Weekly Vulnerabilities Reports > March 23 to 29, 2009

Overview

132 new vulnerabilities reported during this period, including 34 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 101 products from 71 vendors including SUN, Cisco, Mozilla, Adobe, and Drupal. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "Permissions, Privileges, and Access Controls", and "Resource Management Errors".

  • 124 reported vulnerabilities are remotely exploitables.
  • 38 reported vulnerabilities have public exploit available.
  • 35 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 119 reported vulnerabilities are exploitable by an anonymous user.
  • SUN has the most reported vulnerabilities, with 29 reported vulnerabilities.
  • SUN has the most reported critical vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

34 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-03-25 CVE-2009-1096 SUN Buffer Errors vulnerability in SUN JDK and JRE

Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.

10.0
2009-03-25 CVE-2009-1095 SUN Numeric Errors vulnerability in SUN JDK and JRE

Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.

10.0
2009-03-25 CVE-2009-1094 SUN Multiple Security vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.

10.0
2009-03-25 CVE-2008-6520 Imatix USE of Externally-Controlled Format String vulnerability in Imatix Xitami 2.5C2

Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.

10.0
2009-03-25 CVE-2008-6519 Imatix USE of Externally-Controlled Format String vulnerability in Imatix Xitami

Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.

10.0
2009-03-25 CVE-2009-0928 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table.

10.0
2009-03-25 CVE-2009-0921 HP Buffer Errors vulnerability in HP Network Node Manager 7.0.1/7.5.1/7.5.3

Multiple heap-based buffer overflows in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long OvAcceptLang cookie, which triggers the error in ov.dll and ovwww.dll, or (2) a long Accept-Language HTTP header, which triggers the error in ovwww.dll or libovwww.so.4.

10.0
2009-03-24 CVE-2009-1058 Zipgenius Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Zipgenius

Stack-based buffer overflow in ZipGenius might allow remote attackers to execute arbitrary code via a crafted .zip file that triggers an SEH overwrite.

10.0
2009-03-24 CVE-2009-1057 Microsmarts Buffer Errors vulnerability in Microsmarts Zipitfast! 3.0

MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file that triggers memory corruption, related to a "format string buffer overflow." NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.

10.0
2009-03-23 CVE-2009-1043 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 8

Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.

10.0
2009-03-27 CVE-2009-1169 Mozilla Resource Management Errors vulnerability in Mozilla Firefox

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.

9.3
2009-03-26 CVE-2009-1071 Randomsoftware Buffer Errors vulnerability in Randomsoftware Icarus 2.0

Stack-based buffer overflow in Icarus 2.0 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted Portable Game Notation (.pgn) file.

9.3
2009-03-26 CVE-2009-1068 Bsplayer Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bsplayer Bs.Player 2.32/2.34

Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file.

9.3
2009-03-25 CVE-2009-1098 SUN Buffer Errors vulnerability in SUN Jdk, JRE and SDK

Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.

9.3
2009-03-25 CVE-2009-1097 SUN Buffer Errors vulnerability in SUN JDK and JRE

Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.

9.3
2009-03-25 CVE-2009-1092 Geovision Resource Management Errors vulnerability in Geovision Liveaudio Activex Control 7.0

Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote attackers to execute arbitrary code by calling the GetAudioPlayingTime method with certain arguments.

9.3
2009-03-25 CVE-2009-1087 Pplive Improper Input Validation vulnerability in Pplive 1.9.15

Multiple argument injection vulnerabilities in PPLive.exe in PPLive 1.9.21 and earlier allow remote attackers to execute arbitrary code via a UNC share pathname in the LoadModule argument to the (1) synacast, (2) Play, (3) pplsv, or (4) ppvod URI handler.

9.3
2009-03-25 CVE-2009-0215 IBM Buffer Errors vulnerability in IBM Access Support Activex Control 3.20.284.0

Stack-based buffer overflow in the GetXMLValue method in the IBM Access Support ActiveX control in IbmEgath.dll, as distributed on IBM and Lenovo computers, allows remote attackers to execute arbitrary code via unspecified vectors.

