range><ge>7.2</ge><lt>7.2_4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>Due to the interaction between devfs and VFS, a race condition
exists where the kernel might dereference a NULL pointer.</p>
<h1>Impact:</h1>
<p>Successful exploitation of the race condition can lead to local
kernel privilege escalation, kernel data corruption and/or
crash.</p>
<p>To exploit this vulnerability, an attacker must be able to run
code with user privileges on the target system.</p>
<h1>Workaround:</h1>
<p>An errata note, FreeBSD-EN-09:05.null has been released
simultaneously to this advisory, and contains a kernel patch
implementing a workaround for a more broad class of
vulnerabilities. However, prior to those changes, no workaround
is available.</p>
</body>
</description>
<references>
<freebsdsa>SA-09:14.devfs</freebsdsa>
</references>
<dates>
<discovery>2009-10-02</discovery>
<entry>2009-10-06</entry>
<modified>2016-08-09</modified>
</dates>
</vuln>
<vuln vid="90d2e58f-b25a-11de-8c83-02e0185f8d72">
<topic>FreeBSD -- kqueue pipe race conditions</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>6.3</ge><lt>6.4_7</lt></range>
<range><ge>6.4</ge><lt>6.3_13</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description</h1>
<p>A race condition exists in the pipe close() code relating
to kqueues, causing use-after-free for kernel memory, which
may lead to an exploitable NULL pointer vulnerability in the
kernel, kernel memory corruption, and other unpredictable
results.</p>
<h1>Impact:</h1>
<p>Successful exploitation of the race condition can lead to
local kernel privilege escalation, kernel data corruption
and/or crash.</p>
<p>To exploit this vulnerability, an attacker must be able to
run code on the target system.</p>
<h1>Workaround</h1>
<p>An errata notice, FreeBSD-EN-09:05.null has been released
simultaneously to this advisory, and contains a kernel patch
implementing a workaround for a more broad class of
vulnerabilities. However, prior to those changes, no
workaround is available.</p>
</body>
</description>
<references>
<freebsdsa>SA-09:13.pipe</freebsdsa>
</references>
<dates>
<discovery>2009-10-02</discovery>
<entry>2009-10-06</entry>
<modified>2016-08-09</modified>
</dates>
</vuln>
<vuln vid="beb6f4a8-add5-11de-8b55-0030843d3802">
<topic>mybb -- multiple vulnerabilities</topic>
<affects>
<package>
<name>mybb</name>
<range><lt>1.4.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>mybb team reports:</p>
<blockquote cite="http://blog.mybboard.net/2009/09/21/mybb-1-4-9-released-security-update/">
<p>Input passed via avatar extensions is not properly sanitised before
being used in SQL queries. This can be exploited to manipulate SQL
queries by uploading specially named avatars.</p>
<p>The script allows to sign up with usernames containing zero width
space characters, which can be exploited to e.g. conduct spoofing
attacks.</p>
</blockquote>
</body>
</description>
<references>
<bid>36460</bid>
<url>http://dev.mybboard.net/issues/464</url>
<url>http://dev.mybboard.net/issues/418</url>
<url>http://secunia.com/advisories/36803</url>
<url>http://blog.mybboard.net/2009/09/21/mybb-1-4-9-released-security-update/</url>
</references>
<dates>
<discovery>2009-09-21</discovery>
<entry>2009-09-30</entry>
</dates>
</vuln>
<vuln vid="bad1b090-a7ca-11de-873f-0030843d3802">
<topic>drupal -- multiple vulnerabilities</topic>
<affects>
<package>
<name>drupal5</name>
<range><lt>5.20</lt></range>
</package>
<package>
<name>drupal6</name>
<range><lt>6.14</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Drupal Team reports:</p>
<blockquote cite="http://drupal.org/node/579482">
<p>The core OpenID module does not correctly implement Form API for
the form that allows one to link user accounts with OpenID
identifiers. A malicious user is therefore able to use cross site
request forgeries to add attacker controlled OpenID identities to
existing accounts. These OpenID identities can then be used to gain
access to the affected accounts.</p>
<p>The OpenID module is not a compliant implementation of the OpenID
Authentication 2.0 specification. An implementation error allows a
user to access the account of another user when they share the same
OpenID 2.0 provider.</p>
<p>File uploads with certain extensions are not correctly processed by
the File API. This may lead to the creation of files that are
executable by Apache. The .htaccess that is saved into the files
directory by Drupal should normally prevent execution. The files are
only executable when the server is configured to ignore the directives
in the .htaccess file.</p>
<p>Drupal doesn't regenerate the session ID when an anonymous user
follows the one time login link used to confirm email addresses and
reset forgotten passwords. This enables a malicious user to fix and
reuse the session id of a victim under certain circumstances.</p>
</blockquote>
</body>
</description>
<references>
<url>http://drupal.org/node/579482</url>
<url>http://secunia.com/advisories/36787/</url>
<url>http://secunia.com/advisories/36786/</url>
<url>http://secunia.com/advisories/36781/</url>
<url>http://secunia.com/advisories/36776/</url>
<url>http://secunia.com/advisories/36785/</url>
</references>
<dates>
<discovery>2009-09-17</discovery>
<entry>2009-09-22</entry>
</dates>
</vuln>
<vuln vid="113cd7e9-a4e2-11de-84af-001195e39404">
<topic>fwbuilder -- security issue in temporary file handling</topic>
<affects>
<package>
<name>fwbuilder</name>
<range><lt>3.0.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Firewall Builder release notes reports:</p>
<blockquote cite="http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7">
<p>Vadim Kurland (vadim.kurland@fwbuilder.org) reports:</p>
<p>Fwbuilder and libfwbuilder 3.0.4 through to 3.0.6 generate
iptables scripts with a security issue when also used to
generate static routing configurations.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-4664</cvename>
<url>http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7</url>
</references>
<dates>
<discovery>2009-09-18</discovery>
<entry>2009-09-18</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="b9ec7fe3-a38a-11de-9c6b-003048818f40">
<topic>bugzilla -- two SQL injections, sensitive data exposure</topic>
<affects>
<package>
<name>bugzilla</name>
<range><gt>3.3.1</gt><lt>3.4.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Bugzilla Security Advisory reports:</p>
<blockquote cite="http://www.bugzilla.org/security/3.4/">
<ul>
<li>It is possible to inject raw SQL into the Bugzilla
database via the "Bug.create" and "Bug.search" WebService
functions.</li>
<li>When a user would change his password, his new password would
be exposed in the URL field of the browser if he logged in right
after changing his password.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3125</cvename>
<cvename>CVE-2009-3165</cvename>
<cvename>CVE-2009-3166</cvename>
<url>http://www.bugzilla.org/security/3.0.8/</url>
</references>
<dates>
<discovery>2009-09-11</discovery>
<entry>2009-09-17</entry>
</dates>
</vuln>
<vuln vid="ee23aa09-a175-11de-96c0-0011098ad87f">
<topic>horde-base -- multiple vulnerabilities</topic>
<affects>
<package>
<name>horde-base</name>
<range><lt>3.3.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Horde team reports:</p>
<blockquote cite="http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.558&amp;r2=1.515.2.559">
<p>An error within the form library when handling image form fields can
be exploited to overwrite arbitrary local files.</p>
<p>An error exists within the MIME Viewer library when rendering unknown
text parts. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of an affected site if
malicious data is viewed.</p>
<p>The preferences system does not properly sanitise numeric preference
types. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in contact of an affected site.</p>
</blockquote>
</body>
</description>
<references>
<url>http://bugs.horde.org/ticket/?id=8311</url>
<url>http://bugs.horde.org/ticket/?id=8399</url>
<url>http://secunia.com/advisories/36665/</url>
<url>http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.558&amp;r2=1.515.2.559</url>
</references>
<dates>
<discovery>2009-05-28</discovery>
<entry>2009-09-14</entry>
<modified>2009-09-22</modified>
</dates>
</vuln>
<vuln vid="152b27f0-a158-11de-990c-e5b1d4c882e0">
<topic>nginx -- remote denial of service vulnerability</topic>
<affects>
<package>
<name>nginx</name>
<range><lt>0.7.62</lt></range>
</package>
<package>
<name>nginx-devel</name>
<range><lt>0.8.15</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>nginx development team reports:</p>
<blockquote cite="http://nginx.net/CHANGES">
<p>A segmentation fault might occur in worker process while
specially crafted request handling.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-2629</cvename>
<url>http://nginx.net/CHANGES</url>
<mlist msgid="20090914155338.GA2529@ngolde.de">http://lists.debian.org/debian-security-announce/2009/msg00205.html</mlist>
</references>
<dates>
<discovery>2009-09-14</discovery>
<entry>2009-09-14</entry>
<modified>2009-09-15</modified>
</dates>
</vuln>
<vuln vid="6e8f54af-a07d-11de-a649-000c2955660f">
<topic>ikiwiki -- insufficient blacklisting in teximg plugin</topic>
<affects>
<package>
<name>ikiwiki</name>
<range><lt>3.1415926</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The IkiWiki development team reports:</p>
<blockquote cite="http://ikiwiki.info/security/#index35h2">
<p>IkiWikis teximg plugin's blacklisting of insecure TeX commands
is insufficient; it can be bypassed and used to read arbitrary
files.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-2944</cvename>
<url>http://ikiwiki.info/security/#index35h2</url>
</references>
<dates>
<discovery>2009-08-28</discovery>
<entry>2009-09-13</entry>
</dates>
</vuln>
<vuln vid="b46f3a1e-a052-11de-a649-000c2955660f">
<topic>xapian-omega -- cross-site scripting vulnerability</topic>
<affects>
<package>
<name>xapian-omega</name>
<range><lt>1.0.16</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Olly Betts reports:</p>
<blockquote cite="http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html">
<p>There's a cross-site scripting issue in Omega - exception
messages don't currently get HTML entities escaped, but can
contain CGI parameter values in some cases.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-2947</cvename>
<url>http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html</url>
</references>
<dates>
<discovery>2009-09-09</discovery>
<entry>2009-09-13</entry>
</dates>
</vuln>
<vuln vid="922d2398-9e2d-11de-a998-0030843d3802">
<topic>mozilla firefox -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><gt>3.5.*,1</gt><lt>3.5.3,1</lt></range>
<range><gt>3.*,1</gt><lt>3.0.13,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mozilla Foundation reports:</p>
<blockquote cite="http://www.mozilla.org/security/announce/">
<p>MFSA 2009-51 Chrome privilege escalation with FeedWriter</p>
<p>MFSA 2009-50 Location bar spoofing via tall line-height Unicode
characters</p>
<p>MFSA 2009-49 TreeColumns dangling pointer vulnerability</p>
<p>MFSA 2009-48 Insufficient warning for PKCS11 module installation
and removal</p>
<p>MFSA 2009-47 Crashes with evidence of memory corruption
(rv:1.9.1.3/1.9.0.14)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3069</cvename>
<cvename>CVE-2009-3070</cvename>
<cvename>CVE-2009-3071</cvename>
<cvename>CVE-2009-3072</cvename>
<cvename>CVE-2009-3073</cvename>
<cvename>CVE-2009-3074</cvename>
<cvename>CVE-2009-3075</cvename>
<cvename>CVE-2009-3076</cvename>
<cvename>CVE-2009-3077</cvename>
<cvename>CVE-2009-3078</cvename>
<cvename>CVE-2009-3079</cvename>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-47.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-48.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-49.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-50.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-51.html</url>
<url>http://secunia.com/advisories/36671/2/</url>
</references>
<dates>
<discovery>2009-09-10</discovery>
<entry>2009-09-10</entry>
</dates>
</vuln>
<vuln vid="012b495c-9d51-11de-8d20-001bd3385381">
<topic>cyrus-imapd -- Potential buffer overflow in Sieve</topic>
<affects>
<package>
<name>cyrus-imapd</name>
<range><gt>2.2.0</gt><lt>2.2.13_6</lt></range>
<range><gt>2.3.0</gt><lt>2.3.14_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Cyrus IMAP Server ChangeLog states:</p>
<blockquote cite="http://cyrusimap.web.cmu.edu/imapd/changes.html">
<p>Fixed CERT VU#336053 - Potential buffer overflow in Sieve.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-2632</cvename>
<bid>36296</bid>
<url>http://www.kb.cert.org/vuls/id/336053</url>
<url>http://www.debian.org/security/2009/dsa-1881</url>
</references>
<dates>
<discovery>2009-09-02</discovery>
<entry>2009-09-09</entry>
<modified>2009-09-14</modified>
</dates>
</vuln>
<vuln vid="24aa9970-9ccd-11de-af10-000c29a67389">
<topic>silc-toolkit -- Format string vulnerabilities</topic>
<affects>
<package>
<name>silc-toolkit</name>
<range><lt>1.1.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SILC Changlog reports:</p>
<blockquote cite="http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.10">
<p>An unspecified format string vulnerability exists in
silc-toolkit.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3051</cvename>
<url>http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.10</url>
<url>http://www.openwall.com/lists/oss-security/2009/09/03/5</url>
</references>
<dates>
<discovery>2009-08-07</discovery>
<entry>2009-09-08</entry>
</dates>
</vuln>
<vuln vid="4582948a-9716-11de-83a5-001999392805">
<topic>opera -- multiple vulnerabilities</topic>
<affects>
<package>
<name>opera</name>
<range><lt>10.00.20090830</lt></range>
</package>
<package>
<name>opera-devel</name>
<range><le>10.00.b3_1,1</le></range>
</package>
<package>
<name>linux-opera</name>
<range><lt>10.00</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Opera Team Reports:</p>
<blockquote cite="http://www.opera.com/docs/changelogs/freebsd/1000/">
<ul>
<li>Issue where sites using revoked intermediate certificates might be shown as secure</li>
<li>Issue where the collapsed address bar didn't show the current domain</li>
<li>Issue where pages could trick users into uploading files</li>
<li>Some IDNA characters not correctly displaying in the address bar</li>
<li>Issue where Opera accepts nulls and invalid wild-cards in certificates</li>
</ul>
</blockquote>
</body>
</description>
<references>
<url>http://www.opera.com/support/search/view/929/</url>
<url>http://www.opera.com/support/search/view/930/</url>
<url>http://www.opera.com/support/search/view/931/</url>
<url>http://www.opera.com/support/search/view/932/</url>
<url>http://www.opera.com/support/search/view/934/</url>
</references>
<dates>
<discovery>2009-09-01</discovery>
<entry>2009-09-04</entry>
<modified>2009-10-29</modified>
</dates>
</vuln>
<vuln vid="80aa98e0-97b4-11de-b946-0030843d3802">
<topic>dnsmasq -- TFTP server remote code injection vulnerability</topic>
<affects>
<package>
<name>dnsmasq</name>
<range><lt>2.50</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Simon Kelley reports:</p>
<blockquote cite="http://www.thekelleys.org.uk/dnsmasq/CHANGELOG">
<p>Fix security problem which allowed any host permitted to
do TFTP to possibly compromise dnsmasq by remote buffer
overflow when TFTP enabled.</p>
<p>Fix a problem which allowed a malicious TFTP client to
crash dnsmasq.</p>
</blockquote>
</body>
</description>
<references>
<bid>36121</bid>
<bid>36120</bid>
<cvename>CVE-2009-2957</cvename>
<cvename>CVE-2009-2958</cvename>
<url>http://www.coresecurity.com/content/dnsmasq-vulnerabilities</url>
<url>https://rhn.redhat.com/errata/RHSA-2009-1238.html</url>
</references>
<dates>
<discovery>2009-08-31</discovery>
<entry>2009-09-02</entry>
</dates>
</vuln>
<vuln vid="e15f2356-9139-11de-8f42-001aa0166822">
<topic>apache22 -- several vulnerabilities</topic>
<affects>
<package>
<name>apache</name>
<range><gt>2.2.0</gt><lt>2.2.12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Apache ChangeLog reports:</p>
<blockquote cite="http://www.apache.org/dist/httpd/CHANGES_2.2.12">
<p>CVE-2009-1891: Fix a potential Denial-of-Service attack against mod_deflate or other modules.</p>
<p>CVE-2009-1195: Prevent the "Includes" Option from being enabled in an .htaccess file if the AllowOverride restrictions do not permit it.</p>
<p>CVE-2009-1890: Fix a potential Denial-of-Service attack against mod_proxy in a reverse proxy configuration.</p>
<p>CVE-2009-1191: mod_proxy_ajp: Avoid delivering content from a previous request which failed to send a request body.</p>
<p>CVE-2009-0023, CVE-2009-1955, CVE-2009-1956: The bundled copy of the APR-util library has been updated, fixing three different security issues which may affect particular configurations and third-party modules (was already fixed in 2.2.11_5).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-1891</cvename><!-- vul: 2.2.11 -->
<cvename>CVE-2009-1195</cvename><!-- vul: 2.2.x to 2.2.11 -->
<cvename>CVE-2009-1890</cvename><!-- ok: 2.3.3 -->
<cvename>CVE-2009-1191</cvename><!-- vul: 2.2.11 -->
<cvename>CVE-2009-0023</cvename><!-- ok: apr 1.3.5 -->
<cvename>CVE-2009-1955</cvename><!-- ok: apr-util 1.3.7 -->
<cvename>CVE-2009-1956</cvename><!-- ok: apr-util 1.3.5 -->
</references>
<dates>
<discovery>2009-07-28</discovery><!-- release date of 2.2.12 -->
<entry>2009-08-25</entry>
</dates>
</vuln>
<vuln vid="59e7af2d-8db7-11de-883b-001e3300a30d">
<topic>pidgin -- MSN overflow parsing SLP messages</topic>
<affects>
<package>
<name>pidgin</name>
<name>libpurple</name>
<name>finch</name>
<range><lt>2.5.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/36384">
<p>A vulnerability has been reported in Pidgin, which can be
exploited by malicious people to potentially compromise a user's
system.</p>
<p>The vulnerability is caused due to an error in the
"msn_slplink_process_msg()" function when processing MSN SLP
messages and can be exploited to corrupt memory.</p>
<p>Successful exploitation may allow execution of arbitrary
code.</p>
<p>The vulnerability is reported in versions 2.5.8 and prior.
