Weekly Vulnerabilities Reports > April 20 to 26, 2009

Overview

110 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 76 products from 63 vendors including Apple, Glyphandcog, Foolabs, Mozilla, and Poppler. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Resource Management Errors".

  • 104 reported vulnerabilities are remotely exploitables.
  • 40 reported vulnerabilities have public exploit available.
  • 46 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 106 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Debian has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

15 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-04-23 CVE-2009-0165 Foolabs
Glyphandcog
Poppler
Numeric Errors vulnerability in multiple products

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."

10.0
2009-04-23 CVE-2009-1372 Clamav Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Clamav

Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL.

10.0
2009-04-22 CVE-2009-1361 Gscripts Improper Input Validation vulnerability in Gscripts DNS Tools

dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter.

10.0
2009-04-21 CVE-2009-1358 Debian Unspecified vulnerability in Debian Advanced Package Tool and APT

apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.

10.0
2009-04-21 CVE-2009-1350 Novell Improper Input Validation vulnerability in Novell Netidentity Client1.2.3

Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer.

10.0
2009-04-21 CVE-2009-1266 Wireshark Remote Security vulnerability in Wireshark

Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors.

10.0
2009-04-21 CVE-2009-0718 HP Unspecified vulnerability in HP Storageworks Storage Mirroring 5/5.1

Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2009-04-24 CVE-2008-6748 Megacubo Code Injection vulnerability in Megacubo 5.0.7

Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI.

9.3
2009-04-22 CVE-2009-1370 Xilisoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xilisoft Video Converter 3.1.53/5.1.23

Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video Converter 3.1.53.0704n and 5.1.23.0402 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .cue file.

9.3
2009-04-21 CVE-2008-6734 Keller WEB Admin Path Traversal vulnerability in Keller web Admin KWA 0.94

Directory traversal vulnerability in Public/index.php in Keller Web Admin CMS 0.94 Pro allows remote attackers to include and execute arbitrary local files via a ..

9.3
2009-04-21 CVE-2009-1356 Elecard Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Elecard AVC HD Player

Stack-based buffer overflow in Elecard AVC HD Player allows remote attackers to execute arbitrary code via a long MP3 filename in a playlist (.xpl) file.

9.3
2009-04-21 CVE-2009-1352 Dawningsoft Buffer Errors vulnerability in Dawningsoft Powerchm 5.7

Stack-based buffer overflow in Dawningsoft PowerCHM 5.7 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an HTML file with a link to a long URL, as demonstrated by a .rar URL.

9.3
2009-04-21 CVE-2009-1351 Heikki Ylinen Buffer Errors vulnerability in Heikki Ylinen Apollo 37Zz

Heap-based buffer overflow in Apollo 37zz allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file.

9.3
2009-04-20 CVE-2008-6731 China ON Site Improper Input Validation vulnerability in China-On-Site Flexphplink 0.0.7

Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.

9.3
2009-04-24 CVE-2009-0064 Symantec Remote Privilege Escalation vulnerability in Symantec Brightmail Gateway Appliance 7.5/7.6/7.7

Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allow remote authenticated users to gain privileges, and possibly obtain sensitive information or hijack sessions of arbitrary users, via vectors involving (1) administrative scripts or (2) console functions.

9.0

20 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-04-24 CVE-2009-1412 Google Information Exposure vulnerability in Google Chrome

Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL.

7.8
2009-04-21 CVE-2008-6737 EA Information Exposure vulnerability in EA Crysis 1.1/1.2

Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information.

7.8
2009-04-24 CVE-2009-1433 Silverstripe SQL Injection vulnerability in Silverstripe

SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter.

7.5
2009-04-24 CVE-2009-1411 Neocrome SQL Injection vulnerability in Neocrome Seditio 1.0

SQL injection vulnerability in events/inc/events.inc.php in the Events plugin for Seditio CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the c parameter to plug.php.

7.5
2009-04-24 CVE-2009-1410 Opensolution SQL Injection vulnerability in Opensolution Quick.Cms.Lite 0.5

SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-04-24 CVE-2009-1403 Creloaded SQL Injection vulnerability in Creloaded CRE Loaded 6.2

SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.

7.5
2009-04-24 CVE-2008-6752 Revou Improper Input Validation vulnerability in Revou

adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation.

7.5
2009-04-23 CVE-2009-1182 Foolabs
Glyphandcog
Poppler
Apple
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

7.5
2009-04-23 CVE-2008-6745 Blogphp Improper Input Validation vulnerability in Blogphp 2.0

index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action.

