Weekly Vulnerabilities Reports > May 4 to 10, 2009
Overview
67 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 54 products from 43 vendors including Cisco, IBM, Icewarp, CGI Rescue, and Google. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", and "Permissions, Privileges, and Access Controls".
- 63 reported vulnerabilities are remotely exploitables.
- 24 reported vulnerabilities have public exploit available.
- 26 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 63 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 7 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
9 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-05-08 | CVE-2009-1592 | Electrasoft | Buffer Errors vulnerability in Electrasoft 32Bit FTP 09.04.24 Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long banner. | 10.0 |
2009-05-05 | CVE-2009-1520 | IBM | Buffer Errors vulnerability in IBM products Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17 allows attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors. | 10.0 |
2009-05-05 | CVE-2009-0720 | HP | Code Injection vulnerability in HP Openview Network Node Manager 7.01/7.51/7.53 Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2009-05-05 | CVE-2008-4828 | IBM | Buffer Errors vulnerability in IBM products Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI. | 10.0 |
2009-05-07 | CVE-2009-1586 | Shemes | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Shemes Grabit Stack-based buffer overflow in the NZB importer feature in GrabIt 1.7.2 Beta 3 and earlier allows remote attackers to execute arbitrary code via a crafted DTD reference in a DOCTYPE element in an NZB file. | 9.3 |
2009-05-07 | CVE-2009-1577 | Cscope | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cscope Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file. | 9.3 |
2009-05-07 | CVE-2009-1441 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel. | 9.3 | |
2009-05-05 | CVE-2009-1491 | Mcafee Microsoft | Improper Input Validation vulnerability in Mcafee Groupshield McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body. | 9.3 |
2009-05-05 | CVE-2009-0148 | Cscope | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cscope Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. | 9.3 |
20 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-05-05 | CVE-2009-1525 | Jbmc Software | Improper Input Validation vulnerability in Jbmc-Software Directadmin CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action. | 8.5 |
2009-05-07 | CVE-2008-6797 | Mitel | Cryptographic Issues vulnerability in Mitel Nupoint Messenger R11/R3 The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network. | 7.8 |
2009-05-06 | CVE-2009-1560 | Cisco | Cryptographic Issues vulnerability in Cisco Wvc54Gc 1.00R22/1.00R24 The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in (1) pass_wd.htm and (2) Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code. | 7.8 |
2009-05-06 | CVE-2009-1559 | Cisco | Path Traversal vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24 Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files via an absolute pathname in the this_file parameter. | 7.8 |
2009-05-06 | CVE-2009-1558 | Cisco | Path Traversal vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24 Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. | 7.8 |
2009-05-06 | CVE-2009-1552 | SCO | Denial Of Service vulnerability in SCO Unixware 7.1.4 Unspecified vulnerability in the IGMP driver in SCO Unixware Release 7.1.4 Maintenance Pack 4 allows attackers to cause a denial of service (system panic) via unspecified vectors. | 7.8 |
2009-05-07 | CVE-2009-1587 | Kalptarudemos | Improper Authentication vulnerability in Kalptarudemos PHP Site Lock 2.0 index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values. | 7.5 |
2009-05-07 | CVE-2009-1582 | Kalptarudemos | Permissions, Privileges, and Access Controls vulnerability in Kalptarudemos Million Dollar Text Links 1.0 Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php. | 7.5 |
2009-05-07 | CVE-2008-6802 | Phpexplorer | SQL Injection vulnerability in PHPexplorer PHPhotogallery 0.92 Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | 7.5 |
2009-05-07 | CVE-2008-6799 | Tufat | Permissions, Privileges, and Access Controls vulnerability in Tufat Flashchat 5.0.8 connection.php in FlashChat 5.0.8 allows remote attackers to bypass the role filter mechanism and gain administrative privileges by setting the s parameter to "7." | 7.5 |
2009-05-07 | CVE-2008-6798 | Preprojects | SQL Injection vulnerability in Preprojects PRE Real Estate Listings Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field). | 7.5 |
2009-05-07 | CVE-2008-6796 | Preprojects | SQL Injection vulnerability in Preprojects PRE Real Estate Listings SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field). | 7.5 |