Other versions may also be affected.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-2694</cvename>
<url>http://secunia.com/advisories/36384/</url>
<url>http://www.pidgin.im/news/security/?id=34</url>
</references>
<dates>
<discovery>2009-08-18</discovery>
<entry>2009-08-20</entry>
</dates>
</vuln>
<vuln vid="b31a1088-460f-11de-a11a-0022156e8794">
<topic>GnuTLS -- multiple vulnerabilities</topic>
<affects>
<package>
<name>gnutls</name>
<range><lt>2.6.6</lt></range>
</package>
<package>
<name>gnutls-devel</name>
<range><lt>2.7.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/34783/discuss">
<p>GnuTLS is prone to multiple remote vulnerabilities:</p>
<ul>
<li>A remote code-execution vulnerability.</li>
<li>A denial-of-service vulnerability.</li>
<li>A signature-generation vulnerability.</li>
<li>A signature-verification vulnerability.</li>
</ul>
<p>An attacker can exploit these issues to potentially execute
arbitrary code, trigger denial-of-service conditions, carry
out attacks against data signed with weak signatures, and
cause clients to accept expired or invalid certificates from
servers.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-1415</cvename>
<cvename>CVE-2009-1416</cvename>
<cvename>CVE-2009-1417</cvename>
<bid>34783</bid>
<url>http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515</url>
<url>http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516</url>
<url>http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517</url>
</references>
<dates>
<discovery>2009-05-21</discovery>
<entry>2009-08-17</entry>
</dates>
</vuln>
<vuln vid="856a6f84-8b30-11de-8062-00e0815b8da8">
<topic>GnuTLS -- improper SSL certificate verification</topic>
<affects>
<package>
<name>gnutls</name>
<range><lt>2.8.3</lt></range>
</package>
<package>
<name>gnutls-devel</name>
<range><lt>2.9.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>GnuTLS reports:</p>
<blockquote cite="http://article.gmane.org/gmane.network.gnutls.general/1733">
<p>By using a NUL byte in CN/SAN fields, it was possible to fool
GnuTLS into 1) not printing the entire CN/SAN field value when
printing a certificate and 2) cause incorrect positive matches
when matching a hostname against a certificate.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-2730</cvename>
<url>http://article.gmane.org/gmane.network.gnutls.general/1733</url>
<url>http://secunia.com/advisories/36266</url>
</references>
<dates>
<discovery>2009-08-11</discovery>
<entry>2009-08-17</entry>
</dates>
</vuln>
<vuln vid="86ada694-8b30-11de-b9d0-000c6e274733">
<topic>memcached -- memcached stats maps Information Disclosure Weakness</topic>
<affects>
<package>
<name>memcached</name>
<range><lt>1.2.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/34915/">
<p>A weakness has been reported in memcached, which can be exploited
by malicious people to disclose system information.</p>
<p>The weakness is caused due to the application disclosing the
content of /proc/self/maps if a stats maps command is received.
This can be exploited to disclose e.g. the addresses of allocated
memory regions.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-1255</cvename>
<url>http://secunia.com/advisories/34915/</url>
</references>
<dates>
<discovery>2009-04-29</discovery>
<entry>2009-08-17</entry>
</dates>
</vuln>
<vuln vid="2430e9c3-8741-11de-938e-003048590f9e">
<topic>wordpress -- remote admin password reset vulnerability</topic>
<affects>
<package>
<name>wordpress</name>
<range><lt>2.8.4,1</lt></range>
</package>
<package>
<name>de-wordpress</name>
<range><lt>2.8.4</lt></range>
</package>
<package>
<name>wordpress-mu</name>
<range><lt>2.8.4a</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>WordPress reports:</p>
<blockquote cite="http://wordpress.org/development/2009/08/2-8-4-security-release/">
<p>A specially crafted URL could be requested that would allow an
attacker to bypass a security check to verify a user requested a
password reset. As a result, the first account without a key in the
database (usually the admin account) would have its password reset and
a new password would be emailed to the account owner.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-2762</cvename>
<url>http://wordpress.org/development/2009/08/2-8-4-security-release/</url>
<url>http://www.milw0rm.com/exploits/9410</url>
</references>
<dates>
<discovery>2009-08-10</discovery>
<entry>2009-08-12</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="5179d85c-8683-11de-91b9-0022157515b2">
<topic>fetchmail -- improper SSL certificate subject verification</topic>
<affects>
<package>
<name>fetchmail</name>
<range><lt>6.3.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Matthias Andree reports:</p>
<blockquote cite="http://www.fetchmail.info/fetchmail-SA-2009-01.txt">
<p>Moxie Marlinspike demonstrated in July 2009 that some CAs would
sign certificates that contain embedded NUL characters in the
Common Name or subjectAltName fields of ITU-T X.509
certificates.</p>
<p>Applications that would treat such X.509 strings as
NUL-terminated C strings (rather than strings that contain an
explicit length field) would only check the part up to and
excluding the NUL character, so that certificate names such as
www.good.example\0www.bad.example.com would be mistaken as a
certificate name for www.good.example. fetchmail also had this
design and implementation flaw.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-2666</cvename>
<url>http://www.fetchmail.info/fetchmail-SA-2009-01.txt</url>
</references>
<dates>
<discovery>2009-08-06</discovery>
<entry>2009-08-11</entry>
<modified>2009-08-13</modified>
</dates>
</vuln>
<vuln vid="739b94a4-838b-11de-938e-003048590f9e">
<topic>joomla15 -- com_mailto Timeout Issue</topic>
<affects>
<package>
<name>joomla15</name>
<range><lt>1.5.14</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Joomla! Security Center reports:</p>
<blockquote cite="http://developer.joomla.org/security/news/303-20090723-core-com-mailto-timeout-issue.html">
<p>In com_mailto, it was possible to bypass timeout protection against
sending automated emails.</p>
</blockquote>
</body>
</description>
<references>
<url>http://developer.joomla.org/security.html</url>
<url>http://secunia.com/advisories/36097/</url>
</references>
<dates>
<discovery>2009-07-22</discovery>
<entry>2009-08-07</entry>
<modified>2009-08-11</modified>
</dates>
</vuln>
<vuln vid="bce1f76d-82d0-11de-88ea-001a4d49522b">
<topic>subversion -- heap overflow vulnerability</topic>
<affects>
<package>
<name>subversion</name>
<name>subversion-freebsd</name>
<name>p5-subversion</name>
<name>py-subversion</name>
<range><lt>1.6.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Subversion Security Advisory reports:</p>
<blockquote cite="http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt">
<p>Subversion clients and servers have multiple heap
overflow issues in the parsing of binary deltas. This is
related to an allocation vulnerability in the APR library
used by Subversion.</p>
<p>Clients with commit access to a vulnerable server can
cause a remote heap overflow; servers can cause a heap
overflow on vulnerable clients that try to do a checkout
or update.</p>
<p>This can lead to a DoS (an exploit has been tested) and
to arbitrary code execution (no exploit tested, but the
possibility is clear).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-2411</cvename>
<url>http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt</url>
</references>
<dates>
<discovery>2009-08-06</discovery>
<entry>2009-08-06</entry>
<modified>2009-08-07</modified>
</dates>
</vuln>
<vuln vid="d67b517d-8214-11de-88ea-001a4d49522b">
<topic>bugzilla -- product name information leak</topic>
<affects>
<package>
<name>bugzilla</name>
<range><gt>3.3.4</gt><lt>3.4.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Bugzilla Security Advisory reports:</p>
<blockquote cite="http://www.bugzilla.org/security/3.4/">
<p>Normally, users are only supposed to see products that
they can file bugs against in the "Product" drop-down on
the bug-editing page. Instead, users were being shown all
products, even those that they normally could not see. Any
user who could edit any bug could see all product
names.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.bugzilla.org/security/3.4/</url>
</references>
<dates>
<discovery>2009-07-30</discovery>
<entry>2009-08-05</entry>
</dates>
</vuln>
<vuln vid="49e8f2ee-8147-11de-a994-0030843d3802">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<name>linux-firefox</name>
<range><lt>3.*,1</lt></range>
<range><gt>3.*,1</gt><lt>3.0.13,1</lt></range>
<range><gt>3.5.*,1</gt><lt>3.5.2,1</lt></range>
</package>
<package>
<name>linux-firefox-devel</name>
<range><lt>3.5.2</lt></range>
</package>
<package>
<name>seamonkey</name>
<name>linux-seamonkey</name>
<range><lt>1.1.18</lt></range>
</package>
<package>
<name>linux-seamonkey-devel</name>
<range><gt>0</gt></range>
</package>
<package>
<name>thunderbird</name>
<name>linux-thunderbird</name>
<range><lt>2.0.0.23</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/announce/">
<p>MFSA 2009-38: Data corruption with SOCKS5 reply containing DNS name
longer than 15 characters</p>
<p>MFSA 2009-42: Compromise of SSL-protected communication</p>
<p>MFSA 2009-43: Heap overflow in certificate regexp parsing</p>
<p>MFSA 2009-44: Location bar and SSL indicator spoofing via window.open()
on invalid URL</p>
<p>MFSA 2009-45: Crashes with evidence of memory corruption
(rv:1.9.1.2/1.9.0.13)</p>
<p>MFSA 2009-46: Chrome privilege escalation due to incorrectly cached
wrapper</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-2404</cvename>
<cvename>CVE-2009-2408</cvename>
<cvename>CVE-2009-2454</cvename>
<cvename>CVE-2009-2470</cvename>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-38.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-42.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-43.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-44.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-45.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-46.html</url>
</references>
<dates>
<discovery>2009-08-03</discovery>
<entry>2009-08-04</entry>
<modified>2009-09-04</modified>
</dates>
</vuln>
<vuln vid="4e306850-811f-11de-8a67-000c29a67389">
<topic>silc-client -- Format string vulnerability</topic>
<affects>
<package>
<name>silc-client</name>
<name>silc-irssi-client</name>
<range><lt>1.1.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SILC changelog reports:</p>
<blockquote cite="http://silcnet.org/docs/changelog/SILC%20Client%201.1.8">
<p>An unspecified format string vulnerability exists in
silc-client.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3051</cvename>
<url>http://silcnet.org/docs/changelog/SILC%20Client%201.1.8</url>
</references>
<dates>
<discovery>2009-07-31</discovery>
<entry>2009-08-04</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="0d0237d0-7f68-11de-984d-0011098ad87f">
<topic>SquirrelMail -- Plug-ins compromise</topic>
<affects>
<package>
<name>squirrelmail-multilogin-plugin</name>
<range><ge>2.3.4</ge><lt>2.3.4_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>The SquirrelMail Web Server has been compromised, and three plugins
are affected.</p>
<p>The port of squirrelmail-sasql-plugin is safe (right MD5), and
change_pass is not in the FreeBSD ports tree, but multilogin has a
wrong MD5.</p>
</body>
</description>
<references>
<url>http://sourceforge.net/mailarchive/message.php?msg_name=4A727634.3080008%40squirrelmail.org</url>
<url>http://squirrelmail.org/index.php</url>
</references>
<dates>
<discovery>2009-07-31</discovery>
<entry>2009-08-02</entry>
</dates>
</vuln>
<vuln vid="83725c91-7c7e-11de-9672-00e0815b8da8">
<topic>BIND -- Dynamic update message remote DoS</topic>
<affects>
<package>
<name>bind9</name>
<range><lt>9.3.6.1.1</lt></range>
</package>
<package>
<name>bind9-sdb-postgresql</name>
<name>bind9-sdb-ldap</name>
<range><lt>9.4.3.3</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>6.3</ge><lt>6.3_12</lt></range>
<range><ge>6.4</ge><lt>6.4_6</lt></range>
<range><ge>7.1</ge><lt>7.1_7</lt></range>
<range><ge>7.2</ge><lt>7.2_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>When named(8) receives a specially crafted dynamic update
message an internal assertion check is triggered which causes
named(8) to exit.</p>
<p>To trigger the problem, the dynamic update message must contains
a record of type "ANY" and at least one resource record set (RRset)
for this fully qualified domain name (FQDN) must exist on the
server.</p>
<h1>Impact:</h1>
<p>An attacker which can send DNS requests to a nameserver can cause
it to exit, thus creating a Denial of Service situation.</p>
<h1>Workaround:</h1>
<p>No generally applicable workaround is available, but some firewalls
may be able to prevent nsupdate DNS packets from reaching the
nameserver.</p>
<p>NOTE WELL: Merely configuring named(8) to ignore dynamic updates
is NOT sufficient to protect it from this vulnerability.</p>
</body>
</description>
<references>
<cvename>CVE-2009-0696</cvename>
<freebsdsa>SA-09:12.bind</freebsdsa>
<url>http://www.kb.cert.org/vuls/id/725188</url>
<url>https://www.isc.org/node/474</url>
</references>
<dates>
<discovery>2009-07-28</discovery>
<entry>2009-08-01</entry>
<modified>2009-08-04</modified>
</dates>
</vuln>
<vuln vid="708c65a5-7c58-11de-a994-0030843d3802">
<topic>mono -- XML signature HMAC truncation spoofing</topic>
<affects>
<package>
<name>mono</name>
<range><lt>2.4.2.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/35852/">
<p>A security issue has been reported in Mono, which can be
exploited by malicious people to conduct spoofing attacks.</p>
<p>The security issue is caused due to an error when processing
certain XML signatures.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0217</cvename>
<url>http://secunia.com/advisories/35852/</url>
<url>http://www.kb.cert.org/vuls/id/466161</url>
</references>
<dates>
<discovery>2009-07-15</discovery>
<entry>2009-07-29</entry>
</dates>
</vuln>
<vuln vid="e1156e90-7ad6-11de-b26a-0048543d60ce">
<topic>squid -- several remote denial of service vulnerabilities</topic>
<affects>
<package>
<name>squid</name>
<range><ge>3.0.1</ge><lt>3.0.17</lt></range>
<range><ge>3.1.0.1</ge><lt>3.1.0.12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Squid security advisory 2009:2 reports:</p>
<blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2009_2.txt">
<p>Due to incorrect buffer limits and related bound checks Squid
is vulnerable to a denial of service attack when processing
specially crafted requests or responses.</p>
<p>Due to incorrect data validation Squid is vulnerable to a
denial of service attack when processing specially crafted
responses.</p>
<p>These problems allow any trusted client or external server to
perform a denial of service attack on the Squid service.</p>
</blockquote>
<p>Squid-2.x releases are not affected.</p>
</body>
</description>
<references>
<cvename>CVE-2009-2621</cvename>
<cvename>CVE-2009-2622</cvename>
<url>http://www.squid-cache.org/Advisories/SQUID-2009_2.txt</url>
</references>
<dates>
<discovery>2009-07-27</discovery>
<entry>2009-07-27</entry>
<modified>2009-08-06</modified>
</dates>
</vuln>
<vuln vid="c1ef9b33-72a6-11de-82ea-0030843d3802">
<topic>mozilla -- corrupt JIT state after deep return from native function</topic>
<affects>
<package>
<name>firefox</name>
<range><ge>3.5.*,1</ge><lt>3.5.1,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/announce/2009/mfsa2009-41.html">
<p>Firefox user zbyte reported a crash that we determined could result
in an exploitable memory corruption problem. In certain cases after a
return from a native function, such as escape(), the Just-in-Time
(JIT) compiler could get into a corrupt state. This could be exploited
by an attacker to run arbitrary code such as installing malware.</p>
<p>This vulnerability does not affect earlier versions of Firefox
which do not support the JIT feature.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-2477</cvename>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-41.html</url>
<url>http://www.kb.cert.org/vuls/id/443060</url>
</references>
<dates>
<discovery>2009-07-16</discovery>
<entry>2009-07-17</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="c444c8b7-7169-11de-9ab7-000c29a67389">
<topic>isc-dhcp-client -- Stack overflow vulnerability</topic>
<affects>
<package>
<name>isc-dhcp31-client</name>
<range><le>3.1.1</le></range>
</package>
<package>
<name>isc-dhcp30-client</name>
<range><lt>3.0.7_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>US-CERT reports:</p>
<blockquote cite="http://www.kb.cert.org/vuls/id/410676">
<p>The ISC DHCP dhclient application contains a stack buffer
overflow, which may allow a remote, unauthenticated attacker to
execute arbitrary code with root privileges.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0692</cvename>
<url>https://www.isc.org/node/468</url>
<url>http://secunia.com/advisories/35785</url>
<url>http://www.kb.cert.org/vuls/id/410676</url>
</references>
<dates>
<discovery>2009-07-14</discovery>
<entry>2009-07-15</entry>
<modified>2009-07-21</modified>
</dates>
</vuln>
<vuln vid="be927298-6f97-11de-b444-001372fd0af2">
<topic>drupal -- multiple vulnerabilities</topic>
<affects>
<package>
<name>drupal5</name>
<range><lt>5.19</lt></range>
</package>
<package>
<name>drupal6</name>
<range><lt>6.13</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Drupal Security Team reports:</p>
<blockquote cite="http://drupal.org/node/507572">
<p>Cross-site scripting</p>
<p>The Forum module does not correctly handle certain arguments
obtained from the URL. By enticing a suitably privileged user
to visit a specially crafted URL, a malicious user is able to
insert arbitrary HTML and script code into forum pages. Such a
cross-site scripting attack may lead to the malicious user
gaining administrative access. Wikipedia has more information
about cross-site scripting (XSS).</p>
<p>User signatures have no separate input format, they use the
format of the comment with which they are displayed. A user
will no longer be able to edit a comment when an administrator
changes the comment's input format to a format that is not
accessible to the user. However they will still be able to
modify their signature, which will then be processed by the new
input format.</p>
<p>If the new format is very permissive, via their signature, the
user may be able to insert arbitrary HTML and script code into
pages or, when the PHP filter is enabled for the new format,
execute PHP code. This issue affects Drupal 6.x only.</p>
<p>When an anonymous user fails to login due to mistyping his
username or password, and the page he is on contains a sortable
table, the (incorrect) username and password are included in
links on the table. If the user visits these links the password
may then be leaked to external sites via the HTTP referer.</p>
<p>In addition, if the anonymous user is enticed to visit the site
via a specially crafted URL while the Drupal page cache is
enabled, a malicious user might be able to retrieve the
(incorrect) username and password from the page cache.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-2372</cvename>
<cvename>CVE-2009-2374</cvename>
<cvename>CVE-2009-2373</cvename>
<url>http://drupal.org/node/507572</url>
<url>http://secunia.com/advisories/35681</url>
</references>
<dates>
<discovery>2009-07-01</discovery>
<entry>2009-07-13</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="70372cda-6771-11de-883a-00e0815b8da8">
<topic>nfsen -- remote command execution</topic>
<affects>
<package>
<name>nfsen</name>
<range><lt>1.3.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>nfsen reports:</p>
<blockquote cite="http://sourceforge.net/forum/forum.php?forum_id=967583">
<p>Due to double input checking, a remote command execution security
bug exists in all NfSen versions 1.3 and 1.3.1. Users are
requested to update to nfsen-1.3.2.</p>
</blockquote>
</body>
</description>
<references>
<url>http://sourceforge.net/forum/forum.php?forum_id=967583</url>
</references>
<dates>
<discovery>2009-06-18</discovery>
<entry>2009-07-03</entry>
</dates>
</vuln>
<vuln vid="ba73f494-65a8-11de-aef5-001c2514716c">
<topic>phpmyadmin -- XSS vulnerability</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><lt>3.2.0.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyAdmin project reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2009-5.php">
<p>It was possible to conduct an XSS attack via a crafted
SQL bookmark.</p>
<p>All 3.x releases on which the "bookmarks" feature is
active are affected, previous versions are not.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-2284</cvename>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2009-5.php</url>
</references>
<dates>
<discovery>2009-06-30</discovery>
<entry>2009-06-30</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="3ebd4cb5-657f-11de-883a-00e0815b8da8">
<topic>nagios -- Command Injection Vulnerability</topic>
<affects>
<package>
<name>nagios</name>
<range><le>3.0.6_1</le></range>
</package>
<package>
<name>nagios2</name>
<range><le>2.12_3</le></range>
</package>
<package>
<name>nagios-devel</name>
<range><le>3.1.0_1</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/35543?">
<p>A vulnerability has been reported in Nagios, which can be
exploited by malicious users to potentially compromise a
vulnerable system.</p>
<p>Input passed to the "ping" parameter in statuswml.cgi is not
properly sanitised before being used to invoke the ping command.