9.3
2009-03-25 CVE-2009-1062 Adobe Improper Input Validation vulnerability in Adobe Acrobat, Acrobat Reader and Reader

Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061.

9.3
2009-03-25 CVE-2009-1061 Adobe Improper Input Validation vulnerability in Adobe Acrobat Reader

Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062.

9.3
2009-03-25 CVE-2009-0193 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat Reader

Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.

9.3
2009-03-24 CVE-2009-1060 Apple Remote Code Execution Variant vulnerability in Apple Safari

Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009.

9.3
2009-03-24 CVE-2009-1059 Powerzip Buffer Errors vulnerability in Powerzip 7.2

Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote attackers to execute arbitrary code via a crafted .zip file.

9.3
2009-03-24 CVE-2009-1054 Ichitaro Code Execution vulnerability in JustSystems Ichitaro

Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 2008, Lite2, and Ichitaro viewer 5.1.5.0 and earlier allows remote attackers to execute arbitrary code via a crafted file, as exploited in the wild by Trojan.Tarodrop.H in March 2009.

9.3
2009-03-23 CVE-2009-0584 Argyllcms
Ghostscript
Numeric Errors vulnerability in multiple products

icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

9.3
2009-03-23 CVE-2009-0583 Ghostscript
Argyllcms
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

9.3
2009-03-23 CVE-2009-1044 Mozilla
Microsoft
Resource Management Errors vulnerability in Mozilla Firefox 3.0.7

Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.

9.3
2009-03-23 CVE-2009-1042 Apple Remote Code Execution vulnerability in Apple Safari

Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.

9.3
2009-03-23 CVE-2009-0733 Gimp
Mozilla
SUN
Littlecms
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.

9.3
2009-03-23 CVE-2009-0723 Gimp
Mozilla
SUN
Littlecms
Numeric Errors vulnerability in multiple products

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow.

9.3
2009-03-27 CVE-2009-0628 Cisco Information Exposure vulnerability in Cisco IOS 12.3/12.4

Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak.

9.0
2009-03-25 CVE-2009-1088 Hannonhill Code Injection vulnerability in Hannonhill Cascade 5.7

Hannon Hill Cascade Server 5.7 and other versions allows remote authenticated users to execute arbitrary programs or Java code via a crafted XSLT stylesheet with "extension elements and extension functions" that trigger code execution by Xalan-Java, as demonstrated using xalan://java.lang.Runtime.

9.0
2009-03-25 CVE-2009-1083 SUN Code Injection vulnerability in SUN Java System Identity Manager

Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving "resource adapters."

9.0
2009-03-25 CVE-2009-1082 SUN Improper Input Validation vulnerability in SUN Java System Identity Manager

Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs.

9.0

31 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-03-27 CVE-2009-0636 Cisco Denial of Service vulnerability in Cisco IOS Session Initiation Protocol

Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message.

7.8
2009-03-27 CVE-2009-0626 Cisco Resource Management Errors vulnerability in Cisco IOS

The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet.

7.8
2009-03-27 CVE-2009-0631 Cisco Features UDP Packet Denial of Service vulnerability in Cisco IOS

Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol (MGCP) allows remote attackers to cause a denial of service (blocked input queue on the inbound interface) via a crafted UDP packet.

7.8
2009-03-25 CVE-2008-6521 Devraj Mukherjee Information Exposure vulnerability in Devraj Mukherjee Openterracotta 0.6.1

index.php in Terracotta (aka OpenTerracotta) 0.6.1 allows remote attackers to obtain sensitive information via an invalid File parameter, which reveals the installation path in an error message.

7.8
2009-03-26 CVE-2008-6535 Paypalestores Permissions, Privileges, and Access Controls vulnerability in Paypalestores Paypal Estores

admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter.

