Wazi » Security Notifications

Openview Network Node Manager 7.53 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Openview Network Node Manager 7.53 and prior [Medium]

Description

The embedded database engine service (aka ovdbrun.exe) in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service (daemon crash) via an invalid Error Code field in a packet.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3840
Severity: Medium

NIST National Vulnerabilities Database

Gimp 2.6.7 [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Gimp 2.6.7 [High]

Description

Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3909
Severity: High

NIST National Vulnerabilities Database

Openview Network Node Manager 7.53 [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Openview Network Node Manager 7.53 [Medium]

Description

Multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx in HP OpenView Network Node Manager (OV NNM) 7.53 might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via a long string argument to the (1) DisplayName, (2) AddGroup, (3) InstallComponent, or (4) Subscribe method. NOTE: this issue is not a vulnerability in many environments, because the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3977
Severity: Medium

NIST National Vulnerabilities Database

Firefox 3.5.4 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Firefox 3.5.4 and prior [Medium]

Description

The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3978
Severity: Medium

NIST National Vulnerabilities Database

Joomla%21 1.1.0 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Joomla%21 1.1.0 and prior [High]

Description

SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3964
Severity: High

NIST National Vulnerabilities Database

New5starrating 1.0 [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

New5starrating 1.0 [High]

Description

SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3965
Severity: High

NIST National Vulnerabilities Database

Arcade Trade Script 1.0 [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Arcade Trade Script 1.0 [High]

Description

Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3966
Severity: High

NIST National Vulnerabilities Database

Supercharged Linking [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Supercharged Linking [High]

Description

SQL injection vulnerability in browse.php in Ed Charkow SuperCharged Linking allows remote attackers to execute arbitrary SQL commands via the id parameter.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3967
Severity: High

NIST National Vulnerabilities Database

Itechbids 8.0 [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Itechbids 8.0 [High]

Description

Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem.php, classifieds.php, and shop.php vectors are already covered by CVE-2008-3238.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3968
Severity: High

NIST National Vulnerabilities Database

Faslo Player 7.0 [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Faslo Player 7.0 [High]

Description

Stack-based buffer overflow in Faslo Player 7.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3969
Severity: High

NIST National Vulnerabilities Database

Php Dir Submit [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Php Dir Submit [Medium]

Description

SQL injection vulnerability in index.php in PHP Dir Submit (aka WebsiteSubmitter or Submitter Script) allows remote authenticated users to execute arbitrary SQL commands via the aid parameter in a showarticle action.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3970
Severity: Medium

NIST National Vulnerabilities Database

Joomla%21 1.0.9 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Joomla%21 1.0.9 and prior [High]

Description

SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3971
Severity: High

NIST National Vulnerabilities Database

Joomla%21 1.2 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Joomla%21 1.2 and prior [High]

Description

SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3972
Severity: High

NIST National Vulnerabilities Database

Turnkey Arcade Script [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Turnkey Arcade Script [High]

Description

SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a browse action, a different vector than CVE-2008-5629.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3973
Severity: High

NIST National Vulnerabilities Database

Invision Power Board 3.0.2 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Invision Power Board 3.0.2 and prior [High]

Description

Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. NOTE: on 20090818, the vendor patched 3.0.2 without changing the version number.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3974
Severity: High

NIST National Vulnerabilities Database

Moa 1.2.0 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Moa 1.2.0 and prior [Medium]

Description

SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and 1.2.0 allows remote attackers to execute arbitrary SQL commands via the gallery_id parameter in a gallery_view action.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3975
Severity: Medium

NIST National Vulnerabilities Database

Proftpd 2.9 [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Proftpd 2.9 [Medium]

Description

Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to cause a denial of service (application crash) or execute arbitrary code via a long 220 reply (aka connection greeting or welcome message).

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3976
Severity: Medium

NIST National Vulnerabilities Database

Discovery%26dependency Mapping Inventory 7.60 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Discovery%26dependency Mapping Inventory 7.60 and prior [High]

Description

Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3841
Severity: High

NIST National Vulnerabilities Database

Wordpress 2.8.5 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Wordpress 2.8.5 and prior [Medium]

Description

Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3890
Severity: Medium

NIST National Vulnerabilities Database

Wordpress 2.8.5 and prior [Low]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Wordpress 2.8.5 and prior [Low]

Description

Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable).

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3891
Severity: Low

NIST National Vulnerabilities Database