This can be exploited to inject and execute arbitrary shell
commands.</p>
<p>Successful exploitation requires access to the ping feature
of the WAP interface.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-2288</cvename>
<url>http://secunia.com/advisories/35543</url>
<url>http://tracker.nagios.org/view.php?id=15</url>
</references>
<dates>
<discovery>2009-05-29</discovery>
<entry>2009-06-30</entry>
<modified>2009-07-13</modified>
</dates>
</vuln>
<vuln vid="f59dda75-5ff4-11de-a13e-00e0815b8da8">
<topic>tor-devel -- DNS resolution vulnerability</topic>
<affects>
<package>
<name>tor-devel</name>
<range><lt>0.2.1.15-rc</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Tor Project reports:</p>
<blockquote cite="https://git.torproject.org/checkout/tor/master/ChangeLog">
<p>A malicious exit relay could convince a controller that the
client's DNS question resolves to an internal IP address.</p>
</blockquote>
</body>
</description>
<references>
<url>https://git.torproject.org/checkout/tor/master/ChangeLog</url>
</references>
<dates>
<discovery>2009-06-20</discovery>
<entry>2009-06-23</entry>
</dates>
</vuln>
<vuln vid="c14aa48c-5ab7-11de-bc9b-0030843d3802">
<topic>cscope -- multiple buffer overflows</topic>
<affects>
<package>
<name>cscope</name>
<range><lt>15.7a</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/34978">
<p>Some vulnerabilities have been reported in Cscope, which
potentially can be exploited by malicious people to compromise a
user's system.</p>
<p>The vulnerabilities are caused due to various boundary errors,
which can be exploited to cause buffer overflows when parsing
specially crafted files or directories.</p>
</blockquote>
</body>
</description>
<references>
<bid>34805</bid>
<cvename>CVE-2009-0148</cvename>
<url>http://secunia.com/advisories/34978</url>
</references>
<dates>
<discovery>2009-05-31</discovery>
<entry>2009-06-16</entry>
</dates>
</vuln>
<vuln vid="91a2066b-5ab6-11de-bc9b-0030843d3802">
<topic>cscope -- buffer overflow</topic>
<affects>
<package>
<name>cscope</name>
<range><lt>15.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/34832">
<p>Attackers may leverage this issue to execute arbitrary code
in the context of the application. Failed attacks will cause
denial-of-service conditions.</p>
</blockquote>
</body>
</description>
<references>
<bid>34832</bid>
<cvename>CVE-2009-1577</cvename>
<url>http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?view=log#rev1.19</url>
</references>
<dates>
<discovery>2009-05-31</discovery>
<entry>2009-06-16</entry>
</dates>
</vuln>
<vuln vid="bdccd14b-5aac-11de-a438-003048590f9e">
<topic>joomla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>joomla15</name>
<range><lt>1.5.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/35278/">
<p>Some vulnerabilities have been reported in Joomla!, which can be
exploited by malicious users to conduct script insertion attacks and
by malicious people to conduct cross-site scripting attacks.</p>
<p>Certain unspecified input is not properly sanitised before being
used. This can be exploited to insert arbitrary HTML and script code,
which will be executed in a user's browser session in the context of
an affected site when the malicious data is displayed.</p>
<p>Certain unspecified input passed to the user view of the com_users
core component is not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.</p>
<p>Input passed via certain parameters to the "JA_Purity" template is
not properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-1938</cvename>
<cvename>CVE-2009-1939</cvename>
<cvename>CVE-2009-1940</cvename>
<url>http://secunia.com/advisories/35278/</url>
<url>http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html</url>
</references>
<dates>
<discovery>2009-06-03</discovery>
<entry>2009-06-16</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="b1ca65e6-5aaf-11de-bc9b-0030843d3802">
<topic>pidgin -- multiple vulnerabilities</topic>
<affects>
<package>
<name>pidgin</name>
<name>libpurple</name>
<name>finch</name>
<range><lt>2.5.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/35194/">
<p>Some vulnerabilities and weaknesses have been reported in Pidgin,
which can be exploited by malicious people to cause a DoS or to
potentially compromise a user's system.</p>
<p>A truncation error in the processing of MSN SLP messages can be
exploited to cause a buffer overflow.</p>
<p>A boundary error in the XMPP SOCKS5 "bytestream" server when
initiating an outgoing file transfer can be exploited to cause a
buffer overflow.</p>
<p>A boundary error exists in the implementation of the
"PurpleCircBuffer" structure. This can be exploited to corrupt memory
and cause a crash via specially crafted XMPP or Sametime
packets.</p>
<p>A boundary error in the "decrypt_out()" function can be exploited
to cause a stack-based buffer overflow with 8 bytes and crash the
application via a specially crafted QQ packet.</p>
</blockquote>
</body>
</description>
<references>
<bid>35067</bid>
<cvename>CVE-2009-1373</cvename>
<cvename>CVE-2009-1374</cvename>
<cvename>CVE-2009-1375</cvename>
<cvename>CVE-2009-1376</cvename>
<url>http://secunia.com/advisories/35194/</url>
<url>http://www.pidgin.im/news/security/?id=29</url>
<url>http://www.pidgin.im/news/security/?id=30</url>
<url>http://www.pidgin.im/news/security/?id=32</url>
</references>
<dates>
<discovery>2009-06-03</discovery>
<entry>2009-06-16</entry>
</dates>
</vuln>
<vuln vid="d9b01c08-59b3-11de-828e-00e0815b8da8">
<topic>git -- denial of service vulnerability</topic>
<affects>
<package>
<name>git</name>
<range><lt>1.6.3.2_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/35338/discuss">
<p>Git is prone to a denial-of-service vulnerability because it
fails to properly handle some client requests.</p>
<p>Attackers can exploit this issue to cause a daemon process to
enter an infinite loop. Repeated exploits may consume excessive
system resources, resulting in a denial of service condition.</p>
</blockquote>
</body>
</description>
<references>
<bid>35338</bid>
<cvename>CVE-2009-2108</cvename>
<url>https://www.redhat.com/archives/fedora-security-list/2009-June/msg00000.html</url>
<url>http://article.gmane.org/gmane.comp.version-control.git/120724</url>
</references>
<dates>
<discovery>2009-06-04</discovery>
<entry>2009-06-15</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="62e0fbe5-5798-11de-bb78-001cc0377035">
<topic>ruby -- BigDecimal denial of service vulnerability</topic>
<affects>
<package>
<name>ruby</name>
<name>ruby+pthreads</name>
<name>ruby+pthreads+oniguruma</name>
<name>ruby+oniguruma</name>
<range><ge>1.8.*,1</ge><lt>1.8.7.160_1,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The official ruby site reports:</p>
<blockquote cite="http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/">
<p>A denial of service (DoS) vulnerability was found on the
BigDecimal standard library of Ruby. Conversion from BigDecimal
objects into Float numbers had a problem which enables attackers
to effectively cause segmentation faults.</p>
<p>An attacker can cause a denial of service by causing BigDecimal
to parse an insanely large number, such as:</p>
<p><code>BigDecimal("9E69999999").to_s("F")</code></p>
</blockquote>
</body>
</description>
<references>
<bid>35278</bid>
<cvename>CVE-2009-1904</cvename>
<url>http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/</url>
</references>
<dates>
<discovery>2009-06-09</discovery>
<entry>2009-06-13</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="da185955-5738-11de-b857-000f20797ede">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>2.0.0.20_8,1</lt></range>
<range><gt>3.*,1</gt><lt>3.0.11,1</lt></range>
</package>
<package>
<name>linux-firefox</name>
<name>linux-firefox-devel</name>
<range><lt>3.0.11</lt></range>
</package>
<package>
<name>thunderbird</name>
<name>linux-thunderbird</name>
<range><lt>2.0.0.22</lt></range>
</package>
<package>
<name>seamonkey</name>
<name>linux-seamonkey</name>
<range><lt>1.1.17</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mozilla Foundation reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/firefox30.html">
<p>MFSA 2009-32 JavaScript chrome privilege escalation</p>
<p>MFSA 2009-31 XUL scripts bypass content-policy checks</p>
<p>MFSA 2009-30 Incorrect principal set for file: resources
loaded via location bar</p>
<p>MFSA 2009-29 Arbitrary code execution using event listeners
attached to an element whose owner document is null</p>
<p>MFSA 2009-28 Race condition while accessing the private data
of a NPObject JS wrapper class object</p>
<p>MFSA 2009-27 SSL tampering via non-200 responses to proxy
CONNECT requests</p>
<p>MFSA 2009-26 Arbitrary domain cookie access by local file:
resources</p>
<p>MFSA 2009-25 URL spoofing with invalid unicode characters</p>
<p>MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-1392</cvename>
<cvename>CVE-2009-1832</cvename>
<cvename>CVE-2009-1833</cvename>
<cvename>CVE-2009-1834</cvename>
<cvename>CVE-2009-1835</cvename>
<cvename>CVE-2009-1836</cvename>
<cvename>CVE-2009-1837</cvename>
<cvename>CVE-2009-1838</cvename>
<cvename>CVE-2009-1839</cvename>
<cvename>CVE-2009-1840</cvename>
<cvename>CVE-2009-1841</cvename>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-24.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-25.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-26.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-27.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-28.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-29.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-30.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-31.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-32.html</url>
<url>http://secunia.com/advisories/35331/</url>
</references>
<dates>
<discovery>2009-06-11</discovery>
<entry>2009-06-12</entry>
<modified>2009-12-12</modified>
</dates>
</vuln>
<vuln vid="eb9212f7-526b-11de-bbf2-001b77d09812">
<topic>apr -- multiple vulnerabilities</topic>
<affects>
<package>
<name>apr</name>
<range><lt>1.3.5.1.3.7</lt></range>
</package>
<package>
<name>apache</name>
<range><ge>2.2.0</ge><lt>2.2.11_5</lt></range>
<range><ge>2.0.0</ge><lt>2.0.63_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/35284/">
<p>Some vulnerabilities have been reported in APR-util, which
can be exploited by malicious users and malicious people to
cause a DoS (Denial of Service).</p>
<p>A vulnerability is caused due to an error in the processing
of XML files and can be exploited to exhaust all available
memory via a specially crafted XML file containing a
predefined entity inside an entity definition.</p>
<p>A vulnerability is caused due to an error within the
"apr_strmatch_precompile()" function in
strmatch/apr_strmatch.c, which can be exploited to crash an
application using the library.</p>
</blockquote>
<p>RedHat reports:</p>
<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=3D504390">
<p>A single NULL byte buffer overflow flaw was found in
apr-util's apr_brigade_vprintf() function.</p>
</blockquote>
</body>
</description>
<references>
<bid>35221</bid>
<cvename>CVE-2009-1955</cvename>
<cvename>CVE-2009-1956</cvename>
<cvename>CVE-2009-0023</cvename>
<url>http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3</url>
<url>http://secunia.com/advisories/35284/</url>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=3D504390</url>
</references>
<dates>
<discovery>2009-06-05</discovery>
<entry>2009-06-08</entry>
</dates>
</vuln>
<vuln vid="4f838b74-50a1-11de-b01f-001c2514716c">
<topic>dokuwiki -- Local File Inclusion with register_globals on</topic>
<affects>
<package>
<name>dokuwiki</name>
<range><lt>20090214_2</lt></range>
</package>
<package>
<name>dokuwiki-devel</name>
<range><gt>0</gt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>DokuWiki reports:</p>
<blockquote cite="http://bugs.splitbrain.org/index.php?do=details&amp;task_id=1700">
<p>A security hole was discovered which allows an attacker
to include arbitrary files located on the attacked DokuWiki
installation. The included file is executed in the PHP context.
This can be escalated by introducing malicious code through
uploading file via the media manager or placing PHP code in
editable pages.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-1960</cvename>
<url>http://bugs.splitbrain.org/index.php?do=details&amp;task_id=1700</url>
</references>
<dates>
<discovery>2009-05-26</discovery>
<entry>2009-06-04</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="82b55df8-4d5a-11de-8811-0030843d3802">
<topic>openssl -- denial of service in DTLS implementation</topic>
<affects>
<package>
<name>openssl</name>
<range><ge>0.9.8</ge><lt>0.9.8k_1</lt></range>
</package>
<package>
<name>linux-f10-openssl</name>
<range><ge>0.9.8f</ge><lt>0.9.8m</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/35128/">
<p>Some vulnerabilities have been reported in OpenSSL, which can be
exploited by malicious people to cause a DoS.</p>
<p>The library does not limit the number of buffered DTLS records with
a future epoch. This can be exploited to exhaust all available memory
via specially crafted DTLS packets.</p>
<p>An error when processing DTLS messages can be exploited to exhaust
all available memory by sending a large number of out of sequence
handshake messages.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-1377</cvename>
<cvename>CVE-2009-1378</cvename>
<url>http://secunia.com/advisories/35128/</url>
</references>
<dates>
<discovery>2009-05-18</discovery>
<entry>2009-05-30</entry>
<modified>2014-04-10</modified>
</dates>
</vuln>
<vuln vid="399f4cd7-4d59-11de-8811-0030843d3802">
<topic>eggdrop -- denial of service vulnerability</topic>
<affects>
<package>
<name>eggdrop</name>
<range><lt>1.6.19_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/35104/">
<p>The vulnerability is caused due to an error in the processing of
private messages within the server module
(/mod/server.mod/servrmsg.c). This can be exploited to cause a
crash by sending a specially crafted message to the bot.</p>
</blockquote>
</body>
</description>
<references>
<bid>34985</bid>
<cvename>CVE-2009-1789</cvename>
<url>http://www.eggheads.org/news/2009/05/14/35</url>
<url>http://secunia.com/advisories/35104/</url>
</references>
<dates>
<discovery>2009-05-15</discovery>
<entry>2009-05-30</entry>
</dates>
</vuln>
<vuln vid="a2d4a330-4d54-11de-8811-0030843d3802">
<topic>wireshark -- PCNFSD Dissector Denial of Service Vulnerability</topic>
<affects>
<package>
<name>ethereal</name>
<name>ethereal-lite</name>
<name>tethereal</name>
<name>tethereal-lite</name>
<name>wireshark</name>
<name>wireshark-lite</name>
<range><lt>1.0.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/35201/">
<p>A vulnerability has been reported in Wireshark, which can be
exploited by malicious people to cause a DoS.</p>
<p>The vulnerability is caused due to an error in the PCNFSD dissector
and can be exploited to cause a crash via a specially crafted PCNFSD
packet.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-1829</cvename>
<url>http://secunia.com/advisories/35201/</url>
<url>http://www.wireshark.org/security/wnpa-sec-2009-03.html</url>
</references>
<dates>
<discovery>2009-05-21</discovery>
<entry>2009-05-30</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="6355efdb-4d4d-11de-8811-0030843d3802">
<topic>libsndfile -- multiple vulnerabilities</topic>
<affects>
<package>
<name>libsndfile</name>
<range><lt>1.0.20</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/35076/">
<p>Two vulnerabilities have been reported in libsndfile, which can be
exploited by malicious people to compromise an application using the
library.</p>
<p>A boundary error exists within the "voc_read_header()" function in
src/voc.c. This can be exploited to cause a heap-based buffer overflow
via a specially crafted VOC file.</p>
<p>A boundary error exists within the "aiff_read_header()" function in
src/aiff.c. This can be exploited to cause a heap-based buffer overflow
via a specially crafted AIFF file.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-1788</cvename>
<cvename>CVE-2009-1791</cvename>
<url>http://secunia.com/advisories/35076/</url>
<url>http://www.trapkit.de/advisories/TKADV2009-006.txt</url>
</references>
<dates>
<discovery>2009-05-15</discovery>
<entry>2009-05-30</entry>
</dates>
</vuln>
<vuln vid="80f13884-4d4c-11de-8811-0030843d3802">
<topic>slim -- local disclosure of X authority magic cookie</topic>
<affects>
<package>
<name>slim</name>
<range><lt>1.3.1_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/35132/">
<p>A security issue has been reported in SLiM, which can be
exploited by malicious, local users to disclose sensitive
information.</p>
<p>The security issue is caused due to the application
generating the X authority file by passing the X authority
cookie via the command line to "xauth". This can be exploited
to disclose the X authority cookie by consulting the process
list and e.g. gain access the user's display.</p>
</blockquote>
</body>
</description>
<references>
<bid>35015</bid>
<cvename>CVE-2009-1756</cvename>
<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306</url>
</references>
<dates>
<discovery>2009-05-20</discovery>
<entry>2009-05-30</entry>
</dates>
</vuln>
<vuln vid="4175c811-f690-4898-87c5-755b3cf1bac6">
<topic>ntp -- stack-based buffer overflow</topic>
<affects>
<package>
<name>ntp</name>
<range><lt>4.2.4p7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>US-CERT reports:</p>
<blockquote cite="http://www.kb.cert.org/vuls/id/853097">
<p>ntpd contains a stack buffer overflow which may allow a remote
unauthenticated attacker to execute arbitrary code on a vulnerable
system or create a denial of service.</p>
</blockquote>
</body>
</description>
<references>
<bid>35017</bid>
<cvename>CVE-2009-0159</cvename>
<cvename>CVE-2009-1252</cvename>
<url>http://www.kb.cert.org/vuls/id/853097</url>
</references>
<dates>
<discovery>2009-05-06</discovery>
<entry>2009-05-20</entry>
</dates>
</vuln>
<vuln vid="5ed2f96b-33b7-4863-8c6b-540d22344424">
<topic>imap-uw -- University of Washington IMAP c-client Remote Format String Vulnerability</topic>
<affects>
<package>
<name>imap-uw</name>
<range><lt>2007e</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/33795">
<p>University of Washington IMAP c-client is prone to a remote
format-string vulnerability because the software fails to adequately
sanitize user-supplied input before passing it as the
format-specifier to a formatted-printing function.</p>
</blockquote>
</body>
</description>
<references>
<bid>33795</bid>
</references>
<dates>
<discovery>2009-02-17</discovery>
<entry>2009-05-21</entry>
<modified>2009-05-22</modified>
</dates>
</vuln>
<vuln vid="37a8603d-4494-11de-bea7-000c29a67389">
<topic>nsd -- buffer overflow vulnerability</topic>
<affects>
<package>
<name>nsd</name>
<range><lt>3.2.2</lt></range>
</package>
<package>
<name>nsd2</name>
<range><lt>2.3.7_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>NLnet Labs:</p>
<blockquote cite="http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html">
<p>A one-byte buffer overflow has been reported in NSD. The
problem affects all versions 2.0.0 to 3.2.1. The bug allows
a carefully crafted exploit to bring down your DNS server. It
is highly unlikely that this one byte overflow can lead to
other (system) exploits.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-1755</cvename>
<url>http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html</url>
</references>
<dates>
<discovery>2009-05-19</discovery>
<entry>2009-05-19</entry>
<modified>2009-05-22</modified>
</dates>
</vuln>
<vuln vid="48e14d86-42f1-11de-ad22-000e35248ad7">
<topic>libxine -- multiple vulnerabilities</topic>
<affects>
<package>
<name>libxine</name>
<range><lt>1.1.16.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>xine developers report:</p>
<blockquote cite="http://sourceforge.net/project/shownotes.php?group_id=9655&amp;release_id=673233">
<ul>
<li>Fix another possible int overflow in the 4XM demuxer.