2009-05-07 | CVE-2008-6795 | Niclor | SQL Injection vulnerability in Niclor Vibro-School-Cms SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter. | 7.5 |
2009-05-07 | CVE-2008-6794 | SFS EZ PUB | SQL Injection vulnerability in SFS EZ PUB FSF EX PUB SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Pub Site allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2009-05-06 | CVE-2009-1551 | QT Cute | Code Injection vulnerability in Qt-Cute Quickteam 2.0 Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) qte_web_path parameter to qte_web.php and the (2) qte_root parameter to bin/qte_init.php. | 7.5 |
2009-05-06 | CVE-2009-1549 | Agtc | Improper Authentication vulnerability in Agtc Myshop 3.2B AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto." | 7.5 |
2009-05-06 | CVE-2009-1548 | Qsix | SQL Injection vulnerability in Qsix Blusky CMS SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a read action. | 7.5 |
2009-05-05 | CVE-2009-1521 | IBM | Unspecified vulnerability in IBM products Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage Manager (TSM) client 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.5, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17, and the TSM Express client 5.3.3.0 through 5.3.6.5, allows attackers to read or modify arbitrary files via unknown vectors. | 7.5 |
2009-05-04 | CVE-2009-1516 | Icewarp | Buffer Errors vulnerability in Icewarp Merak Mail Server 9.4.1 Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly demonstrated by a web application that accepts untrusted input for this method. | 7.5 |
2009-05-05 | CVE-2009-1522 | IBM Microsoft | Unspecified vulnerability in IBM Tivoli Storage Manager Client The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors. | 7.1 |
37 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-05-05 | CVE-2009-1526 | Jbmc Software | Link Following vulnerability in Jbmc-Software Directadmin JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action. | 6.9 |
2009-05-07 | CVE-2009-1442 | Numeric Errors vulnerability in Google Chrome Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas. | 6.8 | |
2009-05-07 | CVE-2008-6793 | Dflabs | Improper Input Validation vulnerability in Dflabs PTK 0.1/0.2/1.0 The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image. | 6.8 |
2009-05-06 | CVE-2009-1561 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Wrt54Gc 1.05.7 Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters. | 6.8 |
2009-05-04 | CVE-2009-1518 | Beltane | Cross-Site Request Forgery (CSRF) vulnerability in Beltane 1.0.15/1.0.16/2.3.8 Cross-site request forgery (CSRF) vulnerability in Beltane before 2.3.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2009-05-04 | CVE-2009-1515 | Christos Zoulas | Buffer Errors vulnerability in Christos Zoulas File 5.00 Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. | 6.8 |
2009-05-05 | CVE-2009-1468 | Icewarp | SQL Injection vulnerability in Icewarp Email Server and Webmail Server Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query. | 6.5 |
2009-05-07 | CVE-2009-1584 | R020 | SQL Injection vulnerability in R020 Tematres 1.0.3/1.031 Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php. | 6.0 |
2009-05-04 | CVE-2008-6790 | Minddezign | Improper Input Validation vulnerability in Minddezign Photo Gallery 2.2 The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php. | 5.1 |
2009-05-04 | CVE-2008-6789 | Minddezign | SQL Injection vulnerability in Minddezign Photo Gallery 2.2 SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788. | 5.1 |
2009-05-04 | CVE-2008-6788 | Minddezign | SQL Injection vulnerability in Minddezign Photo Gallery 2.2 SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php. | 5.1 |
2009-05-08 | CVE-2009-1590 | CGI Rescue | Unspecified vulnerability in CGI Rescue Form2Mail 1.21 Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows remote attackers to send email to arbitrary recipients via a web form. | 5.0 |
2009-05-08 | CVE-2009-1589 | CGI Rescue | Unspecified vulnerability in CGI Rescue CGI Rescue Minibbs22 Unspecified vulnerability in CGI RESCUE MiniBBS22 before 1.01 allows remote attackers to send email to arbitrary recipients via unknown vectors. | 5.0 |
2009-05-07 | CVE-2008-6792 | Ubuntu | Cryptographic Issues vulnerability in Ubuntu Linux 8.10 system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks. | 5.0 |
2009-05-06 | CVE-2009-1574 | Ipsec Tools | Remote Denial Of Service vulnerability in IPsec-Tools Prior to 0.7.2 racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. | 5.0 |
2009-05-06 | CVE-2009-1572 | Quagga | Remote Denial Of Service vulnerability in Quagga Autonomous System Number The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. | 5.0 |