7.5
2009-04-22 CVE-2009-1368 Mozilo Path Traversal vulnerability in Mozilo Mozilocms 1.11

Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a ..

7.5
2009-04-22 CVE-2008-6743 Shock Therapy Improper Authentication vulnerability in Shock-Therapy Rsmscript 1.21

RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which bypasses the security check that is performed by verify.php.

7.5
2009-04-21 CVE-2008-6741 Simple Machines SQL Injection vulnerability in Simple Machines Simple Machines Forum

SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "\" (backslash) sequence that does not quote the "'" (single quote) character, as demonstrated via a manlabels action to index.php.

7.5
2009-04-21 CVE-2008-6739 Toddwoolums Improper Authentication vulnerability in Toddwoolums ASP Download 1.03

Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request.

7.5
2009-04-21 CVE-2008-6738 Mark Girling Improper Authentication vulnerability in Mark Girling Myshoutpro 1.2

MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1.

7.5
2009-04-21 CVE-2009-0716 HP Unspecified vulnerability in HP Storageworks Storage Mirroring 5/5.1

Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service or obtain "access" via unknown vectors.

7.5
2009-04-20 CVE-2009-1346 Interguias SQL Injection vulnerability in Interguias Nethoteles 3.0

SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 allows remote attackers to execute arbitrary SQL commands via the id_establecimiento parameter.

7.5
2009-04-20 CVE-2009-1345 Cpcommerce SQL Injection vulnerability in Cpcommerce 1.2.8

SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter.

7.5
2009-04-20 CVE-2008-6728 Phpnuke SQL Injection vulnerability in PHPnuke PHP-Nuke

SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.

7.5
2009-04-21 CVE-2009-1355 IBM Buffer Errors vulnerability in IBM AIX 5.2/5.3/6.1

Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename.

7.2
2009-04-22 CVE-2009-1360 Linux Denial of Service vulnerability in Linux Kernel 'inet6_hashtables.c' NULL Pointer Dereference

The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel before 2.6.29, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via vectors involving IPv6 packets.

7.1

75 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-04-24 CVE-2009-1407 Wonko Path Traversal vulnerability in Wonko Notftp 1.3.1

Directory traversal vulnerability in config.php in NotFTP 1.3.1 allows remote attackers to read arbitrary files via a ..

6.8
2009-04-24 CVE-2009-1406 Sweetphp Path Traversal vulnerability in Sweetphp Totalcalendar 2.4

Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-04-24 CVE-2009-1405 Pastel Path Traversal vulnerability in Pastel Pastelcms 0.8.0

Directory traversal vulnerability in index.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-04-24 CVE-2009-1404 Pastel SQL Injection vulnerability in Pastel Pastelcms 0.8.0

SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user (Username) parameter.

6.8
2009-04-24 CVE-2008-6751 Revou Improper Input Validation vulnerability in Revou Tclone

Unrestricted file upload vulnerability in index.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in settings/my_photo.

6.8
2009-04-24 CVE-2008-6750 China ON Site Improper Input Validation vulnerability in China-On-Site Flexphpdirectory 0.0.1

Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/.

6.8
2009-04-24 CVE-2008-6749 China ON Site SQL Injection vulnerability in China-On-Site Flexphpdirectory 0.0.1

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters.

6.8
2009-04-23 CVE-2009-1357 SUN Improper Input Validation vulnerability in SUN Java System Delegated Administrator 6.2/6.3/6.4

CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter.

6.8
2009-04-23 CVE-2009-1180 Foolabs
Glyphandcog
Poppler
Apple
Resource Management Errors vulnerability in multiple products

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.

6.8
2009-04-23 CVE-2009-1179 Foolabs
Glyphandcog
Poppler
Apple
Numeric Errors vulnerability in multiple products

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.

6.8
2009-04-23 CVE-2009-0800 Foolabs
Glyphandcog
Poppler
Apple
Improper Input Validation vulnerability in multiple products

Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

6.8
2009-04-23 CVE-2009-0195 Apple
Foolabs
Glyphandcog
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.

6.8
2009-04-23 CVE-2009-0163 Apple Numeric Errors vulnerability in Apple Cups

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.

6.8
2009-04-23 CVE-2008-6747 Dotproject Permissions, Privileges, and Access Controls vulnerability in Dotproject

dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges.