(ref. TKADV2009-004, CVE-2009-0385)</li>
<li>Fix an integer overflow in the Quicktime demuxer.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0385</cvename>
<cvename>CVE-2009-1274</cvename>
<url>http://trapkit.de/advisories/TKADV2009-004.txt</url>
<url>http://trapkit.de/advisories/TKADV2009-005.txt</url>
<url>http://sourceforge.net/project/shownotes.php?release_id=660071</url>
</references>
<dates>
<discovery>2009-04-04</discovery>
<entry>2009-05-17</entry>
</dates>
</vuln>
<vuln vid="51d1d428-42f0-11de-ad22-000e35248ad7">
<topic>libxine -- multiple vulnerabilities</topic>
<affects>
<package>
<name>libxine</name>
<range><lt>1.1.16.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Multiple vulnerabilities were fixed in libxine 1.1.16.2.</p>
<p>Tobias Klein reports:</p>
<blockquote cite="http://trapkit.de/advisories/TKADV2009-004.txt">
<p>FFmpeg contains a type conversion vulnerability while
parsing malformed 4X movie files. The vulnerability may be
exploited by a (remote) attacker to execute arbitrary code in
the context of FFmpeg or an application using the FFmpeg
library.</p>
<p>Note: A similar issue also affects xine-lib &lt; version
1.1.16.2.</p>
</blockquote>
<p>xine developers report:</p>
<blockquote cite="http://sourceforge.net/project/shownotes.php?group_id=9655&amp;release_id=660071">
<ul>
<li>Fix broken size checks in various input plugins (ref.
CVE-2008-5239).</li>
<li>More malloc checking (ref. CVE-2008-5240).</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0698</cvename>
<cvename>CVE-2008-5234</cvename>
<cvename>CVE-2008-5240</cvename>
<url>http://trapkit.de/advisories/TKADV2009-004.txt</url>
<url>http://sourceforge.net/project/shownotes.php?release_id=660071</url>
</references>
<dates>
<discovery>2009-02-15</discovery>
<entry>2009-05-17</entry>
</dates>
</vuln>
<vuln vid="1e8031be-4258-11de-b67a-0030843d3802">
<topic>php -- ini database truncation inside dba_replace() function</topic>
<affects>
<package>
<name>php4-dba</name>
<range><lt>4.4.9_1</lt></range>
</package>
<package>
<name>php5-dba</name>
<range><lt>5.2.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>securityfocus research reports:</p>
<blockquote cite="http://www.securityfocus.com/archive/1/498746/30/0/threaded">
<p>A bug that leads to the emptying of the INI file contents if
the database key was not found exists in PHP dba extension in
versions 5.2.6, 4.4.9 and earlier.</p>
<p>Function dba_replace() are not filtering strings key and value.
There is a possibility for the destruction of the file.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-7068</cvename>
<url>http://www.securityfocus.com/archive/1/498746/30/0/threaded</url>
<url>http://securityreason.com/achievement_securityalert/58</url>
</references>
<dates>
<discovery>2008-11-28</discovery>
<entry>2009-05-16</entry>
<modified>2013-06-16</modified>
</dates>
</vuln>
<vuln vid="6a245f31-4254-11de-b67a-0030843d3802">
<topic>libwmf -- embedded GD library Use-After-Free vulnerability</topic>
<affects>
<package>
<name>libwmf</name>
<range><lt>0.2.8.4_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/34901">
<p>A vulnerability has been reported in libwmf, which can be exploited
by malicious people to cause a DoS (Denial of Service) or compromise
an application using the library.</p>
<p>The vulnerability is caused due to a use-after-free error within the
embedded GD library, which can be exploited to cause a crash or
potentially to execute arbitrary code via a specially crafted WMF
file.</p>
</blockquote>
</body>
</description>
<references>
<bid>34792</bid>
<cvename>CVE-2009-1364</cvename>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=496864</url>
<url>https://rhn.redhat.com/errata/RHSA-2009-0457.html</url>
<url>http://secunia.com/advisories/34901/</url>
</references>
<dates>
<discovery>2009-05-05</discovery>
<entry>2009-05-16</entry>
</dates>
</vuln>
<vuln vid="48aab1d0-4252-11de-b67a-0030843d3802">
<topic>libwmf -- integer overflow vulnerability</topic>
<affects>
<package>
<name>libwmf</name>
<range><lt>0.2.8.4_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/20921">
<p>infamous41md has reported a vulnerability in libwmf, which
potentially can be exploited by malicious people to compromise an
application using the vulnerable library.</p>
<p>The vulnerability is caused due to an integer overflow error when
allocating memory based on a value taken directly from a WMF file
without performing any checks. This can be exploited to cause a
heap-based buffer overflow when a specially crafted WMF file is
processed.</p>
</blockquote>
</body>
</description>
<references>
<bid>18751</bid>
<cvename>CVE-2006-3376</cvename>
<url>http://secunia.com/advisories/20921/</url>
</references>
<dates>
<discovery>2006-07-03</discovery>
<entry>2009-05-16</entry>
</dates>
</vuln>
<vuln vid="bfe218a5-4218-11de-b67a-0030843d3802">
<topic>moinmoin -- cross-site scripting vulnerabilities</topic>
<affects>
<package>
<name>moinmoin</name>
<range><lt>1.8.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/34821/">
<p>Input passed via multiple parameters to action/AttachFile.py is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in the context of an affected site.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-1482</cvename>
<url>http://secunia.com/advisories/34821/</url>
<url>http://moinmo.in/SecurityFixes</url>
</references>
<dates>
<discovery>2009-04-21</discovery>
<entry>2009-05-16</entry>
</dates>
</vuln>
<vuln vid="4a638895-41b7-11de-b1cc-00219b0fc4d8">
<topic>mod_perl -- cross-site scripting</topic>
<affects>
<package>
<name>mod_perl</name>
<range><lt>1.31</lt></range>
</package>
<package>
<name>mod_perl2</name>
<range><lt>2.05</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/3459796">
<p>Certain input passed to the "Apache::Status" and "Apache2::Status"
modules is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected website.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0796</cvename>
<url>http://secunia.com/advisories/34597</url>
</references>
<dates>
<discovery>2009-02-28</discovery>
<entry>2009-05-16</entry>
<modified>2009-05-16</modified>
</dates>
</vuln>
<vuln vid="a6605f4b-4067-11de-b444-001372fd0af2">
<topic>drupal -- cross-site scripting</topic>
<affects>
<package>
<name>drupal5</name>
<range><lt>5.18</lt></range>
</package>
<package>
<name>drupal6</name>
<range><lt>6.12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Drupal Security Team reports:</p>
<blockquote cite="http://drupal.org/node/461886">
<p>When outputting user-supplied data Drupal strips potentially
dangerous HTML attributes and tags or escapes characters which
have a special meaning in HTML. This output filtering secures the
site against cross site scripting attacks via user input.</p>
<p>Certain byte sequences that are valid in the UTF-8 specification
are potentially dangerous when interpreted as UTF-7. Internet
Explorer 6 and 7 may decode these characters as UTF-7 if they
appear before the &lt;meta http-equiv="Content-Type" /&gt; tag that
specifies the page content as UTF-8, despite the fact that Drupal
also sends a real HTTP header specifying the content as UTF-8.
This enables attackers to execute cross site scripting attacks
with UTF-7. SA-CORE-2009-005 - Drupal core - Cross site scripting
contained an incomplete fix for the issue. HTML exports of books
are still vulnerable, which means that anyone with edit
permissions for pages in outlines is able to insert arbitrary HTML
and script code in these exports.</p>
<p>Additionally, the taxonomy module allows users with the
'administer taxonomy' permission to inject arbitrary HTML and
script code in the help text of any vocabulary.</p>
</blockquote>
</body>
</description>
<references>
<url>http://drupal.org/node/461886</url>
<url>http://secunia.com/advisories/35045</url>
</references>
<dates>
<discovery>2009-05-13</discovery>
<entry>2009-05-14</entry>
<modified>2009-05-16</modified>
</dates>
</vuln>
<vuln vid="14ab174c-40ef-11de-9fd5-001bd3385381">
<topic>cyrus-sasl -- buffer overflow vulnerability</topic>
<affects>
<package>
<name>cyrus-sasl</name>
<range><lt>2.1.23</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>US-CERT reports:</p>
<blockquote cite="http://www.kb.cert.org/vuls/id/238019">
<p>The sasl_encode64() function converts a string into
base64. The Cyrus SASL library contains buffer overflows
that occur because of unsafe use of the sasl_encode64()
function.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0688</cvename>
<url>http://www.kb.cert.org/vuls/id/238019</url>
</references>
<dates>
<discovery>2009-04-08</discovery>
<entry>2009-05-15</entry>
</dates>
</vuln>
<vuln vid="fc4d0ae8-3fa3-11de-a3fd-0030843d3802">
<topic>moinmoin -- multiple cross site scripting vulnerabilities</topic>
<affects>
<package>
<name>moinmoin</name>
<range><lt>1.8.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33593/">
<p>Some vulnerabilities have been reported in MoinMoin, which can be
exploited by malicious people to conduct cross-site scripting attacks.</p>
<p>Input passed to multiple parameters in action/AttachFile.py is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in the context of an affected site.</p>
<p>Certain input passed to security/antispam.py is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
the context of an affected site.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0260</cvename>
<cvename>CVE-2009-0312</cvename>
<url>http://moinmo.in/SecurityFixes</url>
<url>http://secunia.com/advisories/33593</url>
</references>
<dates>
<discovery>2009-01-21</discovery>
<entry>2009-05-13</entry>
</dates>
</vuln>
<vuln vid="f0f97b94-3f95-11de-a3fd-0030843d3802">
<topic>ghostscript -- buffer overflow vulnerability</topic>
<affects>
<package>
<name>ghostscript8</name>
<name>ghostscript8-nox11</name>
<range><lt>8.64</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/34340/discuss">
<p>Ghostscript is prone to a remote buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied input before
copying it into a finite-sized buffer.</p>
<p>Exploiting this issue allows remote attackers to overwrite a
sensitive memory buffer with arbitrary data, potentially allowing them
to execute malicious machine code in the context of the affected
application. This vulnerability may facilitate the compromise of
affected computers.</p>
</blockquote>
</body>
</description>
<references>
<bid>34340</bid>
<cvename>CVE-2008-6679</cvename>
</references>
<dates>
<discovery>2009-02-03</discovery>
<entry>2009-05-13</entry>
</dates>
</vuln>
<vuln vid="4b172278-3f46-11de-becb-001cc0377035">
<topic>pango -- integer overflow</topic>
<affects>
<package>
<name>pango</name>
<name>linux-pango</name>
<name>linux-f8-pango</name>
<name>linux-f10-pango</name>
<range><lt>1.24</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>oCERT reports:</p>
<blockquote cite="http://www.ocert.org/advisories/ocert-2009-001.html">
<p>Pango suffers from a multiplicative integer overflow which
may lead to a potentially exploitable, heap overflow depending
on the calling conditions.</p>
<p>For example, this vulnerability is remotely reachable in Firefox
by creating an overly large document.location value but only results
in a process-terminating, allocation error (denial of service).</p>
<p>The affected function is pango_glyph_string_set_size. An overflow
check when doubling the size neglects the overflow possible on the
subsequent allocation.</p>
</blockquote>
</body>
</description>
<references>
<bid>34870</bid>
<cvename>CVE-2009-1194</cvename>
<url>http://secunia.com/advisories/35021/</url>
</references>
<dates>
<discovery>2009-02-22</discovery>
<entry>2009-05-13</entry>
<modified>2009-10-01</modified>
</dates>
</vuln>
<vuln vid="defce068-39aa-11de-a493-001b77d09812">
<topic>wireshark -- multiple vulnerabilities</topic>
<affects>
<package>
<name>ethereal</name>
<name>ethereal-lite</name>
<name>tethereal</name>
<name>tethereal-lite</name>
<name>wireshark</name>
<name>wireshark-lite</name>
<range><lt>1.0.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Wireshark team reports:</p>
<blockquote cite="http://www.wireshark.org/security/wnpa-sec-2009-02.html">
<p>Wireshark 1.0.7 fixes the following vulnerabilities:</p>
<ul>
<li>The PROFINET dissector was vulnerable to a format
string overflow. (Bug 3382) Versions affected: 0.99.6 to
1.0.6, CVE-2009-1210.</li>
<li>The Check Point High-Availability Protocol (CPHAP)
dissector could crash. (Bug 3269) Versions affected: 0.9.6
to 1.0.6; CVE-2009-1268.</li>
<li>Wireshark could crash while loading a Tektronix .rf5
file. (Bug 3366) Versions affected: 0.99.6 to 1.0.6,
CVE-2009-1269.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<bid>34291</bid>
<bid>34457</bid>
<cvename>CVE-2009-1210</cvename>
<cvename>CVE-2009-1268</cvename>
<cvename>CVE-2009-1269</cvename>
<url>http://www.wireshark.org/security/wnpa-sec-2009-02.html</url>
<url>http://secunia.com/advisories/34542</url>
</references>
<dates>
<discovery>2009-04-06</discovery>
<entry>2009-05-09</entry>
<modified>2009-05-13</modified>
</dates>
</vuln>
<vuln vid="736e55bc-39bb-11de-a493-001b77d09812">
<topic>cups -- remote code execution and DNS rebinding</topic>
<affects>
<package>
<name>cups-base</name>
<range><lt>1.3.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gentoo security team summarizes:</p>
<blockquote cite="http://www.gentoo.org/security/en/glsa/glsa-200904-20.xml">
<p>The following issues were reported in CUPS:</p>
<ul>
<li>iDefense reported an integer overflow in the
_cupsImageReadTIFF() function in the "imagetops" filter,
leading to a heap-based buffer overflow (CVE-2009-0163).</li>
<li>Aaron Siegel of Apple Product Security reported that the
CUPS web interface does not verify the content of the "Host"
HTTP header properly (CVE-2009-0164).</li>
<li>Braden Thomas and Drew Yao of Apple Product Security
reported that CUPS is vulnerable to CVE-2009-0146,
CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and
poppler.</li>
</ul>
<p>A remote attacker might send or entice a user to send a
specially crafted print job to CUPS, possibly resulting in the
execution of arbitrary code with the privileges of the
configured CUPS user -- by default this is "lp", or a Denial
of Service. Furthermore, the web interface could be used to
conduct DNS rebinding attacks.</p>
</blockquote>
</body>
</description>
<references>
<bid>34571</bid>
<bid>34665</bid>
<bid>34568</bid>
<cvename>CVE-2009-0163</cvename>
<cvename>CVE-2009-0164</cvename>
<cvename>CVE-2009-0146</cvename>
<cvename>CVE-2009-0147</cvename>
<cvename>CVE-2009-0166</cvename>
<url>http://www.cups.org/articles.php?L582</url>
</references>
<dates>
<discovery>2009-05-05</discovery>
<entry>2009-05-07</entry>
<modified>2009-05-13</modified>
</dates>
</vuln>
<vuln vid="fbc8413f-2f7a-11de-9a3f-001b77d09812">
<topic>FreeBSD -- remotely exploitable crash in OpenSSL</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>6.3</ge><lt>6.3_10</lt></range>
<range><ge>6.4</ge><lt>6.4_4</lt></range>
<range><ge>7.0</ge><lt>7.0_12</lt></range>
<range><ge>7.1</ge><lt>7.1_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description</h1>
<p>The function ASN1_STRING_print_ex does not properly validate
the lengths of BMPString or UniversalString objects before
attempting to print them.</p>
<h1>Impact</h1>
<p>An application which attempts to print a BMPString or
UniversalString which has an invalid length will crash as a
result of OpenSSL accessing invalid memory locations. This
could be used by an attacker to crash a remote application.</p>
<h1>Workaround</h1>
<p>No workaround is available, but applications which do not use
the ASN1_STRING_print_ex function (either directly or indirectly)
are not affected.</p>
</body>
</description>
<references>
<freebsdsa>SA-09:08.openssl</freebsdsa>
<cvename>CVE-2009-0590</cvename>
</references>
<dates>
<discovery>2009-03-25</discovery>
<entry>2009-05-07</entry>
<modified>2009-05-13</modified>
</dates>
</vuln>
<vuln vid="2748fdde-3a3c-11de-bbc5-00e0815b8da8">
<topic>quagga -- Denial of Service</topic>
<affects>
<package>
<name>quagga</name>
<range><lt>0.99.11_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Debian Security Team reports:</p>
<blockquote cite="http://www.securityfocus.com/archive/1/503220">
<p>It was discovered that Quagga, an IP routing daemon, could
no longer process the Internet routing table due to broken
handling of multiple 4-byte AS numbers in an AS path. If such
a prefix is received, the BGP daemon crashes with an assert
failure leading to a denial of service.</p>
</blockquote>
</body>
</description>
<references>
<bid>34656</bid>
<mlist msgid="Pine.LNX.4.64.0904301931590.24373@nacho.alt.net">http://lists.quagga.net/pipermail/quagga-dev/2009-April/006541.html</mlist>
<cvename>CVE-2009-1572</cvename>
</references>
<dates>
<discovery>2009-05-04</discovery>
<entry>2009-05-06</entry>
<modified>2009-05-07</modified>
</dates>
</vuln>
<vuln vid="e3e30d99-58a8-4a3f-8059-a8b7cd59b881">
<topic>openfire -- Openfire No Password Changes Security Bypass</topic>
<affects>
<package>
<name>openfire</name>
<range><lt>3.6.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/34984/">
<p>A vulnerability has been reported in Openfire which can
be exploited by malicious users to bypass certain security
restrictions. The vulnerability is caused due to Openfire
not properly respecting the no password changes setting which
can be exploited to change passwords by sending jabber:iq:auth
passwd_change requests to the server.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-1596</cvename>
<url>http://secunia.com/advisories/34984/</url>
<url>http://www.igniterealtime.org/issues/browse/JM-1532</url>
<url>http://www.igniterealtime.org/community/message/190288#190288</url>
</references>
<dates>
<discovery>2009-05-04</discovery>
<entry>2009-05-04</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="7a1ab8d4-35c1-11de-9672-0030843d3802">
<topic>drupal -- cross site scripting</topic>
<affects>
<package>
<name>drupal5</name>
<range><lt>5.17</lt></range>
</package>
<package>
<name>drupal6</name>
<range><lt>6.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Drupal Security Team reports:</p>
<blockquote cite="http://drupal.org/node/449078">
<p>When outputting user-supplied data Drupal strips potentially
dangerous HTML attributes and tags or escapes characters which have a
special meaning in HTML. This output filtering secures the site
against cross site scripting attacks via user input.</p>
<p>Certain byte sequences that are valid in the UTF-8 specification
are potentially dangerous when interpreted as UTF-7. Internet Explorer
6 and 7 may decode these characters as UTF-7 if they appear before the
meta http-equiv="Content-Type" tag that specifies the page content
as UTF-8, despite the fact that Drupal also sends a real HTTP header
specifying the content as UTF-8. This behaviour enables malicious
users to insert and execute Javascript in the context of the website
if site visitors are allowed to post content.</p>
<p>In addition, Drupal core also has a very limited information
disclosure vulnerability under very specific conditions. If a user is
tricked into visiting the site via a specially crafted URL and then
submits a form (such as the search box) from that page, the
information in their form submission may be directed to a third-party
site determined by the URL and thus disclosed to the third party. The
third party site may then execute a CSRF attack against the submitted
form.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-1575</cvename>
<cvename>CVE-2009-1576</cvename>
<url>http://drupal.org/node/449078</url>
</references>
<dates>
<discovery>2009-04-30</discovery>
<entry>2009-04-30</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="3b18e237-2f15-11de-9672-0030843d3802">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>2.0.0.20_7,1</lt></range>
<range><gt>3.*,1</gt><lt>3.0.9,1</lt></range>
</package>
<package>
<name>linux-firefox</name>
<name>linux-firefox-devel</name>
<range><lt>3.0.9</lt></range>
</package>
<package>
<name>linux-seamonkey-devel</name>