7.5
2009-03-26 CVE-2009-1151 Phpmyadmin Code Injection vulnerability in PHPmyadmin

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

7.5
2009-03-26 CVE-2009-1149 Phpmyadmin Improper Input Validation vulnerability in PHPmyadmin

CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.

7.5
2009-03-26 CVE-2009-1066 Getpixie SQL Injection vulnerability in Getpixie Pixie CMS 1.01A

SQL injection vulnerability in the referral function in admin/lib/lib_logs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request.

7.5
2009-03-26 CVE-2009-1065 Getpixie SQL Injection vulnerability in Getpixie Pixie CMS 1.01A

SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter.

7.5
2009-03-26 CVE-2009-0364 Citadel USE of Externally-Controlled Format String vulnerability in Citadel Webcit

Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors.

7.5
2009-03-25 CVE-2009-1105 SUN Multiple Security vulnerability in Sun Java Runtime Environment and Java Development Kit

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.

7.5
2009-03-25 CVE-2009-1099 SUN Numeric Errors vulnerability in SUN Java Runtime Environment and Java SE Development KIT

Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow.

7.5
2009-03-25 CVE-2008-6527 Go4I SQL Injection vulnerability in Go4I Go41.Net ASP Forum 1.0

SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the iFor parameter.

7.5
2009-03-25 CVE-2008-6526 Bosdev SQL Injection vulnerability in Bosdev BOS Classifieds

SQL injection vulnerability in index.php in BosDev BosClassifieds allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2008-1838.

7.5
2009-03-25 CVE-2008-6525 Nicephpscripts SQL Injection vulnerability in Nicephpscripts Nice PHP FAQ Script

SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script (Knowledge base Script) allows remote attackers to execute arbitrary SQL commands via the Password parameter (aka the pass field).

7.5
2009-03-25 CVE-2008-6523 Cale Dunlap Improper Authentication vulnerability in Cale Dunlap Openinvoice 0.90

auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie.

7.5
2009-03-25 CVE-2008-6517 Nick Jenkin SQL Injection vulnerability in Nick Jenkin Newshowler 1.0.3Beta

SQL injection vulnerability in NewsHOWLER 1.03 Beta allows remote attackers to execute arbitrary SQL commands via the news_user cookie parameter.

7.5
2009-03-25 CVE-2008-6516 Phpkf Path Traversal vulnerability in PHPkf PHPkf-Portal 1.0

Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a ..

7.5
2009-03-25 CVE-2009-0920 HP Buffer Errors vulnerability in HP Network Node Manager 7.0.1/7.5.1/7.5.3

Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.

7.5
2009-03-24 CVE-2009-1050 Kamads Improper Authentication vulnerability in Kamads Bloginator 1A

Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie.

7.5
2009-03-24 CVE-2009-1049 Kamads SQL Injection vulnerability in Kamads Bloginator 1A

SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-03-23 CVE-2008-6509 Igniterealtime SQL Injection vulnerability in Igniterealtime Openfire

SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.

7.5
2009-03-23 CVE-2008-6508 Igniterealtime Path Traversal vulnerability in Igniterealtime Openfire

Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a ..

7.5
2009-03-26 CVE-2009-1152 Siemens Denial of Service vulnerability in Siemens Gigaset Se461 Wimax Router 1.5Bl024.9.6401

Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and possibly other versions, allows remote attackers to cause a denial of service (device restart and loss of configuration) by connecting to TCP port 53, then closing the connection.

7.3
2009-03-26 CVE-2009-1041 Freebsd Buffer Errors vulnerability in Freebsd 7.0/7.1/7.2

The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value.

7.2
2009-03-27 CVE-2009-0637 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco IOS

The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command.

7.1
2009-03-27 CVE-2009-0635 Cisco Resource Management Errors vulnerability in Cisco IOS 12.4T/12.4Xz/12.4Ya

Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.