6.8
2009-04-23 CVE-2008-6744 Cybozu Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Dezie, Cybozu Garoon and Cybozu Office

Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2009-04-22 CVE-2009-1362 Chcounter SQL Injection vulnerability in Chcounter 3.1.3

SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter.

6.8
2009-04-22 CVE-2009-1307 Mozilla Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

6.8
2009-04-21 CVE-2008-6740 Homap Code Injection vulnerability in Homap 0.1

PHP remote file inclusion vulnerability in html/admin/modules/plugin_admin.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the _settings[pluginpath] parameter.

6.8
2009-04-20 CVE-2009-1347 Chcounter SQL Injection vulnerability in Chcounter 3.1.3

Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name parameter (aka the username field) or (2) the login_pw parameter (aka the password field).

6.8
2009-04-20 CVE-2008-6730 China ON Site SQL Injection vulnerability in China-On-Site Flexphplink 0.0.6/0.0.7

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.

6.8
2009-04-20 CVE-2008-6729 Phpmotion Cross-Site Request Forgery (CSRF) vulnerability in PHPmotion 1.0/2.0

Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.

6.8
2009-04-21 CVE-2009-0715 HP Unspecified vulnerability in HP Storage Essentials 6.0.2/6.0.3/6.0.4

Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials 6.0.2 through 6.0.4 allows remote authenticated users to obtain "access" or "extended privileges" via unknown vectors.

6.5
2009-04-24 CVE-2009-0164 Apple Improper Input Validation vulnerability in Apple Cups

The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.

6.4
2009-04-21 CVE-2008-6736 Circulargenius Permissions, Privileges, and Access Controls vulnerability in Circulargenius Flat Calendar 1.1

Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php.

6.4
2009-04-23 CVE-2009-0662 Plone Improper Authentication vulnerability in Plone Plonepas

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.

6.0
2009-04-21 CVE-2008-6735 Thaiquickcart Path Traversal vulnerability in Thaiquickcart 3

Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 allows remote attackers to read arbitrary files via a ..

5.8
2009-04-24 CVE-2009-1409 E107 SQL Injection vulnerability in E107

SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320.

5.1
2009-04-24 CVE-2009-0798 TIM Hockin Resource Management Errors vulnerability in TIM Hockin Acpid

ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.

5.0
2009-04-23 CVE-2009-1188 Poppler Numeric Errors vulnerability in Poppler

Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

5.0
2009-04-23 CVE-2009-1187 Poppler Numeric Errors vulnerability in Poppler

Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).

5.0
2009-04-23 CVE-2009-1191 Apache Improper Input Validation vulnerability in Apache Http Server 2.2.11

mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.

5.0
2009-04-23 CVE-2009-1371 Clamav Improper Input Validation vulnerability in Clamav

The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.

5.0
2009-04-22 CVE-2009-1369 Mozilo Improper Input Validation vulnerability in Mozilo Mozilocms 1.11

moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message.

5.0
2009-04-22 CVE-2009-1305 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.

5.0
2009-04-22 CVE-2009-1304 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.

5.0
2009-04-22 CVE-2009-1303 Mozilla Configuration vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.

5.0
2009-04-22 CVE-2009-1302 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.

5.0
2009-04-21 CVE-2009-1353 Sebastian Fernandez Buffer Errors vulnerability in Sebastian Fernandez Zervit 0.02

Buffer overflow in the http_parse_hex function in libz/misc.c in Zervit Webserver 0.02 allows remote attackers to cause a denial of service (daemon crash) via a long URI, related to http.c.

5.0
2009-04-21 CVE-2009-0717 HP Unspecified vulnerability in HP Storageworks Storage Mirroring 5/5.1

Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service via unknown vectors.

5.0
2009-04-24 CVE-2009-1192 Linux Local Information Disclosure vulnerability in Linux Kernel 'drivers/char/agp/generic.c'

The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.

4.9
2009-04-22 CVE-2009-1359 SUN Local Denial Of Service vulnerability in Sun OpenSolaris SCTP Sockets

Unspecified vulnerability in the SCTP sockets implementation in Sun OpenSolaris snv_106 through snv_107 allows local users to cause a denial of service (panic) via unknown vectors.

4.9
2009-04-22 CVE-2009-1336 Linux Improper Input Validation vulnerability in Linux Kernel

fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function.

4.9
2009-04-22 CVE-2009-1338 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The kill_something_info function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via a kill command.

4.6
2009-04-22 CVE-2009-1337 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.

4.4
2009-04-24 CVE-2009-1414 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors.

4.3
2009-04-24 CVE-2009-1413 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript execution in the context of an arbitrary web site.