<range><gt>0</gt></range>
</package>
<package>
<name>seamonkey</name>
<name>linux-seamonkey</name>
<range><lt>1.1.17</lt></range>
</package>
<package>
<name>thunderbird</name>
<name>linux-thunderbird</name>
<range><lt>2.0.0.22</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mozilla Foundation reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2009-22: Firefox allows Refresh header to redirect to
javascript: URIs</p>
<p>MFSA 2009-21: POST data sent to wrong site when saving web page
with embedded frame</p>
<p>MFSA 2009-20: Malicious search plugins can inject code into
arbitrary sites</p>
<p>MFSA 2009-19: Same-origin violations in XMLHttpRequest and
XPCNativeWrapper.toString</p>
<p>MFSA 2009-18: XSS hazard using third-party stylesheets and XBL
bindings</p>
<p>MFSA 2009-17: Same-origin violations when Adobe Flash loaded via
view-source: scheme</p>
<p>MFSA 2009-16: jar: scheme ignores the content-disposition: header
on the inner URI</p>
<p>MFSA 2009-15: URL spoofing with box drawing character</p>
<p>MFSA 2009-14 Crashes with evidence of memory corruption
(rv:1.9.0.9)</p>
</blockquote>
</body>
</description>
<references>
<bid>34656</bid>
<cvename>CVE-2009-1303</cvename>
<cvename>CVE-2009-1306</cvename>
<cvename>CVE-2009-1307</cvename>
<cvename>CVE-2009-1308</cvename>
<cvename>CVE-2009-1309</cvename>
<cvename>CVE-2009-1312</cvename>
<cvename>CVE-2009-1311</cvename>
<cvename>CVE-2009-1302</cvename>
<cvename>CVE-2009-1304</cvename>
<cvename>CVE-2009-1305</cvename>
<cvename>CVE-2009-1310</cvename>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-22.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-21.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-20.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-19.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-18.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-17.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-16.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-15.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-14.html</url>
</references>
<dates>
<discovery>2009-04-21</discovery>
<entry>2009-04-22</entry>
<modified>2009-12-12</modified>
</dates>
</vuln>
<vuln vid="50d233d9-374b-46ce-922d-4e6b3f777bef">
<topic>poppler -- Poppler Multiple Vulnerabilities</topic>
<affects>
<package>
<name>poppler</name>
<range><lt>0.10.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite=" http://secunia.com/advisories/34746/">
<p>Some vulnerabilities have been reported in Poppler which can be
exploited by malicious people to potentially compromise an
application using the library.</p>
</blockquote>
</body>
</description>
<references>
<url>http://secunia.com/advisories/34746/</url>
</references>
<dates>
<discovery>2009-04-17</discovery>
<entry>2009-04-18</entry>
</dates>
</vuln>
<vuln vid="a21037d5-2c38-11de-ab3b-0017a4cccfc6">
<topic>xpdf -- multiple vulnerabilities</topic>
<affects>
<package>
<name>xpdf</name>
<range><lt>3.02_11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://www.vupen.com/english/advisories/2009/1065">
<p>Some vulnerabilities have been reported in Xpdf, which can be
exploited by malicious people to potentially compromise a user's
system.</p>
<p>A boundary error exists when decoding JBIG2 symbol dictionary
segments. This can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.</p>
<p>Multiple integer overflows in the JBIG2 decoder can be
exploited to potentially execute arbitrary code.</p>
<p>Multiple boundary errors in the JBIG2 decoder can be
exploited to cause buffer overflows and potentially execute
arbitrary code.</p>
<p>Multiple errors in the JBIG2 decoder can be exploited can be
exploited to free arbitrary memory and potentially execute arbitrary
code.</p>
<p>Multiple unspecified input validation errors in the JBIG2 decoder can
be exploited to potentially execute arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0146</cvename>
<cvename>CVE-2009-0147</cvename>
<cvename>CVE-2009-0166</cvename>
<cvename>CVE-2009-0799</cvename>
<cvename>CVE-2009-0800</cvename>
<cvename>CVE-2009-1179</cvename>
<cvename>CVE-2009-1180</cvename>
<cvename>CVE-2009-1181</cvename>
<cvename>CVE-2009-1182</cvename>
<cvename>CVE-2009-1183</cvename>
<url>http://secunia.com/advisories/34291</url>
<url>http://www.vupen.com/english/advisories/2009/1065</url>
</references>
<dates>
<discovery>2009-04-16</discovery>
<entry>2009-04-18</entry>
<modified>2009-04-18</modified>
</dates>
</vuln>
<vuln vid="20b4f284-2bfc-11de-bdeb-0030843d3802">
<topic>freetype2 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>freetype2</name>
<range><lt>2.3.9_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/34723/">
<p>Some vulnerabilities have been reported in FreeType, which can be
exploited by malicious people to potentially compromise an application
using the library.</p>
<p>An integer overflow error within the "cff_charset_compute_cids()"
function in cff/cffload.c can be exploited to potentially cause a
heap-based buffer overflow via a specially crafted font.</p>
<p>Multiple integer overflow errors within validation functions in
sfnt/ttcmap.c can be exploited to bypass length validations and
potentially cause buffer overflows via specially crafted fonts.</p>
<p>An integer overflow error within the "ft_smooth_render_generic()"
function in smooth/ftsmooth.c can be exploited to potentially cause a
heap-based buffer overflow via a specially crafted font.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0946</cvename>
<url>http://secunia.com/advisories/34723/</url>
</references>
<dates>
<discovery>2009-04-16</discovery>
<entry>2009-04-18</entry>
</dates>
</vuln>
<vuln vid="cf91c1e4-2b6d-11de-931b-00e0815b8da8">
<topic>ejabberd -- cross-site scripting vulnerability</topic>
<affects>
<package>
<name>ejabberd</name>
<range><lt>2.0.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/34133">
<p>The ejabberd application is prone to a cross-site scripting
vulnerability.</p>
<p>An attacker may leverage this issue to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected
site and to steal cookie-based authentication credentials.</p>
</blockquote>
</body>
</description>
<references>
<bid>34133</bid>
<cvename>CVE-2009-0934</cvename>
</references>
<dates>
<discovery>2009-03-16</discovery>
<entry>2009-04-17</entry>
</dates>
</vuln>
<vuln vid="872ae5be-29c0-11de-bdeb-0030843d3802">
<topic>ziproxy -- multiple vulnerability</topic>
<affects>
<package>
<name>ziproxy</name>
<range><lt>2.7.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Ziproxy Developers reports:</p>
<blockquote cite="http://www.kb.cert.org/vuls/id/MAPG-7N9GN8">
<p>Multiple HTTP proxy implementations are prone to an
information-disclosure vulnerability related to the interpretation of
the 'Host' HTTP header. Specifically, this issue occurs when the proxy
makes a forwarding decision based on the 'Host' HTTP header instead of
the destination IP address.</p>
<p>Attackers may exploit this issue to obtain sensitive information
such as internal intranet webpages. Additional attacks may also be
possible.</p>
</blockquote>
</body>
</description>
<references>
<bid>33858</bid>
<cvename>CVE-2009-0804</cvename>
<url>http://www.kb.cert.org/vuls/id/MAPG-7N9GN8</url>
</references>
<dates>
<discovery>2009-02-23</discovery>
<entry>2009-04-15</entry>
</dates>
</vuln>
<vuln vid="1a0e4cc6-29bf-11de-bdeb-0030843d3802">
<topic>phpmyadmin -- insufficient output sanitizing when generating configuration file</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><lt>3.1.3.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>phpMyAdmin Team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php">
<p>Setup script used to generate configuration can be fooled using a
crafted POST request to include arbitrary PHP code in generated
configuration file. Combined with ability to save files on server,
this can allow unauthenticated users to execute arbitrary PHP code.
This issue is on different parameters than PMASA-2009-3 and it was
missed out of our radar because it was not existing in 2.11.x
branch.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-1285</cvename>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php</url>
</references>
<dates>
<discovery>2009-04-14</discovery>
<entry>2009-04-15</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="03d22656-2690-11de-8226-0030843d3802">
<topic>drupal6-cck -- cross-site scripting</topic>
<affects>
<package>
<name>drupal6-cck</name>
<range><lt>2.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Drupal CCK plugin developer reports:</p>
<blockquote cite="http://drupal.org/node/406520">
<p>The Node reference and User reference sub-modules, which
are part of the Content Construction Kit (CCK) project, lets
administrators define node fields that are references to other
nodes or to users. When displaying a node edit form, the
titles of candidate referenced nodes or names of candidate
referenced users are not properly filtered, allowing malicious
users to inject arbitrary code on those pages. Such a cross
site scripting (XSS) attack may lead to a malicious user
gaining full administrative access.</p>
</blockquote>
</body>
</description>
<references>
<bid>34172</bid>
<cvename>CVE-2009-1069</cvename>
<url>http://drupal.org/node/406520</url>
</references>
<dates>
<discovery>2009-03-23</discovery>
<entry>2009-04-11</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="0fe73a4a-1b18-11de-8226-0030843d3802">
<topic>pivot-weblog -- file deletion vulnerability</topic>
<affects>
<package>
<name>pivot-weblog</name>
<range><lt>1.40.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/34302">
<p>A vulnerability has been discovered in Pivot, which can be
exploited by malicious people to delete certain files.</p>
<p>Input passed to the "refkey" parameter in
extensions/bbclone_tools/count.php is not properly sanitised
before being used to delete files. This can be exploited to
delete files with the permissions of the web server via directory
traversal sequences passed within the "refkey" parameter.</p>
<p>NOTE: Users with the "Advanced" user level are able to include and
execute uploaded PHP code via the "pivot_path" parameter in
extensions/bbclone_tools/getkey.php when
extensions/bbclone_tools/hr_conf.php can be deleted.</p>
</blockquote>
</body>
</description>
<references>
<bid>34160</bid>
<url>http://secunia.com/advisories/34302/</url>
</references>
<dates>
<discovery>2009-03-18</discovery>
<entry>2009-03-27</entry>
</dates>
</vuln>
<vuln vid="06f9174f-190f-11de-b2f0-001c2514716c">
<topic>phpmyadmin -- insufficient output sanitizing when generating configuration file</topic>
<affects>
<package>
<name>phpMyAdmin211</name>
<range><lt>2.11.9.5</lt></range>
</package>
<package>
<name>phpMyAdmin</name>
<range><lt>3.1.3.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>phpMyAdmin reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php">
<p>Setup script used to generate configuration can be fooled
using a crafted POST request to include arbitrary PHP code
in generated configuration file.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-1151</cvename>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php</url>
</references>
<dates>
<discovery>2009-03-24</discovery>
<entry>2009-03-25</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="6bb6188c-17b2-11de-ae4d-0030843d3802">
<topic>amarok -- multiple vulnerabilities</topic>
<affects>
<package>
<name>amarok</name>
<range><lt>1.4.10_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33505">
<p>Tobias Klein has reported some vulnerabilities in Amarok, which
potentially can be exploited by malicious people to compromise a
user's system.</p>
<p>Two integer overflow errors exist within the
"Audible::Tag::readTag()" function in
src/metadata/audible/audibletag.cpp. These can be exploited to cause
heap-based buffer overflows via specially crafted Audible Audio
files.</p>
<p>Two errors within the "Audible::Tag::readTag()" function in
src/metadata/audible/audibletag.cpp can be exploited to corrupt
arbitrary memory via specially crafted Audible Audio files.</p>
</blockquote>
</body>
</description>
<references>
<bid>33210</bid>
<cvename>CVE-2009-0135</cvename>
<cvename>CVE-2009-0136</cvename>
<url>http://www.debian.org/security/2009/dsa-1706</url>
<url>http://secunia.com/advisories/33505</url>
</references>
<dates>
<discovery>2009-01-12</discovery>
<entry>2009-03-23</entry>
</dates>
</vuln>
<vuln vid="f6f19735-9245-4918-8a60-87948ebb4907">
<topic>wireshark -- multiple vulnerabilities</topic>
<affects>
<package>
<name>ethereal</name>
<name>ethereal-lite</name>
<name>tethereal</name>
<name>tethereal-lite</name>
<name>wireshark</name>
<name>wireshark-lite</name>
<range><lt>1.0.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Vendor reports:</p>
<blockquote cite="http://www.wireshark.org/security/wnpa-sec-2009-01.html">
<p>On non-Windows systems Wireshark could crash if the HOME
environment variable contained sprintf-style string formatting
characters. Wireshark could crash while reading a malformed
NetScreen snoop file. Wireshark could crash while reading a
Tektronix K12 text capture file.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0599</cvename>
<cvename>CVE-2009-0600</cvename>
<cvename>CVE-2009-0601</cvename>
<url>http://www.wireshark.org/security/wnpa-sec-2009-01.html</url>
</references>
<dates>
<discovery>2009-02-06</discovery>
<entry>2009-03-22</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="72cba7b0-13cd-11de-a964-0030843d3802">
<topic>netatalk -- arbitrary command execution in papd daemon</topic>
<affects>
<package>
<name>netatalk</name>
<range><lt>2.0.3_5,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33227/">
<p>A vulnerability has been reported in Netatalk, which potentially
can be exploited by malicious users to compromise a vulnerable system.</p>
<p>The vulnerability is caused due to the papd daemon improperly
sanitising several received parameters before passing them in a call
to popen(). This can be exploited to execute arbitrary commands via
a specially crafted printing request.</p>
<p>Successful exploitation requires that a printer is configured to
pass arbitrary values as parameters to a piped command.</p>
</blockquote>
</body>
</description>
<references>
<bid>32925</bid>
<cvename>CVE-2008-5718</cvename>
<url>http://secunia.com/advisories/33227/</url>
<url>http://www.openwall.com/lists/oss-security/2009/01/13/3</url>
</references>
<dates>
<discovery>2008-12-19</discovery>
<entry>2009-03-18</entry>
<modified>2009-03-18</modified>
</dates>
</vuln>
<vuln vid="37a365ed-1269-11de-a964-0030843d3802">
<topic>gstreamer-plugins-good -- multiple memory overflows</topic>
<affects>
<package>
<name>gstreamer-plugins-good</name>
<range><ge>0.10.9,3</ge><lt>0.10.12,3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33650/">
<p>Tobias Klein has reported some vulnerabilities in GStreamer Good
Plug-ins, which can potentially be exploited by malicious people to
compromise a vulnerable system.</p>
<p>A boundary error occurs within the "qtdemux_parse_samples()"
function in gst/gtdemux/qtdemux.c when performing QuickTime "ctts"
Atom parsing. This can be exploited to cause a heap-based buffer
overflow via a specially crafted QuickTime media file.</p>
<p>An array indexing error exists in the "qtdemux_parse_samples()"
function in gst/gtdemux/qtdemux.c when performing QuickTime "stss"
Atom parsing. This can be exploited to corrupt memory via a specially
crafted QuickTime media file.</p>
<p>A boundary error occurs within the "qtdemux_parse_samples()"
function in gst/gtdemux/qtdemux.c when performing QuickTime "stts"
Atom parsing. This can be exploited to cause a heap-based buffer
overflow via a specially crafted QuickTime media file.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0386</cvename>
<cvename>CVE-2009-0387</cvename>
<cvename>CVE-2009-0397</cvename>
<url>http://secunia.com/advisories/33650/</url>
<url>http://trapkit.de/advisories/TKADV2009-003.txt</url>
<url>http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html</url>
</references>
<dates>
<discovery>2009-01-22</discovery>
<entry>2009-03-16</entry>
</dates>
</vuln>
<vuln vid="c5af0747-1262-11de-a964-0030843d3802">
<topic>libsndfile -- CAF processing integer overflow vulnerability</topic>
<affects>
<package>
<name>libsndfile</name>
<range><lt>1.0.19</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33980/">
<p>The vulnerability is caused due to an integer overflow error in the
processing of CAF description chunks. This can be exploited to cause a
heap-based buffer overflow by tricking the user into processing a
specially crafted CAF audio file.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0186</cvename>
<url>http://secunia.com/advisories/33980/</url>
</references>
<dates>
<discovery>2009-03-03</discovery>
<entry>2009-03-16</entry>
</dates>
</vuln>
<vuln vid="6733e1bf-125f-11de-a964-0030843d3802">
<topic>ffmpeg -- 4xm processing memory corruption vulnerability</topic>
<affects>
<package>
<name>ffmpeg</name>
<range><lt>2008.07.27_9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33711/">
<p>Tobias Klein has reported a vulnerability in FFmpeg, which
potentially can be exploited by malicious people to compromise an
application using the library.</p>
<p>The vulnerability is caused due to a signedness error within the
"fourxm_read_header()" function in libavformat/4xm.c. This can be
exploited to corrupt arbitrary memory via a specially crafted 4xm
file.</p>
</blockquote>
</body>
</description>
<references>
<bid>33502</bid>
<cvename>CVE-2009-0385</cvename>
<url>http://secunia.com/advisories/33711/</url>
<url>http://trapkit.de/advisories/TKADV2009-004.txt</url>
</references>
<dates>
<discovery>2009-01-28</discovery>
<entry>2009-03-16</entry>
</dates>
</vuln>
<vuln vid="35c0b572-125a-11de-a964-0030843d3802">
<topic>roundcube -- webmail script insertion and php code injection</topic>
<affects>
<package>
<name>roundcube</name>
<range><lt>0.2.1,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33622/">
<p>Some vulnerabilities have been reported in RoundCube Webmail, which
can be exploited by malicious users to compromise a vulnerable system
and by malicious people to conduct script insertion attacks and
compromise a vulnerable system.</p>
<p>The HTML "background" attribute within e.g. HTML emails is not
properly sanitised before being used. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site if a malicious email is viewed.</p>
<p>Input passed via a vCard is not properly sanitised before being
used in a call to "preg_replace()" with the "e" modifier in
program/include/rcube_vcard.php. This can be exploited to inject and
execute arbitrary PHP code by e.g. tricking a user into importing a
malicious vCard file.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0413</cvename>
<url>http://secunia.com/advisories/33622/</url>
<url>http://sourceforge.net/forum/forum.php?forum_id=927958</url>
<url>http://trac.roundcube.net/changeset/2245</url>
<url>http://trac.roundcube.net/ticket/1485689</url>
</references>
<dates>
<discovery>2009-01-21</discovery>
<entry>2009-03-16</entry>
<modified>2009-03-26</modified>
</dates>
</vuln>
<vuln vid="ca0841ff-1254-11de-a964-0030843d3802">
<topic>proftpd -- multiple sql injection vulnerabilities</topic>
<affects>
<package>
<name>proftpd</name>
<name>proftpd-mysql</name>
<range><lt>1.3.2</lt></range>
</package>
<package>
<name>proftpd-devel</name>
<range><le>1.3.20080922</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33842/">
<p>Some vulnerabilities have been reported in ProFTPD, which can be
exploited by malicious people to conduct SQL injection attacks.</p>
<p>The application improperly sets the character encoding prior to
performing SQL queries. This can be exploited to manipulate SQL
queries by injecting arbitrary SQL code in an environment using a
multi-byte character encoding.</p>
<p>An error exists in the "mod_sql" module when processing e.g. user
names containing '%' characters. This can be exploited to bypass input
sanitation routines and manipulate SQL queries by injecting arbitrary