7.1
2009-03-27 CVE-2009-0634 Cisco Denial of Service vulnerability in Cisco IOS 12.3/12.4

Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via an ICMP packet, aka Bug ID CSCso05337.

7.1
2009-03-27 CVE-2009-0633 Cisco Denial of Service vulnerability in Cisco IOS 12.3/12.4

Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6 packets, aka Bug ID CSCsm97220.

7.1
2009-03-27 CVE-2009-0630 Cisco Features IP Sockets Denial Of Service vulnerability in Cisco IOS

The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission Control HTTP Authentication Proxy; (6) Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass; (7) Distributed Director with HTTP Redirects; and (8) TCP DNS features in Cisco IOS 12.0 through 12.4 do not properly handle IP sockets, which allows remote attackers to cause a denial of service (outage or resource consumption) via a series of crafted TCP packets.

7.1
2009-03-26 CVE-2008-6534 Vwsolutions Improper Input Validation vulnerability in Vwsolutions Null FTP 1.1.0.7

Incomplete blacklist vulnerability in NULL FTP Server Free and Pro 1.1.0.7 allows remote authenticated users to execute arbitrary commands via a custom SITE command containing shell metacharacters such as "&" (ampersand) in the middle of an argument.

7.1

66 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-03-26 CVE-2008-6532 Drupal Cross-Site Request Forgery (CSRF) vulnerability in Drupal

Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database.

6.8
2009-03-26 CVE-2008-6531 Atlassian Code Injection vulnerability in Atlassian Jira

The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."

6.8
2009-03-26 CVE-2009-1063 Brother Soft Buffer Errors vulnerability in Brother Soft Exescope 6

Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers to execute arbitrary code via a crafted executable (.exe) file.

6.8
2009-03-25 CVE-2009-1090 Rapidleech Path Traversal vulnerability in Rapidleech 2.3

Directory traversal vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uploaded parameter.

6.8
2009-03-25 CVE-2008-6522 Devraj Mukherjee Path Traversal vulnerability in Devraj Mukherjee Openterracotta 0.6.1

Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a ..

6.8
2009-03-25 CVE-2009-0207 HP
Oracle
Local Privilege Escalation vulnerability in HP Hp-Ux B.11.11/B.11.23/B.11.31

Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local users to gain root privileges via unknown vectors.

6.8
2009-03-24 CVE-2008-6513 Aphpkb Code Injection vulnerability in Aphpkb 0.92.9

Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowledgebase (aphpkb) 0.92.9 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a link that is listed by authors.php.

6.8
2009-03-24 CVE-2008-6512 Google Unspecified vulnerability in Google Gears

Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain, then accessing that file from the attacking domain, whose response headers are not checked and cause the worker code to run in the target domain.

6.8
2009-03-26 CVE-2008-6530 Ezonescripts Local Arbitrary File Upload vulnerability in Ezonescripts Living Local 1.1

Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file.

6.5
2009-03-25 CVE-2008-6524 Cale Dunlap Credentials Management vulnerability in Cale Dunlap Openinvoice

resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter.

6.5
2009-03-25 CVE-2008-6518 Vidiscript Code Injection vulnerability in Vidiscript

Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request.

6.5
2009-03-25 CVE-2009-1077 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Java System Identity Manager

The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password.

6.5
2009-03-25 CVE-2009-1106 SUN Improper Input Validation vulnerability in SUN JDK and JRE

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.

6.4
2009-03-25 CVE-2009-1103 SUN Multiple Security vulnerability in Sun Java Runtime Environment and Java Development Kit

Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860.

6.4
2009-03-25 CVE-2009-1102 SUN Code Injection vulnerability in SUN Java

Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."

6.4
2009-03-25 CVE-2009-1086 Nlnetlabs Resource Management Errors vulnerability in Nlnetlabs Ldns 1.4.0/1.4.1

Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.

6.4
2009-03-25 CVE-2009-1084 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Java System Identity Manager

Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object.

6.4
2009-03-25 CVE-2009-0784 Systemtap
Debian
Race Condition vulnerability in multiple products

Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors.

6.3
2009-03-24 CVE-2008-6514 Compiz Permissions, Privileges, and Access Controls vulnerability in Compiz Fusion 0.7.8

The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920.

6.2
2009-03-26 CVE-2009-1064 Orbit Downloader
Orbitdownloader
Code Injection vulnerability in multiple products

Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method.

5.8
2009-03-25 CVE-2009-1104 SUN Configuration vulnerability in SUN Java

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331.

5.8
2009-03-23 CVE-2008-6511 Igniterealtime Improper Input Validation vulnerability in Igniterealtime Openfire

Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.

5.8
2009-03-25 CVE-2009-0891 IBM Improper Authentication vulnerability in IBM Websphere Application Server

The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks.

5.5
2009-03-27 CVE-2009-0629 Cisco Unspecified vulnerability in Cisco IOS

The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) via a series of crafted TCP packets.

5.4
2009-03-27 CVE-2009-0845 MIT Improper Input Validation vulnerability in MIT Kerberos and Kerberos 5

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.

5.0
2009-03-27 CVE-2009-0789 Openssl Numeric Errors vulnerability in Openssl

OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.

5.0
2009-03-27 CVE-2009-0590 Openssl
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

5.0
2009-03-26 CVE-2009-1148 Phpmyadmin Path Traversal vulnerability in PHPmyadmin

Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable).

5.0
2009-03-26 CVE-2008-6528 Tmaxsoft Improper Input Validation vulnerability in Tmaxsoft Jeus 5

NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream.

5.0
2009-03-25 CVE-2009-1101 SUN Multiple Security vulnerability in SUN JDK and JRE

Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak."

5.0
2009-03-25 CVE-2009-1100 SUN Multiple Security vulnerability in SUN JDK and JRE

Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.

5.0
2009-03-25 CVE-2009-1093 SUN Configuration vulnerability in SUN Jdk, JRE and SDK

LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).

5.0
2009-03-25 CVE-2009-1089 Rapidleech Path Traversal vulnerability in Rapidleech 2.3/Rev36

Absolute path traversal vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to read arbitrary files via a base64-encoded absolute path in the filename parameter.

5.0
2009-03-25 CVE-2009-1085 Matomo Permissions, Privileges, and Access Controls vulnerability in Matomo

Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh.

5.0
2009-03-25 CVE-2009-1076 SUN Information Exposure vulnerability in SUN Java System Identity Manager

Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

5.0
2009-03-25 CVE-2009-1075 SUN Credentials Management vulnerability in SUN Java System Identity Manager

Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

5.0
2009-03-25 CVE-2009-1074 SUN Cryptographic Issues vulnerability in SUN Java System Identity Manager

Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs.

5.0
2009-03-24 CVE-2009-1056 IBM Information Disclosure vulnerability in IBM Rational AppScan Enterprise Exported Report

IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported reports by "forcefully browsing."

5.0
2009-03-24 CVE-2009-1053 Chaozz Permissions, Privileges, and Access Controls vulnerability in Chaozz Chaozzdb 1.0/1.1

chaozzDB 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.

5.0
2009-03-24 CVE-2009-1052 Chaozz Permissions, Privileges, and Access Controls vulnerability in Chaozz Fireant 1.0/1.2

FireAnt 1.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.

5.0
2009-03-24 CVE-2009-1051 Chaozz Permissions, Privileges, and Access Controls vulnerability in Chaozz Fubarforum

FubarForum 1.6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.

5.0
2009-03-23 CVE-2009-1045 Videolan Improper Input Validation vulnerability in Videolan VLC Media Player 0.9.8A

requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.

5.0
2009-03-23 CVE-2008-6507 Phpbb Information Disclosure vulnerability in Phpbb

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum.

