Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-06-05 | CVE-2009-0783 | Information Exposure vulnerability in Apache Tomcat Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. | 4.2 |
| 2009-05-14 | CVE-2009-1466 | Cleartext Storage of Sensitive Information vulnerability in Klinzmann Application Access Server 2.0.48 Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file. | 5.5 |
| 2009-05-13 | CVE-2009-0152 | Cleartext Storage of Sensitive Information vulnerability in Apple mac OS X and mac OS X Server iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network. | 7.5 |
| 2009-05-11 | CVE-2009-1603 | Cleartext Storage of Sensitive Information vulnerability in multiple products src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted. | 7.5 |
| 2009-05-11 | CVE-2009-1596 | Improper Authentication vulnerability in Igniterealtime Openfire Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet. | 6.5 |
| 2009-04-06 | CVE-2009-1243 | Improper Locking vulnerability in Linux Kernel net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocking step in certain incorrect circumstances, which allows local users to cause a denial of service (panic) by reading zero bytes from the /proc/net/udp file and unspecified other files, related to the "udp seq_file infrastructure." | 5.5 |
| 2009-03-31 | CVE-2009-1073 | Incorrect Permission Assignment for Critical Resource vulnerability in Debian Linux and Nss-Ldap nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field. | 5.5 |
| 2009-03-30 | CVE-2009-0115 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. local low complexity christophe-varoqui fedoraproject debian avaya suse opensuse novell juniper CWE-732 | 7.8 |
| 2009-03-26 | CVE-2009-1151 | Code Injection vulnerability in multiple products Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. | 9.8 |
| 2009-03-19 | CVE-2009-0964 | Cleartext Storage of Sensitive Information vulnerability in Xlinesoft PHPrunner 4.2 UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. | 7.5 |