SQL code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0542</cvename>
<cvename>CVE-2009-0543</cvename>
<url>http://secunia.com/advisories/33842/</url>
<url>http://bugs.proftpd.org/show_bug.cgi?id=3173</url>
<url>http://bugs.proftpd.org/show_bug.cgi?id=3124</url>
<url>http://milw0rm.com/exploits/8037</url>
</references>
<dates>
<discovery>2009-02-06</discovery>
<entry>2009-03-16</entry>
</dates>
</vuln>
<vuln vid="03140526-1250-11de-a964-0030843d3802">
<topic>zabbix -- php frontend multiple vulnerabilities</topic>
<affects>
<package>
<name>zabbix</name>
<range><lt>1.6.2_1,1</lt></range>
</package>
<package>
<name>zabbix-agent</name>
<range><lt>1.6.2_1,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/34091/">
<p>Some vulnerabilities have been reported in the ZABBIX PHP frontend,
which can be exploited by malicious people to conduct cross-site
request forgery attacks and malicious users to disclose sensitive
information and compromise a vulnerable system.</p>
<p>Input appended to and passed via the "extlang" parameter to the
"calc_exp2()" function in include/validate.inc.php is not properly
sanitised before being used. This can be exploited to inject and
execute arbitrary PHP code.</p>
<p>The application allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the
requests. This can be exploited to e.g. create users by enticing a
logged in administrator to visit a malicious web page.</p>
<p>Input passed to the "srclang" parameter in locales.php (when "next"
is set to a non-NULL value) is not properly verified before being used
to include files. This can be exploited to include arbitrary files
from local resources via directory traversal attacks and URL-encoded
NULL bytes.</p>
</blockquote>
</body>
</description>
<references>
<url>http://secunia.com/advisories/34091/</url>
<url>http://www.ush.it/team/ush/hack-zabbix_162/adv.txt</url>
</references>
<dates>
<discovery>2009-03-04</discovery>
<entry>2009-03-16</entry>
<modified>2009-03-23</modified>
</dates>
</vuln>
<vuln vid="a2074ac6-124c-11de-a964-0030843d3802">
<topic>php-mbstring -- php mbstring buffer overflow vulnerability</topic>
<affects>
<package>
<name>php4-mbstring</name>
<range><lt>4.4.9</lt></range>
</package>
<package>
<name>php5-mbstring</name>
<range><lt>5.2.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/32948">
<p>PHP is prone to a buffer-overflow vulnerability because it fails to
perform boundary checks before copying user-supplied data to
insufficiently sized memory buffers. The issue affects the 'mbstring'
extension included in the standard distribution.</p>
<p>An attacker can exploit this issue to execute arbitrary machine
code in the context of the affected webserver. Failed exploit attempts
will likely crash the webserver, denying service to legitimate
users.</p>
</blockquote>
</body>
</description>
<references>
<bid>32948</bid>
<cvename>CVE-2008-5557</cvename>
</references>
<dates>
<discovery>2008-12-21</discovery>
<entry>2009-03-16</entry>
</dates>
</vuln>
<vuln vid="4ce3c20b-124b-11de-a964-0030843d3802">
<topic>phppgadmin -- directory traversal with register_globals enabled</topic>
<affects>
<package>
<name>phppgadmin</name>
<range><lt>4.2.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33014">
<p>Dun has discovered a vulnerability in phpPgAdmin, which can be
exploited by malicious people to disclose sensitive information.</p>
<p>Input passed via the "_language" parameter to libraries/lib.inc.php
is not properly sanitised before being used to include files. This can
be exploited to include arbitrary files from local resources via
directory traversal attacks and URL-encoded NULL bytes.</p>
</blockquote>
</body>
</description>
<references>
<bid>32670</bid>
<cvename>CVE-2008-5587</cvename>
<url>http://secunia.com/advisories/33014</url>
</references>
<dates>
<discovery>2008-12-08</discovery>
<entry>2009-03-16</entry>
</dates>
</vuln>
<vuln vid="8c5205b4-11a0-11de-a964-0030843d3802">
<topic>opera -- multiple vulnerabilities</topic>
<affects>
<package>
<name>opera</name>
<name>linux-opera</name>
<range><lt>9.64</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Opera Team reports:</p>
<blockquote cite="http://www.opera.com/docs/changelogs/freebsd/964/">
<p>An unspecified error in the processing of JPEG images can be
exploited to trigger a memory corruption.</p>
<p>An error can be exploited to execute arbitrary script code in a
different domain via unspecified plugins.</p>
<p>An unspecified error has a "moderately severe" impact. No further
information is available.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0914</cvename>
<cvename>CVE-2009-0915</cvename>
<url>http://www.opera.com/docs/changelogs/freebsd/964/</url>
<url>http://secunia.com/advisories/34135/</url>
</references>
<dates>
<discovery>2009-03-15</discovery>
<entry>2009-03-15</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="e848a92f-0e7d-11de-92de-000bcdc1757a">
<topic>epiphany -- untrusted search path vulnerability</topic>
<affects>
<package>
<name>epiphany</name>
<range><lt>2.24.2.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>CVE Mitre reports:</p>
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5985">
<p>Untrusted search path vulnerability in the Python interface in
Epiphany 2.22.3, and possibly other versions, allows local users to
execute arbitrary code via a Trojan horse Python file in the current
working directory, related to a vulnerability in the PySys_SetArgv
function (CVE-2008-5983).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-5985</cvename>
<cvename>CVE-2008-5983</cvename>
</references>
<dates>
<discovery>2009-01-26</discovery>
<entry>2009-03-11</entry>
</dates>
</vuln>
<vuln vid="f1892066-0e74-11de-92de-000bcdc1757a">
<topic>apache -- Cross-site scripting vulnerability</topic>
<affects>
<package>
<name>apache</name>
<range><gt>2.2.0</gt><lt>2.2.9_2</lt></range>
<range><gt>2.0.0</gt><lt>2.0.63_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>CVE Mitre reports:</p>
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">
<p>Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the
mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c
in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,
allows remote attackers to inject arbitrary web script or HTML via a
wildcard in the last directory component in the pathname in an FTP
URI.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-2939</cvename>
<url>http://www.rapid7.com/advisories/R7-0033.jsp</url>
</references>
<dates>
<discovery>2008-07-25</discovery>
<entry>2009-03-11</entry>
</dates>
</vuln>
<vuln vid="ea2411a4-08e8-11de-b88a-0022157515b2">
<topic>pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability</topic>
<affects>
<package>
<name>pngcrush</name>
<range><lt>1.6.14</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33976/">
<p>A vulnerability has been reported in Pngcrush, which
can be exploited by malicious people to potentially
compromise a user's system.</p>
<p>The vulnerability is caused due to the use of vulnerable
libpng code.</p>
</blockquote>
</body>
</description>
<references>
<bid>33827</bid>
<cvename>CVE-2009-0040</cvename>
<url>http://secunia.com/advisories/33976</url>
<url>http://xforce.iss.net/xforce/xfdb/48819</url>
</references>
<dates>
<discovery>2009-02-19</discovery>
<entry>2009-03-04</entry>
</dates>
</vuln>
<vuln vid="5d433534-f41c-402e-ade5-e0a2259a7cb6">
<topic>curl -- cURL/libcURL Location: Redirect URLs Security Bypass</topic>
<affects>
<package>
<name>curl</name>
<range><ge>5.11</ge><lt>7.19.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/34138/">
<p>The security issue is caused due to cURL following HTTP Location:
redirects to e.g. scp:// or file:// URLs which can be exploited
by a malicious HTTP server to overwrite or disclose the content of
arbitrary local files and potentially execute arbitrary commands via
specially crafted redirect URLs.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0037</cvename>
<url>http://secunia.com/advisories/34138/</url>
</references>
<dates>
<discovery>2009-03-03</discovery>
<entry>2009-03-04</entry>
</dates>
</vuln>
<vuln vid="cf495fd4-fdcd-11dd-9a86-0050568452ac">
<topic>Zend Framework -- Local File Inclusion vulnerability in Zend_View::render()</topic>
<affects>
<package>
<name>ZendFramework</name>
<range><lt>1.7.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Matthew Weier O'Phinney reports:</p>
<blockquote cite="http://weierophinney.net/matthew/archives/206-Zend-Framework-1.7.5-Released-Important-Note-Regarding-Zend_View.html">
<p>A potential Local File Inclusion (LFI) vulnerability exists in
the Zend_View::render() method. If user input is used to
specify the script path, then it is possible to trigger the
LFI.</p>
<p>Note that Zend Framework applications that never call the
Zend_View::render() method with a user-supplied parameter are
not affected by this vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<url>http://framework.zend.com/issues/browse/ZF-5748</url>
</references>
<dates>
<discovery>2009-02-11</discovery>
<entry>2009-02-18</entry>
</dates>
</vuln>
<vuln vid="25eb365c-fd11-11dd-8424-c213de35965d">
<topic>dia -- remote command execution vulnerability</topic>
<affects>
<package>
<name>dia</name>
<range><lt>0.96.1_6,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Security Focus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/33448/">
<p>An attacker could exploit this issue by enticing an
unsuspecting victim to execute the vulnerable
application in a directory containing a malicious
Python file. A successful exploit will allow arbitrary
Python commands to run within the privileges of the currently
logged-in user.</p>
</blockquote>
</body>
</description>
<references>
<bid>33448</bid>
<cvename>CVE-2008-5984</cvename>
<url>http://secunia.com/advisories/33672</url>
</references>
<dates>
<discovery>2009-01-26</discovery>
<entry>2009-02-17</entry>
</dates>
</vuln>
<vuln vid="5a021595-fba9-11dd-86f3-0030843d3802">
<topic>pycrypto -- ARC2 module buffer overflow</topic>
<affects>
<package>
<name>py-pycrypto</name>
<range><lt>2.0.1_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Dwayne C. Litzenberger reports:</p>
<blockquote cite="http://lists.dlitz.net/pipermail/pycrypto/2009q1/000062.html">
<p>pycrypto is exposed to a buffer overflow issue because it fails to
adequately verify user-supplied input. This issue resides in the ARC2
module. This issue can be triggered with specially crafted ARC2 keys
in excess of 128 bytes.</p>
</blockquote>
</body>
</description>
<references>
<url>http://lists.dlitz.net/pipermail/pycrypto/2009q1/000062.html</url>
</references>
<dates>
<discovery>2009-02-06</discovery>
<entry>2009-02-15</entry>
</dates>
</vuln>
<vuln vid="bcee3989-d106-4f60-948f-835375634710">
<topic>varnish -- Varnish HTTP Request Parsing Denial of Service</topic>
<affects>
<package>
<name>varnish</name>
<range><lt>2.0.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/33712">
<p>Varnish is prone to a remote denial-of-service
vulnerability because the application fails to handle
certain HTTP requests.</p>
<p>Successfully exploiting this issue allows remote
attackers to crash the affected application denying further
service to legitimate users.</p>
</blockquote>
</body>
</description>
<references>
<bid>33712</bid>
<url>http://secunia.com/advisories/33852/</url>
<url>http://varnish.projects.linpro.no/wiki/WikiStart</url>
</references>
<dates>
<discovery>2008-10-17</discovery>
<entry>2009-02-14</entry>
<modified>2009-02-15</modified>
</dates>
</vuln>
<vuln vid="78f5606b-f9d1-11dd-b79c-0030843d3802">
<topic>tor -- multiple vulnerabilities</topic>
<affects>
<package>
<name>tor</name>
<range><lt>0.2.0.34</lt></range>
</package>
<package>
<name>tor-devel</name>
<range><lt>0.2.12-alpha</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33880/">
<p>Some vulnerabilities have been reported in Tor, where one has an
unknown impact and others can be exploited by malicious people to
cause a DoS.</p>
<p>An error when running Tor as a directory authority can be exploited
to trigger the execution of an infinite loop.</p>
<p>An unspecified error exists when running on Windows systems prior
to Windows XP. No further information is currently available.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0936</cvename>
<cvename>CVE-2009-0937</cvename>
<cvename>CVE-2009-0938</cvename>
<url>http://secunia.com/advisories/33880/</url>
<url>http://archives.seul.org/or/announce/Feb-2009/msg00000.html</url>
</references>
<dates>
<discovery>2009-02-10</discovery>
<entry>2009-02-13</entry>
<modified>2009-03-20</modified>
</dates>
</vuln>
<vuln vid="8b491182-f842-11dd-94d9-0030843d3802">
<topic>firefox -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>2.0.0.20_3,1</lt></range>
<range><gt>3.*,1</gt><lt>3.0.6,1</lt></range>
</package>
<package>
<name>linux-firefox</name>
<name>linux-firefox-devel</name>
<range><lt>3.0.6</lt></range>
</package>
<package>
<name>linux-seamonkey-devel</name>
<range><gt>0</gt></range>
</package>
<package>
<name>seamonkey</name>
<name>linux-seamonkey</name>
<range><lt>1.1.15</lt></range>
</package>
<package>
<name>thunderbird</name>
<name>linux-thunderbird</name>
<range><lt>2.0.0.21</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mozilla Foundation reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/firefox30.html">
<p>MFSA 2009-06: Directives to not cache pages ignored</p>
<p>MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies</p>
<p>MFSA 2009-04: Chrome privilege escalation via local .desktop
files</p>
<p>MFSA 2009-03: Local file stealing with SessionStore</p>
<p>MFSA 2009-02: XSS using a chrome XBL method and window.eval</p>
<p>MFSA 2009-01: Crashes with evidence of memory corruption (rv:1.9.0.6)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0352</cvename>
<cvename>CVE-2009-0353</cvename>
<cvename>CVE-2009-0354</cvename>
<cvename>CVE-2009-0355</cvename>
<cvename>CVE-2009-0356</cvename>
<cvename>CVE-2009-0357</cvename>
<cvename>CVE-2009-0358</cvename>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-01.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-02.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-03.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-04.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-05.html</url>
<url>http://www.mozilla.org/security/announce/2009/mfsa2009-06.html</url>
<url>http://secunia.com/advisories/33799/</url>
</references>
<dates>
<discovery>2009-02-04</discovery>
<entry>2009-02-11</entry>
<modified>2009-12-12</modified>
</dates>
</vuln>
<vuln vid="83574d5a-f828-11dd-9fdf-0050568452ac">
<topic>codeigniter -- arbitrary script execution in the new Form Validation class</topic>
<affects>
<package>
<name>codeigniter</name>
<range><ge>1.7.0</ge><lt>1.7.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>znirkel reports:</p>
<blockquote cite="http://secunia.com/advisories/33829/">
<p>The eval() function in _reset_post_array crashes when posting
certain data. By passing in carefully-crafted input data, the eval()
function could also execute malicious PHP code.</p>
<p>Note that CodeIgniter applications that either do not use the
new Form Validation class or use the old Validation class are not
affected by this vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<url>http://codeigniter.com/bug_tracker/bug/6068/</url>
</references>
<dates>
<discovery>2008-11-28</discovery>
<entry>2009-02-11</entry>
</dates>
</vuln>
<vuln vid="b07f3254-f83a-11dd-85a4-ea653f0746ab">
<topic>pyblosxom -- atom flavor multiple XML injection vulnerabilities</topic>
<affects>
<package>
<name>pyblosxom</name>
<range><lt>1.5.r3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Security Focus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/33676/">
<p>PyBlosxom is prone to multiple XML-injection
vulnerabilities because the application fails to
properly sanitize user-supplied input before using it
in dynamically generated content.</p>
<p>Attacker-supplied XML and script code would run in the
context of the affected browser, potentially allowing
the attacker to steal cookie-based authentication credentials
or to control how the site is rendered to the user. Other attacks
are also possible.</p>
</blockquote>
</body>
</description>
<references>
<bid>33676</bid>
</references>
<dates>
<discovery>2009-02-09</discovery>
<entry>2009-02-11</entry>
</dates>
</vuln>
<vuln vid="cc47fafe-f823-11dd-94d9-0030843d3802">
<topic>typo3 -- cross-site scripting and information disclosure</topic>
<affects>
<package>
<name>typo3</name>
<range><lt>4.2.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33829/">
<p>Some vulnerabilities have been reported in Typo3, which can be
exploited by malicious people to conduct cross-site scripting attacks
and disclose sensitive information.</p>
<p>Input passed via unspecified fields to the backend user interface
is not properly sanitised before being returned to the user. This can
be exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.</p>
<p>An error in the "jumpUrl" mechanism can be exploited to read
arbitrary files from local resources by disclosing a hash secret used
to restrict file access.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0815</cvename>
<cvename>CVE-2009-0816</cvename>
<url>http://secunia.com/advisories/33829/</url>
<url>http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/</url>
</references>
<dates>
<discovery>2009-02-10</discovery>
<entry>2009-02-11</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="a89b76a7-f6bd-11dd-94d9-0030843d3802">
<topic>amaya -- multiple buffer overflow vulnerabilities</topic>
<affects>
<package>
<name>amaya</name>
<range><gt>0</gt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/32848/">
<p>A boundary error when processing "div" HTML tags can be exploited
to cause a stack-based buffer overflow via an overly long "id"
parameter.</p>
<p>A boundary error exists when processing overly long links. This can
be exploited to cause a stack-based buffer overflow by tricking the
user into e.g. editing a malicious link.</p>
<p>A boundary error when processing e.g. a "bdo" HTML tag having an
overly long "dir" attribute can be exploited to cause a stack-based
buffer overflow.</p>
<p>A boundary error when processing "input" HTML tags can be
exploited to cause a stack-based buffer overflow via an overly long
e.g. "type" attribute.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-5282</cvename>
<cvename>CVE-2009-0323</cvename>
<url>http://secunia.com/advisories/32848/</url>
<url>http://www.bmgsec.com.au/advisory/41/</url>
<url>http://www.bmgsec.com.au/advisory/40/</url>
<url>http://milw0rm.com/exploits/7467</url>
<url>http://www.coresecurity.com/content/amaya-buffer-overflows</url>
</references>
<dates>
<discovery>2008-11-25</discovery>
<entry>2009-02-09</entry>
</dates>
</vuln>
<vuln vid="71597e3e-f6b8-11dd-94d9-0030843d3802">
<topic>websvn -- multiple vulnerabilities</topic>
<affects>
<package>
<name>websvn</name>
<range><lt>2.1.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/32338/">
<p>Some vulnerabilities have been reported in WebSVN, which can be
exploited by malicious users to disclose sensitive information, and by
malicious people to conduct cross-site scripting attacks and
manipulate data.</p>
<p>Input passed in the URL to index.php is not properly sanitised
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.</p>
<p>Input passed to the "rev" parameter in rss.php is not properly
sanitised before being used. This can be exploited to overwrite
arbitrary files via directory traversal attacks.</p>
<p>Access to restricted repositories is not properly enforced, which
can be exploited to disclose potentially sensitive information by
accessing the repository via "listing.php" and using the "compare with
previous" and "show changed files" links.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-5918</cvename>
<cvename>CVE-2008-5919</cvename>
<cvename>CVE-2009-0240</cvename>
<url>http://secunia.com/advisories/32338/</url>
<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512191</url>
