Weekly Vulnerabilities Reports > March 23 to 29, 2009
Overview
122 new vulnerabilities reported during this period, including 33 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 85 products from 62 vendors including SUN, Cisco, Adobe, Mozilla, and Drupal. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "Permissions, Privileges, and Access Controls", and "Resource Management Errors".
- 117 reported vulnerabilities are remotely exploitables.
- 35 reported vulnerabilities have public exploit available.
- 32 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 111 reported vulnerabilities are exploitable by an anonymous user.
- SUN has the most reported vulnerabilities, with 28 reported vulnerabilities.
- SUN has the most reported critical vulnerabilities, with 9 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
33 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-03-25 | CVE-2009-1096 | SUN | Buffer Errors vulnerability in SUN JDK and JRE Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | 10.0 |
2009-03-25 | CVE-2009-1095 | SUN | Numeric Errors vulnerability in SUN JDK and JRE Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | 10.0 |
2009-03-25 | CVE-2009-1094 | SUN | Multiple Security vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. | 10.0 |
2009-03-25 | CVE-2008-6520 | Imatix | USE of Externally-Controlled Format String vulnerability in Imatix Xitami 2.5C2 Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel. | 10.0 |
2009-03-25 | CVE-2008-6519 | Imatix | USE of Externally-Controlled Format String vulnerability in Imatix Xitami Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel. | 10.0 |
2009-03-25 | CVE-2009-0928 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table. | 10.0 |
2009-03-25 | CVE-2009-0921 | HP | Buffer Errors vulnerability in HP Network Node Manager 7.0.1/7.5.1/7.5.3 Multiple heap-based buffer overflows in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long OvAcceptLang cookie, which triggers the error in ov.dll and ovwww.dll, or (2) a long Accept-Language HTTP header, which triggers the error in ovwww.dll or libovwww.so.4. | 10.0 |
2009-03-24 | CVE-2009-1058 | Zipgenius | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Zipgenius Stack-based buffer overflow in ZipGenius might allow remote attackers to execute arbitrary code via a crafted .zip file that triggers an SEH overwrite. | 10.0 |
2009-03-24 | CVE-2009-1057 | Microsmarts | Buffer Errors vulnerability in Microsmarts Zipitfast! 3.0 MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file that triggers memory corruption, related to a "format string buffer overflow." NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product. | 10.0 |
2009-03-23 | CVE-2009-1043 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 8 Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. | 10.0 |
2009-03-27 | CVE-2009-1169 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform. | 9.3 |
2009-03-26 | CVE-2009-1071 | Randomsoftware | Buffer Errors vulnerability in Randomsoftware Icarus 2.0 Stack-based buffer overflow in Icarus 2.0 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted Portable Game Notation (.pgn) file. | 9.3 |
2009-03-26 | CVE-2009-1068 | Bsplayer | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bsplayer Bs.Player 2.32/2.34 Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file. | 9.3 |
2009-03-25 | CVE-2009-1098 | SUN | Buffer Errors vulnerability in SUN Jdk, JRE and SDK Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. | 9.3 |
2009-03-25 | CVE-2009-1097 | SUN | Buffer Errors vulnerability in SUN JDK and JRE Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997. | 9.3 |
2009-03-25 | CVE-2009-1092 | Geovision | Resource Management Errors vulnerability in Geovision Liveaudio Activex Control 7.0 Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote attackers to execute arbitrary code by calling the GetAudioPlayingTime method with certain arguments. | 9.3 |
2009-03-25 | CVE-2009-1087 | Pplive | Improper Input Validation vulnerability in Pplive 1.9.15 Multiple argument injection vulnerabilities in PPLive.exe in PPLive 1.9.21 and earlier allow remote attackers to execute arbitrary code via a UNC share pathname in the LoadModule argument to the (1) synacast, (2) Play, (3) pplsv, or (4) ppvod URI handler. | 9.3 |
2009-03-25 | CVE-2009-0215 | IBM | Buffer Errors vulnerability in IBM Access Support Activex Control 3.20.284.0 Stack-based buffer overflow in the GetXMLValue method in the IBM Access Support ActiveX control in IbmEgath.dll, as distributed on IBM and Lenovo computers, allows remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2009-03-25 | CVE-2009-1062 | Adobe | Improper Input Validation vulnerability in Adobe Acrobat, Acrobat Reader and Reader Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061. | 9.3 |
2009-03-25 | CVE-2009-1061 | Adobe | Improper Input Validation vulnerability in Adobe Acrobat Reader Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062. | 9.3 |
2009-03-25 | CVE-2009-0193 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat Reader Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062. | 9.3 |
2009-03-24 | CVE-2009-1060 | Apple | Remote Code Execution Variant vulnerability in Apple Safari Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009. | 9.3 |
2009-03-24 | CVE-2009-1059 | Powerzip | Buffer Errors vulnerability in Powerzip 7.2 Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote attackers to execute arbitrary code via a crafted .zip file. | 9.3 |
2009-03-24 | CVE-2009-1054 | Ichitaro | Code Execution vulnerability in JustSystems Ichitaro Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 2008, Lite2, and Ichitaro viewer 5.1.5.0 and earlier allows remote attackers to execute arbitrary code via a crafted file, as exploited in the wild by Trojan.Tarodrop.H in March 2009. | 9.3 |
2009-03-23 | CVE-2009-0584 | Argyllcms Ghostscript | Numeric Errors vulnerability in multiple products icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. | 9.3 |
2009-03-23 | CVE-2009-1044 | Mozilla Microsoft | Resource Management Errors vulnerability in Mozilla Firefox 3.0.7 Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. | 9.3 |
2009-03-23 | CVE-2009-1042 | Apple | Remote Code Execution vulnerability in Apple Safari Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. | 9.3 |
2009-03-23 | CVE-2009-0733 | Gimp Mozilla SUN Littlecms | Out-of-bounds Write vulnerability in multiple products Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions. | 9.3 |
2009-03-23 | CVE-2009-0723 | Gimp Mozilla SUN Littlecms | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. | 9.3 |
2009-03-27 | CVE-2009-0628 | Cisco | Information Exposure vulnerability in Cisco IOS 12.3/12.4 Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak. | 9.0 |
2009-03-25 | CVE-2009-1088 | Hannonhill | Code Injection vulnerability in Hannonhill Cascade 5.7 Hannon Hill Cascade Server 5.7 and other versions allows remote authenticated users to execute arbitrary programs or Java code via a crafted XSLT stylesheet with "extension elements and extension functions" that trigger code execution by Xalan-Java, as demonstrated using xalan://java.lang.Runtime. | 9.0 |
2009-03-25 | CVE-2009-1083 | SUN | Code Injection vulnerability in SUN Java System Identity Manager Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving "resource adapters." | 9.0 |
2009-03-25 | CVE-2009-1082 | SUN | Improper Input Validation vulnerability in SUN Java System Identity Manager Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs. | 9.0 |
29 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-03-27 | CVE-2009-0636 | Cisco | Denial of Service vulnerability in Cisco IOS Session Initiation Protocol Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message. | 7.8 |
2009-03-27 | CVE-2009-0626 | Cisco | Resource Management Errors vulnerability in Cisco IOS The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet. | 7.8 |
2009-03-27 | CVE-2009-0631 | Cisco | Features UDP Packet Denial of Service vulnerability in Cisco IOS Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol (MGCP) allows remote attackers to cause a denial of service (blocked input queue on the inbound interface) via a crafted UDP packet. | 7.8 |
2009-03-25 | CVE-2008-6521 | Devraj Mukherjee | Information Exposure vulnerability in Devraj Mukherjee Openterracotta 0.6.1 index.php in Terracotta (aka OpenTerracotta) 0.6.1 allows remote attackers to obtain sensitive information via an invalid File parameter, which reveals the installation path in an error message. | 7.8 |
2009-03-26 | CVE-2008-6535 | Paypalestores | Permissions, Privileges, and Access Controls vulnerability in Paypalestores Paypal Estores admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter. | 7.5 |
2009-03-26 | CVE-2009-1151 | Phpmyadmin | Code Injection vulnerability in PHPmyadmin Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. | 7.5 |
2009-03-26 | CVE-2009-1149 | Phpmyadmin | Improper Input Validation vulnerability in PHPmyadmin CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters. | 7.5 |
2009-03-26 | CVE-2009-1065 | Getpixie | SQL Injection vulnerability in Getpixie Pixie CMS 1.01A SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. | 7.5 |
2009-03-26 | CVE-2009-0364 | Citadel | USE of Externally-Controlled Format String vulnerability in Citadel Webcit Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
2009-03-25 | CVE-2009-1105 | SUN | Multiple Security vulnerability in Sun Java Runtime Environment and Java Development Kit The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490. | 7.5 |
2009-03-25 | CVE-2009-1099 | SUN | Numeric Errors vulnerability in SUN Java Runtime Environment and Java SE Development KIT Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow. | 7.5 |
2009-03-25 | CVE-2008-6527 | Go4I | SQL Injection vulnerability in Go4I Go41.Net ASP Forum 1.0 SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the iFor parameter. | 7.5 |
2009-03-25 | CVE-2008-6526 | Bosdev | SQL Injection vulnerability in Bosdev BOS Classifieds SQL injection vulnerability in index.php in BosDev BosClassifieds allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2008-1838. | 7.5 |
2009-03-25 | CVE-2008-6525 | Nicephpscripts | SQL Injection vulnerability in Nicephpscripts Nice PHP FAQ Script SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script (Knowledge base Script) allows remote attackers to execute arbitrary SQL commands via the Password parameter (aka the pass field). | 7.5 |
2009-03-25 | CVE-2008-6523 | Cale Dunlap | Improper Authentication vulnerability in Cale Dunlap Openinvoice 0.90 auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. | 7.5 |
2009-03-25 | CVE-2008-6517 | Nick Jenkin | SQL Injection vulnerability in Nick Jenkin Newshowler 1.0.3Beta SQL injection vulnerability in NewsHOWLER 1.03 Beta allows remote attackers to execute arbitrary SQL commands via the news_user cookie parameter. | 7.5 |
2009-03-25 | CVE-2008-6516 | Phpkf | Path Traversal vulnerability in PHPkf PHPkf-Portal 1.0 Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a .. | 7.5 |
2009-03-25 | CVE-2009-0920 | HP | Buffer Errors vulnerability in HP Network Node Manager 7.0.1/7.5.1/7.5.3 Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067. | 7.5 |
2009-03-24 | CVE-2009-1050 | Kamads | Improper Authentication vulnerability in Kamads Bloginator 1A Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie. | 7.5 |
2009-03-24 | CVE-2009-1049 | Kamads | SQL Injection vulnerability in Kamads Bloginator 1A SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-03-23 | CVE-2008-6509 | Igniterealtime | SQL Injection vulnerability in Igniterealtime Openfire SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp. | 7.5 |
2009-03-23 | CVE-2008-6508 | Igniterealtime | Path Traversal vulnerability in Igniterealtime Openfire Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. | 7.5 |
2009-03-26 | CVE-2009-1152 | Siemens | Denial of Service vulnerability in Siemens Gigaset Se461 Wimax Router 1.5Bl024.9.6401 Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and possibly other versions, allows remote attackers to cause a denial of service (device restart and loss of configuration) by connecting to TCP port 53, then closing the connection. | 7.3 |
2009-03-26 | CVE-2009-1041 | Freebsd | Buffer Errors vulnerability in Freebsd 7.0/7.1/7.2 The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value. | 7.2 |
2009-03-27 | CVE-2009-0637 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command. | 7.1 |
2009-03-27 | CVE-2009-0635 | Cisco | Resource Management Errors vulnerability in Cisco IOS 12.4T/12.4Xz/12.4Ya Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets. | 7.1 |
2009-03-27 | CVE-2009-0634 | Cisco | Denial of Service vulnerability in Cisco IOS 12.3/12.4 Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via an ICMP packet, aka Bug ID CSCso05337. | 7.1 |
2009-03-27 | CVE-2009-0633 | Cisco | Denial of Service vulnerability in Cisco IOS 12.3/12.4 Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6 packets, aka Bug ID CSCsm97220. | 7.1 |
2009-03-27 | CVE-2009-0630 | Cisco | Features IP Sockets Denial Of Service vulnerability in Cisco IOS The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission Control HTTP Authentication Proxy; (6) Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass; (7) Distributed Director with HTTP Redirects; and (8) TCP DNS features in Cisco IOS 12.0 through 12.4 do not properly handle IP sockets, which allows remote attackers to cause a denial of service (outage or resource consumption) via a series of crafted TCP packets. | 7.1 |
59 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-03-26 | CVE-2008-6532 | Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database. | 6.8 |
2009-03-26 | CVE-2009-1063 | Brother Soft | Buffer Errors vulnerability in Brother Soft Exescope 6 Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers to execute arbitrary code via a crafted executable (.exe) file. | 6.8 |
2009-03-25 | CVE-2009-1090 | Rapidleech | Path Traversal vulnerability in Rapidleech 2.3 Directory traversal vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uploaded parameter. | 6.8 |
2009-03-25 | CVE-2008-6522 | Devraj Mukherjee | Path Traversal vulnerability in Devraj Mukherjee Openterracotta 0.6.1 Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a .. | 6.8 |
2009-03-25 | CVE-2009-0207 | HP Oracle | Local Privilege Escalation vulnerability in HP Hp-Ux B.11.11/B.11.23/B.11.31 Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local users to gain root privileges via unknown vectors. | 6.8 |
2009-03-24 | CVE-2008-6513 | Aphpkb | Code Injection vulnerability in Aphpkb 0.92.9 Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowledgebase (aphpkb) 0.92.9 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a link that is listed by authors.php. | 6.8 |
2009-03-24 | CVE-2008-6512 | Unspecified vulnerability in Google Gears Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain, then accessing that file from the attacking domain, whose response headers are not checked and cause the worker code to run in the target domain. | 6.8 | |
2009-03-26 | CVE-2008-6530 | Ezonescripts | Local Arbitrary File Upload vulnerability in Ezonescripts Living Local 1.1 Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file. | 6.5 |
2009-03-25 | CVE-2008-6524 | Cale Dunlap | Credentials Management vulnerability in Cale Dunlap Openinvoice resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. | 6.5 |
2009-03-25 | CVE-2008-6518 | Vidiscript | Code Injection vulnerability in Vidiscript Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request. | 6.5 |
2009-03-25 | CVE-2009-1077 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Java System Identity Manager The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password. | 6.5 |
2009-03-25 | CVE-2009-1106 | SUN | Improper Input Validation vulnerability in SUN JDK and JRE The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948. | 6.4 |
2009-03-25 | CVE-2009-1103 | SUN | Multiple Security vulnerability in Sun Java Runtime Environment and Java Development Kit Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860. | 6.4 |
2009-03-25 | CVE-2009-1102 | SUN | Code Injection vulnerability in SUN Java Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." | 6.4 |
2009-03-25 | CVE-2009-1086 | Nlnetlabs | Resource Management Errors vulnerability in Nlnetlabs Ldns 1.4.0/1.4.1 Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field. | 6.4 |
2009-03-25 | CVE-2009-1084 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Java System Identity Manager Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object. | 6.4 |
2009-03-25 | CVE-2009-0784 | Systemtap Debian | Race Condition vulnerability in multiple products Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors. | 6.3 |
2009-03-26 | CVE-2009-1064 | Orbit Downloader Orbitdownloader | Code Injection vulnerability in multiple products Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method. | 5.8 |
2009-03-25 | CVE-2009-1104 | SUN | Configuration vulnerability in SUN Java The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. | 5.8 |
2009-03-23 | CVE-2008-6511 | Igniterealtime | Improper Input Validation vulnerability in Igniterealtime Openfire Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. | 5.8 |
2009-03-25 | CVE-2009-0891 | IBM | Improper Authentication vulnerability in IBM Websphere Application Server The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks. | 5.5 |
2009-03-27 | CVE-2009-0629 | Cisco | Unspecified vulnerability in Cisco IOS The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) via a series of crafted TCP packets. | 5.4 |
2009-03-27 | CVE-2009-0845 | MIT | Improper Input Validation vulnerability in MIT Kerberos and Kerberos 5 The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token. | 5.0 |
2009-03-27 | CVE-2009-0789 | Openssl | Numeric Errors vulnerability in Openssl OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key. | 5.0 |
2009-03-27 | CVE-2009-0590 | Openssl Debian | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. | 5.0 |
2009-03-26 | CVE-2009-1148 | Phpmyadmin | Path Traversal vulnerability in PHPmyadmin Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable). | 5.0 |
2009-03-26 | CVE-2008-6528 | Tmaxsoft | Improper Input Validation vulnerability in Tmaxsoft Jeus 5 NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream. | 5.0 |
2009-03-25 | CVE-2009-1101 | SUN | Multiple Security vulnerability in SUN JDK and JRE Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak." | 5.0 |
2009-03-25 | CVE-2009-1100 | SUN | Multiple Security vulnerability in SUN JDK and JRE Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886. | 5.0 |
2009-03-25 | CVE-2009-1093 | SUN | Configuration vulnerability in SUN Jdk, JRE and SDK LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). | 5.0 |
2009-03-25 | CVE-2009-1089 | Rapidleech | Path Traversal vulnerability in Rapidleech 2.3/Rev36 Absolute path traversal vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to read arbitrary files via a base64-encoded absolute path in the filename parameter. | 5.0 |
2009-03-25 | CVE-2009-1085 | Matomo | Permissions, Privileges, and Access Controls vulnerability in Matomo Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh. | 5.0 |
2009-03-25 | CVE-2009-1076 | SUN | Information Exposure vulnerability in SUN Java System Identity Manager Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | 5.0 |
2009-03-25 | CVE-2009-1075 | SUN | Credentials Management vulnerability in SUN Java System Identity Manager Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | 5.0 |