2009-05-06 | CVE-2009-1555 | Cisco | Information Exposure vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24 The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by reading the SetupWizard.exe process memory, a related issue to CVE-2008-4390. | 5.0 |
2009-05-06 | CVE-2009-1550 | Zakkis | Permissions, Privileges, and Access Controls vulnerability in Zakkis ABC Advertise 1.0 Zakkis Technology ABC Advertise 1.0 does not properly restrict access to admin.inc.php, which allows remote attackers to obtain the administrator login name and password via a direct request. | 5.0 |
2009-05-05 | CVE-2009-1490 | Sendmail | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sendmail Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header. | 5.0 |
2009-05-05 | CVE-2009-1523 | Mortbay | Path Traversal vulnerability in Mortbay Jetty Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI. | 5.0 |
2009-05-04 | CVE-2009-1519 | Pecio CMS | Path Traversal vulnerability in Pecio-Cms Pecio CMS 1.1.5 Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 allows remote attackers to read arbitrary files via a .. | 5.0 |
2009-05-04 | CVE-2008-6791 | Klever | Improper Input Validation vulnerability in Klever Pumpkin 2.7.2.0 PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial of service via a write request with a long mode field. | 5.0 |
2009-05-04 | CVE-2009-1514 | Resource Management Errors vulnerability in Google Chrome 1.0.154.53 Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value. | 5.0 | |
2009-05-06 | CVE-2009-1573 | Debian Redhat Ubuntu Branden Robinson | Permissions, Privileges, and Access Controls vulnerability in multiple products xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. | 4.6 |
2009-05-07 | CVE-2009-1585 | R020 | SQL Injection vulnerability in R020 Tematres 1.031 Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_correo_electronico and (2) id_password parameters to login.php. | 4.4 |
2009-05-07 | CVE-2008-6801 | Vivvo | Cross-Site Request Forgery (CSRF) vulnerability in Vivvo 4.0.1/4.0.2 Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4.0.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 4.4 |
2009-05-08 | CVE-2009-1591 | CGI Rescue | Cross-Site Scripting vulnerability in CGI Rescue CGI web Mailer CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 allows remote attackers to inject arbitrary HTTP headers, and conduct cross-site scripting (XSS) or HTTP response splitting attacks, via CRLF sequences in an unspecified web form. | 4.3 |
2009-05-08 | CVE-2009-1588 | CGI Rescue | Cross-Site Scripting vulnerability in CGI Rescue CGI Rescue Minibbs 10.0/8.0/9.0 Cross-site scripting (XSS) vulnerability in CGI RESCUE MiniBBS 8t before 8.95t, 8 before 8.95, 9 before 9.08, and 10 before 10.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-05-07 | CVE-2009-1583 | R020 | Cross-Site Scripting vulnerability in R020 Tematres 1.0.3/1.031 Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php. | 4.3 |
2009-05-06 | CVE-2009-1576 | Drupal | Unspecified vulnerability in Drupal Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an attacker-controlled site, possibly related to multiple / (slash) characters that are not properly handled by includes/bootstrap.inc, as demonstrated using the search box. | 4.3 |
2009-05-06 | CVE-2009-1575 | Drupal | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7. | 4.3 |
2009-05-06 | CVE-2009-1557 | Cisco | Cross-Site Scripting vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24 Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi. | 4.3 |
2009-05-06 | CVE-2009-1554 | Oracle SUN | Cross-Site Scripting vulnerability in SUN Woodstock 4.2 Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF. | 4.3 |
2009-05-06 | CVE-2009-1553 | Oracle | Cross-Site Scripting vulnerability in Oracle Glassfish Server 2.1 Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf. | 4.3 |
2009-05-05 | CVE-2009-1469 | Icewarp | Code Injection vulnerability in Icewarp Email Server and Webmail Server CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user's correct credentials, and requests that the user compose a reply that includes this message. | 4.3 |
2009-05-05 | CVE-2009-1467 | Icewarp | Cross-Site Scripting vulnerability in Icewarp Email Server and Webmail Server Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php; or the (2) title, (3) link, or (4) description element in an RSS feed, related to the getHTML function in server/inc/rss/item.php. | 4.3 |
2009-05-05 | CVE-2009-1524 | Mortbay | Cross-Site Scripting vulnerability in Mortbay Jetty Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character. | 4.3 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-05-06 | CVE-2009-1556 | Cisco | Information Exposure vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24 img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507. | 3.5 |