<url>http://www.gulftech.org/?node=research&amp;article_id=00132-10202008</url>
</references>
<dates>
<discovery>2008-10-23</discovery>
<entry>2009-02-09</entry>
</dates>
</vuln>
<vuln vid="40774927-f6b4-11dd-94d9-0030843d3802">
<topic>phplist -- local file inclusion vulnerability</topic>
<affects>
<package>
<name>phplist</name>
<range><lt>2.10.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33533/">
<p>Input passed to the "_SERVER[ConfigFile]" parameter in
admin/index.php is not properly verified before being used to include
files. This can be exploited to include arbitrary files from local
resources.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0422</cvename>
<url>http://secunia.com/advisories/33533/</url>
</references>
<dates>
<discovery>2009-01-15</discovery>
<entry>2009-02-09</entry>
</dates>
</vuln>
<vuln vid="9c2460a4-f6b1-11dd-94d9-0030843d3802">
<topic>squid -- remote denial of service vulnerability</topic>
<affects>
<package>
<name>squid</name>
<range><ge>2.7.1</ge><lt>2.7.6</lt></range>
<range><ge>3.0.1</ge><lt>3.0.13</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Squid security advisory 2009:1 reports:</p>
<blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2009_1.txt">
<p>Due to an internal error Squid is vulnerable to a denial
of service attack when processing specially crafted requests.</p>
<p>This problem allows any client to perform a denial of service
attack on the Squid service.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0478</cvename>
<url>http://www.squid-cache.org/Advisories/SQUID-2009_1.txt</url>
<url>http://secunia.com/advisories/33731/</url>
</references>
<dates>
<discovery>2009-02-04</discovery>
<entry>2009-02-09</entry>
<modified>2009-02-10</modified>
</dates>
</vuln>
<vuln vid="653606e9-f6ac-11dd-94d9-0030843d3802">
<topic>typo3 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>typo3</name>
<range><lt>4.2.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33617/">
<p>Some vulnerabilities have been reported in Typo3, which can be
exploited by malicious people to bypass certain security restrictions,
conduct cross-site scripting and session fixation attacks, and
compromise a vulnerable system.</p>
<p>The "Install tool" system extension uses insufficiently random
entropy sources to generate an encryption key, resulting in weak
security.</p>
<p>The authentication library does not properly invalidate supplied
session tokens, which can be exploited to hijack a user's
session.</p>
<p>Certain unspecified input passed to the "Indexed Search Engine"
system extension is not properly sanitised before being used to invoke
commands. This can be exploited to inject and execute arbitrary shell
commands.</p>
<p>Input passed via the name and content of files to the "Indexed Search
Engine" system extension is not properly sanitised before being returned
to the user. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of an affected site.</p>
<p>Certain unspecified input passed to the Workspace module is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.</p>
<p>Note: It is also reported that certain unspecified input passed to
test scripts of the "ADOdb" system extension is not properly sanitised
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected website.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0255</cvename>
<cvename>CVE-2009-0256</cvename>
<cvename>CVE-2009-0257</cvename>
<cvename>CVE-2009-0258</cvename>
<url>http://secunia.com/advisories/33617/</url>
<url>http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/</url>
</references>
<dates>
<discovery>2009-02-07</discovery>
<entry>2009-02-09</entry>
<modified>2013-06-19</modified>
</dates>
</vuln>
<vuln vid="13d6d997-f455-11dd-8516-001b77d09812">
<topic>sudo -- certain authorized users could run commands as any user</topic>
<affects>
<package>
<name>sudo</name>
<range><ge>1.6.9</ge><lt>1.6.9.20</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Todd Miller reports:</p>
<blockquote cite="http://www.gratisoft.us/pipermail/sudo-announce/2009-February/000085.html">
<p>A bug was introduced in Sudo's group matching code in version
1.6.9 when support for matching based on the supplemental group
vector was added. This bug may allow certain users listed in
the sudoers file to run a command as a different user than their
access rule specifies.</p>
</blockquote>
</body>
</description>
<references>
<bid>33517</bid>
<cvename>CVE-2009-0034</cvename>
<mlist msgid="200902041802.n14I2llS024155@core.courtesan.com">http://www.gratisoft.us/pipermail/sudo-announce/2009-February/000085.html</mlist>
</references>
<dates>
<discovery>2009-02-04</discovery>
<entry>2009-02-06</entry>
</dates>
</vuln>
<vuln vid="6d85dc62-f2bd-11dd-9f55-0030843d3802">
<topic>drupal -- multiple vulnerabilities</topic>
<affects>
<package>
<name>drupal5</name>
<range><lt>5.15</lt></range>
</package>
<package>
<name>drupal6</name>
<range><lt>6.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Drupal Team reports:</p>
<blockquote cite="http://drupal.org/node/358957">
<p>The Content Translation module for Drupal 6.x enables users to make
a translation of an existing item of content (a node). In that proces
the existing node's content is copied into the new node's submission
form.</p>
<p>The module contains a flaw that allows a user with the 'translate
content' permission to potentially bypass normal viewing access
restrictions, for example allowing the user to see the content of
unpublished nodes even if they do not have permission to view
unpublished nodes.</p>
<p>When user profile pictures are enabled, the default user profile
validation function will be bypassed, possibly allowing invalid user
names or e-mail addresses to be submitted.</p>
</blockquote>
</body>
</description>
<references>
<url>http://drupal.org/node/358957</url>
<url>http://secunia.com/advisories/33550/</url>
<url>http://secunia.com/advisories/33500/</url>
<url>http://secunia.com/advisories/33542/</url>
</references>
<dates>
<discovery>2009-01-14</discovery>
<entry>2009-02-04</entry>
</dates>
</vuln>
<vuln vid="4a99d61c-f23a-11dd-9f55-0030843d3802">
<topic>perl -- Directory Permissions Race Condition</topic>
<affects>
<package>
<name>perl</name>
<range><ge>5.8.0</ge><lt>5.8.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/14531/">
<p>Paul Szabo has reported a vulnerability in Perl File::Path::rmtree,
which potentially can be exploited by malicious, local users to
gain escalated privileges.</p>
<p>The vulnerability is caused due to a race condition in the way
File::Path::rmtree handles directory permissions when cleaning up
directories. This can be exploited by replacing an existing sub
directory in the directory tree with a symbolic link to an arbitrary
file.</p>
<p>Successful exploitation may allow changing permissions of arbitrary
files, if root uses an application using the vulnerable code to delete
files in a directory having a world-writable sub directory.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2005-0448</cvename>
<url>http://www.ubuntulinux.org/usn/usn-94-1</url>
<url>http://secunia.com/advisories/14531/</url>
</references>
<dates>
<discovery>2005-03-09</discovery>
<entry>2009-02-03</entry>
</dates>
</vuln>
<vuln vid="6a523dba-eeab-11dd-ab4f-0030843d3802">
<topic>moinmoin -- multiple cross site scripting vulnerabilities</topic>
<affects>
<package>
<name>moinmoin</name>
<range><lt>1.8.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33593/">
<p>Input passed to multiple parameters in action/AttachFile.py is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in the context of an affected site.</p>
<p>Certain input passed to security/antispam.py is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
the context of an affected site.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0260</cvename>
<cvename>CVE-2009-0312</cvename>
<url>http://secunia.com/advisories/33593/</url>
<url>http://hg.moinmo.in/moin/1.8/file/c76d50dac855</url>
<url>http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad</url>
<url>http://moinmo.in/SecurityFixes#moin1.8.1</url>
</references>
<dates>
<discovery>2009-01-21</discovery>
<entry>2009-01-30</entry>
</dates>
</vuln>
<vuln vid="b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e">
<topic>ganglia -- buffer overflow vulnerability</topic>
<affects>
<package>
<name>ganglia-monitor-core</name>
<name>ganglia-monitor-webfrontend</name>
<range><lt>3.1.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33506">
<p>Spike Spiegel has discovered a vulnerability in Ganglia which
can be exploited by malicious people to compromise a
vulnerable system. The vulnerability is caused due to a
boundary error within the process_path function in
gmetad/server.c. This can be exploited to cause a stack-based
buffer overflow by e.g. sending a specially crafted message to
the gmetad service.</p>
<p>The vulnerability is confirmed in version 3.1.1. Other
versions may also be affected.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0241</cvename>
<url>http://secunia.com/advisories/33506</url>
</references>
<dates>
<discovery>2009-01-26</discovery>
<entry>2009-01-30</entry>
<modified>2009-01-30</modified>
</dates>
</vuln>
<vuln vid="100a9ed2-ee56-11dd-ab4f-0030843d3802">
<topic>tor -- unspecified memory corruption vulnerability</topic>
<affects>
<package>
<name>tor</name>
<range><lt>0.2.0.33</lt></range>
</package>
<package>
<name>tor-devel</name>
<range><lt>0.2.1.11-alpha</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33635/">
<p>A vulnerability with an unknown impact has been reported in Tor.</p>
<p>The vulnerability is caused due to an unspecified error and can be
exploited to trigger a heap corruption. No further information is
currently available.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0414</cvename>
<url>http://secunia.com/advisories/33635/</url>
<url>http://archives.seul.org/or/announce/Jan-2009/msg00000.html</url>
</references>
<dates>
<discovery>2009-01-22</discovery>
<entry>2009-01-29</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="2ffb1b0d-ecf5-11dd-abae-00219b0fc4d8">
<topic>glpi -- SQL Injection</topic>
<affects>
<package>
<name>glpi</name>
<range><lt>0.71.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The GLPI project reports:</p>
<blockquote cite="http://www.glpi-project.org/spip.php?page=annonce&amp;id_breve=161&amp;lang=en">
<p>Input passed via unspecified parameters is not properly sanitised
before being used in SQL queries. This can be exploited to
manipulateSQL queries by injecting arbitrary SQL code.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.glpi-project.org/spip.php?page=annonce&amp;id_breve=161&amp;lang=en</url>
<url>https://mail.gna.org/public/glpi-news/2009-01/msg00002.html</url>
<url>https://dev.indepnet.net/glpi/ticket/1224</url>
<url>http://secunia.com/advisories/33680/</url>
</references>
<dates>
<discovery>2009-01-25</discovery>
<entry>2009-01-28</entry>
</dates>
</vuln>
<vuln vid="c3aba586-ea77-11dd-9d1e-000bcdc1757a">
<topic>openfire -- multiple vulnerabilities</topic>
<affects>
<package>
<name>openfire</name>
<range><lt>3.6.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Core Security Technologies reports:</p>
<blockquote cite="http://www.coresecurity.com/content/openfire-multiple-vulnerabilities">
<p>Multiple cross-site scripting vulnerabilities have been found
which may lead to arbitrary remote code execution on the server
running the application due to unauthorized upload of Java plugin
code.</p>
</blockquote>
</body>
</description>
<references>
<bid>32935</bid>
<bid>32937</bid>
<bid>32938</bid>
<bid>32939</bid>
<bid>32940</bid>
<bid>32943</bid>
<bid>32944</bid>
<bid>32945</bid>
<cvename>CVE-2009-0496</cvename>
<cvename>CVE-2009-0497</cvename>
<url>http://www.coresecurity.com/content/openfire-multiple-vulnerabilities</url>
</references>
<dates>
<discovery>2009-01-08</discovery>
<entry>2009-01-25</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="abcacb5a-e7f1-11dd-afcd-00e0815b8da8">
<topic>ipset-tools -- Denial of Service Vulnerabilities</topic>
<affects>
<package>
<name>ipsec-tools</name>
<range><lt>0.7.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/30657/discuss">
<p>IPsec-Tools is affected by multiple remote denial-of-service
vulnerabilities because the software fails to properly handle
certain network packets.</p>
<p>A successful attack allows a remote attacker to crash the
software, denying further service to legitimate users.</p>
</blockquote>
</body>
</description>
<references>
<bid>30657</bid>
<cvename>CVE-2008-3651</cvename>
<cvename>CVE-2008-3652</cvename>
<mlist msgid="20080724084529.GA3768@zen.inc">http://marc.info/?l=ipsec-tools-devel&amp;m=121688914101709&amp;w=2</mlist>
</references>
<dates>
<discovery>2008-07-28</discovery>
<entry>2009-01-21</entry>
</dates>
</vuln>
<vuln vid="4b68d917-e705-11dd-afcd-00e0815b8da8">
<topic>Teamspeak Server -- Directory Traversal Vulnerability</topic>
<affects>
<package>
<name>teamspeak_server</name>
<range><le>2.0.23.17</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/33256">
<p>TeamSpeak is prone to a directory-traversal vulnerability because
it fails to sufficiently sanitize user-supplied input data.
Exploiting the issue may allow an attacker to obtain sensitive
information that could aid in further attacks.</p>
</blockquote>
</body>
</description>
<references>
<bid>33256</bid>
<url>http://www.securityfocus.com/bid/33256</url>
</references>
<dates>
<discovery>2009-01-14</discovery>
<entry>2009-01-20</entry>
</dates>
</vuln>
<vuln vid="2bc960c4-e665-11dd-afcd-00e0815b8da8">
<topic>optipng -- arbitrary code execution via crafted BMP image</topic>
<affects>
<package>
<name>optipng</name>
<range><lt>0.6.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/32651">
<p>A vulnerability has been reported in OptiPNG, which
potentially can be exploited by malicious people to compromise
a user's system.</p>
<p>The vulnerability is caused due to a boundary error in
the BMP reader and can be exploited to cause a buffer
overflow by tricking a user into processing a specially
crafted file.</p>
<p>Successful exploitation may allow execution of arbitrary
code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-5101</cvename>
<url>http://secunia.com/advisories/32651</url>
<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399</url>
<url>http://optipng.sourceforge.net/</url>
</references>
<dates>
<discovery>2008-11-11</discovery>
<entry>2009-01-19</entry>
</dates>
</vuln>
<vuln vid="ecad44b9-e663-11dd-afcd-00e0815b8da8">
<topic>git -- gitweb privilege escalation</topic>
<affects>
<package>
<name>git</name>
<range><lt>1.6.0.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Git maintainers report:</p>
<blockquote cite="http://marc.info/?l=git&amp;m=122975564100860&amp;w=2">
<p>gitweb has a possible local privilege escalation
bug that allows a malicious repository owner to run a command
of his choice by specifying diff.external configuration
variable in his repository and running a crafted gitweb
query.</p>
</blockquote>
</body>
</description>
<references>
<bid>32967</bid>
<mlist msgid="7vhc4z1gys.fsf@gitster.siamese.dyndns.org">http://marc.info/?l=git&amp;m=122975564100860&amp;w=2</mlist>
<url>http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.6.0.6.txt</url>
</references>
<dates>
<discovery>2008-12-20</discovery>
<entry>2009-01-19</entry>
</dates>
</vuln>
<vuln vid="0809ce7d-f672-4924-9b3b-7c74bc279b83">
<topic>gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability</topic>
<affects>
<package>
<name>gtar</name>
<range><lt>1.19</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/26445/">
<p>GNUs tar and cpio utilities are prone to a denial-of-service
vulnerability because of insecure use of the alloca()
function.</p>
<p>Successfully exploiting this issue allows attackers
to crash the affected utilities and possibly to execute
code but this has not been confirmed.</p>
</blockquote>
</body>
</description>
<references>
<bid>26445</bid>
<cvename>CVE-2007-4476</cvename>
<url>http://www.securityfocus.com/bid/26445/</url>
</references>
<dates>
<discovery>2007-11-14</discovery>
<entry>2009-01-15</entry>
</dates>
</vuln>
<vuln vid="5ccb1c14-e357-11dd-a765-0030843d3802">
<topic>mplayer -- vulnerability in STR files processor</topic>
<affects>
<package>
<name>mplayer</name>
<name>mplayer-esound</name>
<name>mplayer-gtk</name>
<name>mplayer-gtk-esound</name>
<name>mplayer-gtk2</name>
<name>mplayer-gtk2-esound</name>
<range><lt>0.99.11_10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/30994">
<p>The vulnerability is caused due to a boundary error within the
"str_read_packet()" function in libavformat/psxstr.c. This can be
exploited to cause a heap-based buffer overflow via a specially
crafted STR file.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-3162</cvename>
<bid>30157</bid>
<url>http://secunia.com/advisories/30994</url>
<url>https://roundup.mplayerhq.hu/roundup/ffmpeg/issue311</url>
</references>
<dates>
<discovery>2008-07-09</discovery>
<entry>2009-01-15</entry>
</dates>
</vuln>
<vuln vid="bc6a7e79-e111-11dd-afcd-00e0815b8da8">
<topic>cgiwrap -- XSS Vulnerability</topic>
<affects>
<package>
<name>cgiwrap</name>
<range><lt>4.0_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/30765">
<p>A vulnerability has been reported in CGIWrap, which can be
exploited by malicious people to conduct cross-site scripting
attacks.</p>
<p>The vulnerability is caused due to the application generating
error messages without specifying a charset. This can be exploited
to execute arbitrary HTML and script code in a user's browser
session in context of an affected site.</p>
<p>Successful exploitation may require that the victim uses Internet
Explorer or a browser based on Internet Explorer components.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-2852</cvename>
<url>http://secunia.com/advisories/30765</url>
<url>http://cgiwrap.sourceforge.net/changes.html</url>
</references>
<dates>
<discovery>2008-06-19</discovery>
<entry>2009-01-13</entry>
</dates>
</vuln>
<vuln vid="d4a358d3-e09a-11dd-a765-0030843d3802">
<topic>nagios -- web interface privilege escalation vulnerability</topic>
<affects>
<package>
<name>nagios</name>
<range><lt>3.0.5</lt></range>
</package>
<package>
<name>nagios2</name>
<range><lt>2.12_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>securityfocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/32156/discuss">
<p>An attacker with low-level privileges may exploit this issue to
bypass authorization and cause arbitrary commands to run within the
context of the Nagios server. This may aid in further attacks.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-5027</cvename>
<bid>32156</bid>
<url>http://secunia.com/advisories/33320</url>
<url>http://www.ubuntu.com/usn/USN-698-1</url>
<url>http://www.nagios.org/development/history/nagios-3x.php</url>
</references>
<dates>
<discovery>2008-11-06</discovery>
<entry>2009-01-12</entry>
<modified>2009-01-15</modified>
</dates>
</vuln>
<vuln vid="a02c9595-e018-11dd-a765-0030843d3802">
<topic>pdfjam -- insecure temporary files</topic>
<affects>
<package>
<name>pdfjam</name>
<range><lt>1.20_4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/33278">
<p>Some security issues have been reported in PDFjam, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.</p>
<p>The security issues are caused due to the "pdf90", "pdfjoin", and
"pdfnup" scripts using temporary files in an insecure manner. This can
be exploited to overwrite arbitrary files via symlink attacks.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-5743</cvename>
<url>https://bugzilla.novell.com/show_bug.cgi?id=459031</url>
<url>http://secunia.com/advisories/33278</url>
</references>
<dates>
<discovery>2008-12-05</discovery>
<entry>2009-01-11</entry>
</dates>
</vuln>
<vuln vid="58997463-e012-11dd-a765-0030843d3802">
<topic>verlihub -- insecure temporary file usage and arbitrary command execution</topic>
<affects>
<package>
<name>verlihub</name>
<range><lt>0.9.8.d.r2_2,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>securityfocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/32889/discuss">