5.0
2009-03-23 CVE-2008-6506 Phpbb Permissions, Privileges, and Access Controls vulnerability in PHPbb

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors.

5.0
2009-03-23 CVE-2008-6505 Apache Path Traversal vulnerability in Apache Struts

Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.

5.0
2009-03-23 CVE-2008-6504 Opensymphony
Apache
Improper Input Validation vulnerability in multiple products

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.

5.0
2009-03-25 CVE-2009-1072 Linux
Opensuse
Suse
Debian
Canonical
Vmware
Microsoft
Redhat
Configuration vulnerability in multiple products

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.

4.9
2009-03-25 CVE-2009-0787 Linux Numeric Errors vulnerability in Linux Kernel

The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory.

4.9
2009-03-23 CVE-2009-1046 Linux Resource Management Errors vulnerability in Linux Kernel

The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries.

4.7
2009-03-26 CVE-2008-6533 Drupal Cross-Site Scripting vulnerability in Drupal

Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

4.3
2009-03-26 CVE-2008-6529 Ezonescripts Cross-Site Scripting vulnerability in Ezonescripts Living Local 1.1

Cross-site scripting (XSS) vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to inject arbitrary web script or HTML via the r parameter.

4.3
2009-03-26 CVE-2009-1150 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.

4.3
2009-03-26 CVE-2009-1070 Expressionengine Cross-Site Scripting vulnerability in Expressionengine 1.6.4/1.6.5/1.6.6

Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter.

4.3
2009-03-26 CVE-2009-1069 Drupal Cross-Site Scripting vulnerability in Drupal Content Construction KIT

Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in the Node reference sub-module and the (2) names of candidate referenced users in the User reference sub-module.

4.3
2009-03-26 CVE-2009-1067 Getpixie Cross-Site Scripting vulnerability in Getpixie Pixie CMS 1.01A

Cross-site scripting (XSS) vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to inject arbitrary web script or HTML via the x parameter.

4.3
2009-03-25 CVE-2009-1107 SUN Multiple Security vulnerability in Sun Java Runtime Environment and Java Development Kit

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.

4.3
2009-03-25 CVE-2009-1091 Rapidleech Cross-Site Scripting vulnerability in Rapidleech Rev36

Cross-site scripting (XSS) vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to inject arbitrary web script or HTML via the uploaded parameter.

4.3
2009-03-25 CVE-2009-1081 SUN Cross-Site Scripting vulnerability in SUN Java System Identity Manager

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19595 and 19661.

4.3
2009-03-25 CVE-2009-1080 SUN Cross-Site Scripting vulnerability in SUN Java System Identity Manager

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033.

4.3
2009-03-25 CVE-2009-1079 SUN Cross-Site Scripting vulnerability in SUN Java System Identity Manager

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683.

4.3
2009-03-24 CVE-2008-6515 Vclcomponents Cross-Site Scripting vulnerability in Vclcomponents Yappa-Ng

Cross-site scripting (XSS) vulnerability in Fritz Berger yet another php photo album - next generation (yappa-ng) allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.

4.3
2009-03-23 CVE-2009-1047 Drupal Cross-Site Scripting vulnerability in Drupal and Print

Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail.

4.3
2009-03-23 CVE-2008-6510 Igniterealtime Cross-Site Scripting vulnerability in Igniterealtime Openfire

Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter.

4.3
2009-03-23 CVE-2009-0581 Gimp
Mozilla
SUN
Littlecms
Resource Management Errors vulnerability in multiple products

Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

4.3
2009-03-25 CVE-2009-1078 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Java System Identity Manager

Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, which allows remote authenticated users to have an unspecified impact.

4.0
2009-03-24 CVE-2009-1055 Sitecore Information Disclosure vulnerability in Sitecore CMS 5.3.0/5.3.1

Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev.

4.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-03-27 CVE-2009-0591 Openssl Improper Authentication vulnerability in Openssl 0.9.8H/0.9.8I/0.9.8J

The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.

2.6