4.3
2009-04-24 CVE-2009-0063 Symantec Cross-Site Scripting vulnerability in Symantec Brightmail Gateway Appliance 7.5/7.6/7.7

Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-04-24 CVE-2009-1408 Webspell Cross-Site Scripting vulnerability in Webspell 4.2.0C

Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using (1) email, (2) img, and (3) url tags.

4.3
2009-04-23 CVE-2009-1183 Foolabs
Glyphandcog
Poppler
Apple
Resource Management Errors vulnerability in multiple products

The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.

4.3
2009-04-23 CVE-2009-1181 Foolabs
Glyphandcog
Poppler
Apple
Resource Management Errors vulnerability in multiple products

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.

4.3
2009-04-23 CVE-2009-0799 Foolabs
Glyphandcog
Poppler
Apple
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.

4.3
2009-04-23 CVE-2009-0664 Mahara Cross-Site Scripting vulnerability in Mahara

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view.

4.3
2009-04-23 CVE-2009-0166 Foolabs
Glyphandcog
Poppler
Apple
Resource Management Errors vulnerability in multiple products

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.

4.3
2009-04-23 CVE-2009-0147 Foolabs
Glyphandcog
Apple
Numeric Errors vulnerability in multiple products

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.

4.3
2009-04-23 CVE-2009-0146 Foolabs
Glyphandcog
Apple
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.

4.3
2009-04-23 CVE-2008-6746 Horde Cross-Site Scripting vulnerability in Horde Turba H3

Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name.

4.3
2009-04-22 CVE-2009-1367 Mozilo Cross-Site Scripting vulnerability in Mozilo Mozilocms 1.11

Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a.

4.3
2009-04-22 CVE-2009-1366 Dotnetnuke Cross-Site Scripting vulnerability in Dotnetnuke

Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "name/value pairs" and "paypal IPN functionality."

4.3
2009-04-22 CVE-2009-1312 Mozilla Configuration vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header.

4.3
2009-04-22 CVE-2009-1311 Mozilla Information Exposure vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame.

4.3
2009-04-22 CVE-2009-1310 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox

Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.

4.3
2009-04-22 CVE-2009-1309 Mozilla Configuration vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.

4.3
2009-04-22 CVE-2009-1308 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.

4.3
2009-04-22 CVE-2009-1306 Mozilla Configuration vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.

4.3
2009-04-22 CVE-2009-0307 RIM Cross-Site Scripting vulnerability in RIM Blackberry Enterprise Server

Cross-site scripting (XSS) vulnerability in the "Customize Statistics Page" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters.

4.3
2009-04-21 CVE-2008-6742 Gofoxy Improper Input Validation vulnerability in Gofoxy Foxy

Foxy P2P software allows remote attackers to cause a denial of service (memory consumption) via a foxy URI with a download action and a large fs value.

4.3
2009-04-21 CVE-2008-6733 Dotnetnuke Cross-Site Scripting vulnerability in Dotnetnuke

Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter.

4.3
2009-04-21 CVE-2008-6732 Dotnetnuke Cross-Site Scripting vulnerability in Dotnetnuke

Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via "newly generated paths."

4.3
2009-04-21 CVE-2006-7238 Mark Girling Cross-Site Scripting vulnerability in Mark Girling Myshoutpro

Cross-site scripting (XSS) vulnerability in MyShoutPro before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-04-21 CVE-2009-1349 Redhat Cross-Site Scripting vulnerability in Redhat Stronghold 2.3

Cross-site scripting (XSS) vulnerability in C2Net Stronghold 2.3 allows remote attackers to inject arbitrary web script or HTML via the URI.

4.3
2009-04-20 CVE-2009-1344 Drupal Cross-Site Scripting vulnerability in Drupal Localization Client

Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality.

4.3
2009-04-20 CVE-2009-1343 Drupal Cross-Site Scripting vulnerability in Drupal Print

Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.5 and 6.x before 6.x-1.5, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via content titles.

4.3
2009-04-20 CVE-2009-1342 Drupal Cross-Site Scripting vulnerability in Drupal CCK Comment Reference 6.X/6.X1.1

Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form.

4.3
2009-04-20 CVE-2008-6727 Myupb Cross-Site Scripting vulnerability in Myupb UPB

Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

4.3
2009-04-21 CVE-2009-1354 Sergey Lyubka Path Traversal vulnerability in Sergey Lyubka Mongoose 2.4

Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a ..

4.0

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS