Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-06-10 | CVE-2009-1684 | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. | 4.3 |
| 2009-06-10 | CVE-2009-1682 | Credentials Management vulnerability in Apple Safari Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. | 4.3 |
| 2009-06-10 | CVE-2009-1681 | Multiple Security vulnerability in RETIRED: Apple Safari Prior to 4.0 WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document. network apple | 4.3 |
| 2009-06-10 | CVE-2009-1535 | Improper Authentication vulnerability in Microsoft Internet Information Services 5.1/6.0 The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122. | 7.5 |
| 2009-06-09 | CVE-2009-1296 | Information Exposure vulnerability in Ubuntu 73-Oubuntu and Ubuntu The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. | 1.9 |
| 2009-06-09 | CVE-2008-2475 | OS Command Injection vulnerability in Ebay Enhanced Picture Uploader Activex Control eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property. | 9.3 |
| 2009-06-09 | CVE-2009-2025 | Permissions, Privileges, and Access Controls vulnerability in Dutchmonkey DM Filemanager 3.9.2 admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values. | 7.5 |
| 2009-06-09 | CVE-2009-2024 | Permissions, Privileges, and Access Controls vulnerability in Vt.Rovno ASP VT Auth 1.0 Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt. | 5.0 |
| 2009-06-09 | CVE-2009-2023 | SQL Injection vulnerability in Shop-Script 2.12 SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter. | 6.8 |
| 2009-06-09 | CVE-2009-2022 | Permissions, Privileges, and Access Controls vulnerability in Fipsasp Fipscms Light 2.1 fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for _fipsdb/db.mdb. | 5.0 |