<p>An attacker with local access could potentially exploit this issue
to perform symbolic-link attacks, overwriting arbitrary files in the
context of the affected application.</p>
<p>Successfully mounting a symlink attack may allow the attacker to
delete or corrupt sensitive files, which may result in a denial of
service. Other attacks may also be possible.</p>
</blockquote>
<blockquote cite="http://www.securityfocus.com/bid/32420/discuss">
<p>Verlihub is prone to a remote command-execution vulnerability
because it fails to sufficiently validate user input.</p>
<p>Successfully exploiting this issue would allow an attacker to
execute arbitrary commands on an affected computer in the context of
the affected application.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-5705</cvename>
<cvename>CVE-2008-5706</cvename>
<bid>32889</bid>
<bid>32420</bid>
<url>http://milw0rm.com/exploits/7183</url>
</references>
<dates>
<discovery>2008-11-22</discovery>
<entry>2009-01-11</entry>
</dates>
</vuln>
<vuln vid="66a770b4-e008-11dd-a765-0030843d3802">
<topic>mysql -- empty bit-string literal denial of service</topic>
<affects>
<package>
<name>mysql-server</name>
<range><ge>5.0</ge><lt>5.0.66</lt></range>
<range><ge>5.1</ge><lt>5.1.26</lt></range>
<range><ge>6.0</ge><lt>6.0.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>MySQL reports:</p>
<blockquote cite="http://bugs.mysql.com/bug.php?id=35658">
<p>The vulnerability is caused due to an error when processing an
empty bit-string literal and can be exploited to crash the server via
a specially crafted SQL statement.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-3963</cvename>
<url>http://bugs.mysql.com/bug.php?id=35658</url>
<url>http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html</url>
<url>http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html</url>
<url>http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html</url>
<url>http://secunia.com/advisories/31769</url>
</references>
<dates>
<discovery>2008-09-11</discovery>
<entry>2009-01-11</entry>
</dates>
</vuln>
<vuln vid="8c451386-dff3-11dd-a765-0030843d3802">
<topic>mysql -- privilege escalation and overwrite of the system table information</topic>
<affects>
<package>
<name>mysql-server</name>
<range><ge>4.1</ge><lt>4.1.24</lt></range>
<range><ge>5.0</ge><lt>5.0.51</lt></range>
<range><ge>5.1</ge><lt>5.1.23</lt></range>
<range><ge>6.0</ge><lt>6.0.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>MySQL reports:</p>
<blockquote cite="http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html">
<p>Using RENAME TABLE against a table with explicit DATA
DIRECTORY and INDEX DIRECTORY options can be used to overwrite
system table information by replacing the symbolic link
points. the file to which the symlink points.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2007-5969</cvename>
<bid>26765</bid>
<url>http://bugs.mysql.com/bug.php?id=32111</url>
</references>
<dates>
<discovery>2007-11-14</discovery>
<entry>2009-01-11</entry>
</dates>
</vuln>
<vuln vid="240ac24c-dff3-11dd-a765-0030843d3802">
<topic>mysql -- remote dos via malformed password packet</topic>
<affects>
<package>
<name>mysql-server</name>
<range><ge>4.1</ge><lt>4.1.24</lt></range>
<range><ge>5.0</ge><lt>5.0.44</lt></range>
<range><ge>5.1</ge><lt>5.1.20</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>MySQL reports:</p>
<blockquote cite="http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html">
<p>A malformed password packet in the connection protocol
could cause the server to crash.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2007-3780</cvename>
<bid>25017</bid>
<url>http://bugs.mysql.com/bug.php?id=28984</url>
</references>
<dates>
<discovery>2007-07-15</discovery>
<entry>2009-01-11</entry>
</dates>
</vuln>
<vuln vid="bb4e9a44-dff2-11dd-a765-0030843d3802">
<topic>mysql -- renaming of arbitrary tables by authenticated users</topic>
<affects>
<package>
<name>mysql-server</name>
<range><ge>4.1</ge><lt>4.1.23</lt></range>
<range><ge>5.0</ge><lt>5.0.42</lt></range>
<range><ge>5.1</ge><lt>5.1.18</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>MySQL reports:</p>
<blockquote cite="http://dev.mysql.com/doc/refman/4.1/en/news-4-1-23.html">
<p>The requirement of the DROP privilege for RENAME TABLE was not
enforced.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2007-2691</cvename>
<bid>24016</bid>
<url>http://bugs.mysql.com/bug.php?id=27515</url>
</references>
<dates>
<discovery>2007-05-14</discovery>
<entry>2009-01-11</entry>
</dates>
</vuln>
<vuln vid="69a20ce4-dfee-11dd-a765-0030843d3802">
<topic>imap-uw -- imap c-client buffer overflow</topic>
<affects>
<package>
<name>imap-uw</name>
<range><lt>2007e</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SANS reports:</p>
<blockquote cite="http://www.washington.edu/imap/documentation/RELNOTES.html">
<p>The University of Washington IMAP library is a library implementing
the IMAP mail protocol. University of Washington IMAP is exposed to a
buffer overflow issue that occurs due to a boundary error within the
rfc822_output_char function in the c-client library. The University of
Washington IMAP library versions prior to 2007e are affected.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-5514</cvename>
<url>http://www.washington.edu/imap/documentation/RELNOTES.html</url>
</references>
<dates>
<discovery>2008-12-16</discovery>
<entry>2009-01-11</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="a6713190-dfea-11dd-a765-0030843d3802">
<topic>imap-uw -- local buffer overflow vulnerabilities</topic>
<affects>
<package>
<name>imap-uw</name>
<range><lt>2007d</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SANS reports:</p>
<blockquote cite="http://www.sans.org/newsletters/risk/display.php?v=7&amp;i=45#08.45.22">
<p>University of Washington "tmail" and "dmail" are mail deliver
agents. "tmail" and "dmail" are exposed to local buffer overflow
issues because they fail to perform adequate boundary checks on
user-supplied data.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-5514</cvename>
<url>http://www.washington.edu/imap/documentation/RELNOTES.html</url>
<url>http://www.sans.org/newsletters/risk/display.php?v=7&amp;i=45#08.45.22</url>
</references>
<dates>
<discovery>2008-10-29</discovery>
<entry>2009-01-11</entry>
<modified>2010-05-02</modified>
</dates>
</vuln>
<vuln vid="bd730827-dfe0-11dd-a765-0030843d3802">
<topic>libcdaudio -- remote buffer overflow and code execution</topic>
<affects>
<package>
<name>libcdaudio</name>
<range><lt>0.99.12p2_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>securityfocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/32122/discuss">
<p>The 'libcdaudio' library is prone to a remote heap code in the
context of an application that uses the library. Failed attacks will
cause denial-of-service conditions.</p>
</blockquote>
<blockquote cite="http://www.securityfocus.com/bid/12770/discuss">
<p>A buffer-overflow in Grip occurs when the software processes a
response to a CDDB query that has more than 16 matches.</p>
<p>To exploit this issue, an attacker must be able to influence the
response to a CDDB query, either by controlling a malicious CDDB
server or through some other means. Successful exploits will allow
arbitrary code to run.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-5030</cvename>
<cvename>CVE-2005-0706</cvename>
<bid>32122</bid>
<bid>12770</bid>
</references>
<dates>
<discovery>2008-11-05</discovery>
<entry>2009-01-11</entry>
</dates>
</vuln>
<vuln vid="c702944a-db0f-11dd-aa56-000bcdf0a03b">
<topic>FreeBSD -- netgraph / bluetooth privilege escalation</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>6.3</ge><lt>6.3_7</lt></range>
<range><ge>6.4</ge><lt>6.4_1</lt></range>
<range><ge>7.0</ge><lt>7.0_7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>Some function pointers for netgraph and bluetooth sockets are
not properly initialized.</p>
<h1>Impact:</h1>
<p>A local user can cause the FreeBSD kernel to execute
arbitrary code. This could be used by an attacker directly;
or it could be used to gain root privilege or to escape from
a jail.</p>
<h1>Workaround:</h1>
<p>No workaround is available, but systems without local
untrusted users are not vulnerable. Furthermore, systems are
not vulnerable if they have neither the ng_socket nor
ng_bluetooth kernel modules loaded or compiled into the
kernel.</p>
<p>Systems with the security.jail.socket_unixiproute_only
sysctl set to 1 (the default) are only vulnerable if they have
local untrusted users outside of jails.</p>
<p>If the command</p>
<p><code># kldstat -v | grep ng_</code></p>
<p>produces no output, the system is not vulnerable.</p>
</body>
</description>
<references>
<freebsdsa>SA-08:13.protosw</freebsdsa>
</references>
<dates>
<discovery>2008-12-23</discovery>
<entry>2009-01-05</entry>
<modified>2016-08-09</modified>
</dates>
</vuln>
<vuln vid="e9ecaceb-db0d-11dd-aa56-000bcdf0a03b">
<topic>FreeBSD -- Cross-site request forgery in ftpd(8)</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>6.3</ge><lt>6.3_7</lt></range>
<range><ge>6.4</ge><lt>6.4_1</lt></range>
<range><ge>7.0</ge><lt>7.0_7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>The ftpd(8) server splits long commands into several
requests. This may result in the server executing a command
which is hidden inside another very long command.</p>
<h1>Impact:</h1>
<p>This could, with a specifically crafted command, be used in a
cross-site request forgery attack.</p>
<p>FreeBSD systems running ftpd(8) server could act as a point
of privilege escalation in an attack against users using web
browser to access trusted FTP sites.</p>
<h1>Workaround:</h1>
<p>No workaround is available, but systems not running FTP
servers are not vulnerable. Systems not running the FreeBSD
ftp(8) server are not affected, but users of other ftp
daemons are advised to take care since several other ftp
daemons are known to have related bugs.</p>
</body>
</description>
<references>
<cvename>CVE-2008-4247</cvename>
<freebsdsa>SA-08:12.ftpd</freebsdsa>
</references>
<dates>
<discovery>2008-12-23</discovery>
<entry>2009-01-05</entry>
<modified>2016-08-09</modified>
</dates>
</vuln>
<vuln vid="6b8cadce-db0b-11dd-aa56-000bcdf0a03b">
<topic>FreeBSD -- IPv6 Neighbor Discovery Protocol routing vulnerability</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>6.3</ge><lt>6.3_5</lt></range>
<range><ge>7.0</ge><lt>7.0_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description</h1>
<p>IPv6 routers may allow "on-link" IPv6 nodes to create and
update the router's neighbor cache and forwarding
information. A malicious IPv6 node sharing a common router
but on a different physical segment from another node may be
able to spoof Neighbor Discovery messages, allowing it to
update router information for the victim node.</p>
<h1>Impact:</h1>
<p>An attacker on a different physical network connected to the
same IPv6 router as another node could redirect IPv6 traffic
intended for that node. This could lead to denial of service
or improper access to private network traffic.</p>
<h1>Workaround:</h1>
<p>Firewall packet filters can be used to filter incoming
Neighbor Solicitation messages but may interfere with normal
IPv6 operation if not configured carefully.</p>
<p>Reverse path forwarding checks could be used to make
gateways, such as routers or firewalls, drop Neighbor
Solicitation messages from nodes with unexpected source
addresses on a particular interface.</p>
<p>IPv6 router administrators are encouraged to read RFC 3756
for further discussion of Neighbor Discovery security
implications.</p>
</body>
</description>
<references>
<cvename>CVE-2008-2476</cvename>
<freebsdsa>SA-08:10.nd6</freebsdsa>
</references>
<dates>
<discovery>2008-10-01</discovery>
<entry>2009-01-05</entry>
<modified>2016-08-09</modified>
</dates>
</vuln>
<vuln vid="5796858d-db0b-11dd-aa56-000bcdf0a03b">
<topic>FreeBSD -- arc4random(9) predictable sequence vulnerability</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>6.3</ge><lt>6.3_6</lt></range>
<range><ge>7.0</ge><lt>7.0_6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>When the arc4random(9) random number generator is
initialized, there may be inadequate entropy to meet the
needs of kernel systems which rely on arc4random(9); and it
may take up to 5 minutes before arc4random(9) is reseeded
with secure entropy from the Yarrow random number generator.</p>
<h1>Impact:</h1>
<p>All security-related kernel subsystems that rely on a
quality random number generator are subject to a wide range of
possible attacks for the 300 seconds after boot or until 64k
of random data is consumed. The list includes:</p>
<p>* GEOM ELI providers with onetime keys. When a provider is
configured in a way so that it gets attached at the same time
during boot (e.g. it uses the rc subsystem to initialize) it
might be possible for an attacker to recover the encrypted
data.</p>
<p>* GEOM shsec providers. The GEOM shsec subsytem is used to
split a shared secret between two providers so that it can be
recovered when both of them are present. This is done by
writing the random sequence to one of providers while
appending the result of the random sequence on the other host
to the original data. If the provider was created within the
first 300 seconds after booting, it might be possible for an
attacker to extract the original data with access to only one
of the two providers between which the secret data is split.</p>
<p>* System processes started early after boot may receive
predictable IDs.</p>
<p>* The 802.11 network stack uses arc4random(9) to generate
initial vectors (IV) for WEP encryption when operating in
client mode and WEP authentication challenges when operating
in hostap mode, which may be insecure.</p>
<p>* The IPv4, IPv6 and TCP/UDP protocol implementations rely
on a quality random number generator to produce unpredictable
IP packet identifiers, initial TCP sequence numbers and
outgoing port numbers. During the first 300 seconds after
booting, it may be easier for an attacker to execute IP
session hijacking, OS fingerprinting, idle scanning, or in
some cases DNS cache poisoning and blind TCP data injection
attacks.</p>
<p>* The kernel RPC code uses arc4random(9) to retrieve
transaction identifiers, which might make RPC clients
vulnerable to hijacking attacks.</p>
<h1>Workaround:</h1>
<p>No workaround is available for affected systems.</p>
</body>
</description>
<references>
<cvename>CVE-2008-5162</cvename>
<freebsdsa>SA-08.11.arc4random</freebsdsa>
</references>
<dates>
<discovery>2008-11-24</discovery>
<entry>2009-01-05</entry>
<modified>2016-08-09</modified>
</dates>
</vuln>
<vuln vid="d5e1aac8-db0b-11dd-ae30-001cc0377035">
<topic>xterm -- DECRQSS remote command execution vulnerability</topic>
<affects>
<package>
<name>xterm</name>
<range><lt>238</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/33060/discuss">
<p>The xterm program is prone to a remote command-execution
vulnerability because it fails to sufficiently validate user
input.</p>
<p>Successfully exploiting this issue would allow an attacker
to execute arbitrary commands on an affected computer in the
context of the affected application.</p>
</blockquote>
</body>
</description>
<references>
<bid>33060</bid>
<cvename>CVE-2008-2383</cvename>
<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030</url>
</references>
<dates>
<discovery>2008-12-28</discovery>
<entry>2009-01-05</entry>
<modified>2009-01-06</modified>
</dates>
</vuln>
<vuln vid="58a3c266-db01-11dd-ae30-001cc0377035">
<topic>php5-gd -- uninitialized memory information disclosure vulnerability</topic>
<affects>
<package>
<name>php5-gd</name>
<range><le>5.2.8</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>According to CVE-2008-5498 entry:</p>
<blockquote cite="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498">
<p>Array index error in the "imageRotate" function in PHP 5.2.8 and
earlier allows context-dependent attackers to read the contents
of arbitrary memory locations via a crafted value of the third
argument (aka the "bgd_color" or "clrBack" argument) for an indexed
image.</p>
</blockquote>
</body>
</description>
<references>
<bid>33002</bid>
<cvename>CVE-2008-5498</cvename>
<url>http://www.securiteam.com/unixfocus/6G00Y0ANFU.html</url>
</references>
<dates>
<discovery>2008-12-24</discovery>
<entry>2009-01-05</entry>
<modified>2009-02-04</modified>
</dates>
</vuln>
<vuln vid="27d78386-d35f-11dd-b800-001b77d09812">
<topic>awstats -- multiple XSS vulnerabilities</topic>
<affects>
<package>
<name>awstats</name>
<range><lt>6.9,1</lt></range>
</package>
<package>
<name>awstats-devel</name>
<range><gt>0</gt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/31519">
<p>Morgan Todd has discovered a vulnerability in AWStats,
which can be exploited by malicious people to conduct
cross-site scripting attacks.</p>
<p>Input passed in the URL to awstats.pl is not properly
sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.</p>
<p>Successful exploitation requires that the application is
running as a CGI script.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-3714</cvename>
<cvename>CVE-2008-5080</cvename>
<url>http://secunia.com/advisories/31519</url>
<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432</url>
</references>
<dates>
<discovery>2008-03-12</discovery>
<entry>2009-01-04</entry>
</dates>
</vuln>
<vuln vid="13b0c8c8-bee0-11dd-a708-001fc66e7203">
<topic>p5-File-Path -- rmtree allows creation of setuid files</topic>
<affects>
<package>
<name>p5-File-Path</name>
<range><lt>2.07_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jan Lieskovsky reports:</p>
<blockquote cite="http://www.openwall.com/lists/oss-security/2008/11/28/1">
<p>perl-File-Path rmtree race condition (CVE-2005-0448 was assigned to
address this)</p>
<p>This vulnerability was fixed in 5.8.4-7 but re-introduced
in 5.8.8-1. It's also present in File::Path 2.xx, up to and
including 2.07 which has only a partial fix.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2005-0448</cvename>
<mlist>http://www.openwall.com/lists/oss-security/2008/11/28/1</mlist>
<mlist>http://www.gossamer-threads.com/lists/perl/porters/233699#233699</mlist>
<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905</url>
</references>
<dates>
<discovery>2008-11-28</discovery>
<entry>2009-01-03</entry>
</dates>
</vuln>
<vuln vid="0e1e3789-d87f-11dd-8ecd-00163e000016">
<topic>vim -- multiple vulnerabilities in the netrw module</topic>
<affects>
<package>
<name>vim</name>
<name>vim-console</name>
<name>vim-lite</name>
<name>vim-gtk2</name>
<name>vim-gnome</name>
<range><ge>7.0</ge><lt>7.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jan Minar reports:</p>
<blockquote cite="http://www.rdancer.org/vulnerablevim-netrw.v2.html">
<p>Applying the ``D'' to a file with a crafted file name,
or inside a directory with a crafted directory name, can
lead to arbitrary code execution.</p>
</blockquote>
<blockquote cite="http://www.rdancer.org/vulnerablevim-netrw.v5.html">
<p>Lack of sanitization throughout Netrw can lead to arbitrary
code execution upon opening a directory with a crafted
name.</p>
</blockquote>
<blockquote cite="http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html">
<p>The Vim Netrw Plugin shares the FTP user name and password
across all FTP sessions. Every time Vim makes a new FTP
connection, it sends the user name and password of the
previous FTP session to the FTP server.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-3076</cvename>
<mlist>http://www.openwall.com/lists/oss-security/2008/10/16/2</mlist>
<url>http://www.rdancer.org/vulnerablevim-netrw.html</url>
<url>http://www.rdancer.org/vulnerablevim-netrw.v2.html</url>
<url>http://www.rdancer.org/vulnerablevim-netrw.v5.html</url>
<url>http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html</url>
</references>
<dates>
<discovery>2008-10-16</discovery>
<entry>2009-01-02</entry>
</dates>
</vuln>
Reference in New Issue View Git Blame Copy Permalink