2009-03-25 | CVE-2009-1074 | SUN | Cryptographic Issues vulnerability in SUN Java System Identity Manager Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs. | 5.0 |
2009-03-24 | CVE-2009-1056 | IBM | Information Disclosure vulnerability in IBM Rational AppScan Enterprise Exported Report IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported reports by "forcefully browsing." | 5.0 |
2009-03-24 | CVE-2009-1053 | Chaozz | Permissions, Privileges, and Access Controls vulnerability in Chaozz Chaozzdb 1.0/1.1 chaozzDB 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv. | 5.0 |
2009-03-24 | CVE-2009-1052 | Chaozz | Permissions, Privileges, and Access Controls vulnerability in Chaozz Fireant 1.0/1.2 FireAnt 1.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv. | 5.0 |
2009-03-24 | CVE-2009-1051 | Chaozz | Permissions, Privileges, and Access Controls vulnerability in Chaozz Fubarforum FubarForum 1.6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv. | 5.0 |
2009-03-23 | CVE-2009-1045 | Videolan | Improper Input Validation vulnerability in Videolan VLC Media Player 0.9.8A requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action. | 5.0 |
2009-03-23 | CVE-2008-6507 | Phpbb | Information Disclosure vulnerability in Phpbb Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum. | 5.0 |
2009-03-23 | CVE-2008-6506 | Phpbb | Permissions, Privileges, and Access Controls vulnerability in PHPbb Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors. | 5.0 |
2009-03-23 | CVE-2008-6505 | Apache | Path Traversal vulnerability in Apache Struts Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x. | 5.0 |
2009-03-23 | CVE-2008-6504 | Opensymphony Apache | Improper Input Validation vulnerability in multiple products ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character. | 5.0 |
2009-03-23 | CVE-2009-1046 | Linux | Resource Management Errors vulnerability in Linux Kernel The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries. | 4.7 |
2009-03-26 | CVE-2008-6533 | Drupal | Cross-Site Scripting vulnerability in Drupal Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | 4.3 |
2009-03-26 | CVE-2008-6529 | Ezonescripts | Cross-Site Scripting vulnerability in Ezonescripts Living Local 1.1 Cross-site scripting (XSS) vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to inject arbitrary web script or HTML via the r parameter. | 4.3 |
2009-03-26 | CVE-2009-1150 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie. | 4.3 |
2009-03-26 | CVE-2009-1070 | Expressionengine | Cross-Site Scripting vulnerability in Expressionengine 1.6.4/1.6.5/1.6.6 Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter. | 4.3 |
2009-03-26 | CVE-2009-1069 | Drupal | Cross-Site Scripting vulnerability in Drupal Content Construction KIT Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in the Node reference sub-module and the (2) names of candidate referenced users in the User reference sub-module. | 4.3 |
2009-03-25 | CVE-2009-1107 | SUN | Multiple Security vulnerability in Sun Java Runtime Environment and Java Development Kit The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871. | 4.3 |
2009-03-25 | CVE-2009-1091 | Rapidleech | Cross-Site Scripting vulnerability in Rapidleech Rev36 Cross-site scripting (XSS) vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to inject arbitrary web script or HTML via the uploaded parameter. | 4.3 |
2009-03-25 | CVE-2009-1081 | SUN | Cross-Site Scripting vulnerability in SUN Java System Identity Manager Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19595 and 19661. | 4.3 |
2009-03-25 | CVE-2009-1080 | SUN | Cross-Site Scripting vulnerability in SUN Java System Identity Manager Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033. | 4.3 |
2009-03-25 | CVE-2009-1079 | SUN | Cross-Site Scripting vulnerability in SUN Java System Identity Manager Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683. | 4.3 |
2009-03-24 | CVE-2008-6515 | Vclcomponents | Cross-Site Scripting vulnerability in Vclcomponents Yappa-Ng Cross-site scripting (XSS) vulnerability in Fritz Berger yet another php photo album - next generation (yappa-ng) allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI. | 4.3 |
2009-03-23 | CVE-2009-1047 | Drupal | Cross-Site Scripting vulnerability in Drupal and Print Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail. | 4.3 |
2009-03-23 | CVE-2008-6510 | Igniterealtime | Cross-Site Scripting vulnerability in Igniterealtime Openfire Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 4.3 |
2009-03-25 | CVE-2009-1078 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Java System Identity Manager Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, which allows remote authenticated users to have an unspecified impact. | 4.0 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-03-27 | CVE-2009-0591 | Openssl | Improper Authentication vulnerability in Openssl 0.9.8H/0.9.8I/0.9.8J The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid. | 2.6 |