Weekly Vulnerabilities Reports > May 4 to 10, 2009

Overview

71 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 57 products from 46 vendors including Cisco, IBM, Icewarp, CGI Rescue, and Google. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Cross-site Scripting", "Improper Input Validation", and "Permissions, Privileges, and Access Controls".

  • 65 reported vulnerabilities are remotely exploitables.
  • 25 reported vulnerabilities have public exploit available.
  • 27 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 67 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

9 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-05-08 CVE-2009-1592 Electrasoft Buffer Errors vulnerability in Electrasoft 32Bit FTP 09.04.24

Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long banner.

10.0
2009-05-05 CVE-2009-1520 IBM Buffer Errors vulnerability in IBM products

Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17 allows attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors.

10.0
2009-05-05 CVE-2009-0720 HP Code Injection vulnerability in HP Openview Network Node Manager 7.01/7.51/7.53

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2009-05-05 CVE-2008-4828 IBM Buffer Errors vulnerability in IBM products

Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI.

10.0
2009-05-07 CVE-2009-1586 Shemes Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Shemes Grabit

Stack-based buffer overflow in the NZB importer feature in GrabIt 1.7.2 Beta 3 and earlier allows remote attackers to execute arbitrary code via a crafted DTD reference in a DOCTYPE element in an NZB file.

9.3
2009-05-07 CVE-2009-1577 Cscope Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cscope

Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file.

9.3
2009-05-07 CVE-2009-1441 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel.

9.3
2009-05-05 CVE-2009-1491 Mcafee
Microsoft
Improper Input Validation vulnerability in Mcafee Groupshield

McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.

9.3
2009-05-05 CVE-2009-0148 Cscope Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cscope

Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases.

9.3

20 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-05-05 CVE-2009-1525 Jbmc Software Improper Input Validation vulnerability in Jbmc-Software Directadmin

CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.

8.5
2009-05-07 CVE-2008-6797 Mitel Cryptographic Issues vulnerability in Mitel Nupoint Messenger R11/R3

The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network.

7.8
2009-05-06 CVE-2009-1560 Cisco Cryptographic Issues vulnerability in Cisco Wvc54Gc 1.00R22/1.00R24

The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in (1) pass_wd.htm and (2) Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code.

7.8
2009-05-06 CVE-2009-1559 Cisco Path Traversal vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24

Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files via an absolute pathname in the this_file parameter.

7.8
2009-05-06 CVE-2009-1558 Cisco Path Traversal vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24

Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e.

7.8
2009-05-06 CVE-2009-1552 SCO Denial Of Service vulnerability in SCO Unixware 7.1.4

Unspecified vulnerability in the IGMP driver in SCO Unixware Release 7.1.4 Maintenance Pack 4 allows attackers to cause a denial of service (system panic) via unspecified vectors.

7.8
2009-05-07 CVE-2009-1587 Kalptarudemos Improper Authentication vulnerability in Kalptarudemos PHP Site Lock 2.0

index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values.

7.5
2009-05-07 CVE-2009-1582 Kalptarudemos Permissions, Privileges, and Access Controls vulnerability in Kalptarudemos Million Dollar Text Links 1.0

Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php.

7.5
2009-05-07 CVE-2008-6802 Phpexplorer SQL Injection vulnerability in PHPexplorer PHPhotogallery 0.92

Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.

7.5
2009-05-07 CVE-2008-6799 Tufat Permissions, Privileges, and Access Controls vulnerability in Tufat Flashchat 5.0.8

connection.php in FlashChat 5.0.8 allows remote attackers to bypass the role filter mechanism and gain administrative privileges by setting the s parameter to "7."

7.5
2009-05-07 CVE-2008-6798 Preprojects SQL Injection vulnerability in Preprojects PRE Real Estate Listings

Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field).

7.5
2009-05-07 CVE-2008-6796 Preprojects SQL Injection vulnerability in Preprojects PRE Real Estate Listings

SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field).

7.5
2009-05-07 CVE-2008-6795 Niclor SQL Injection vulnerability in Niclor Vibro-School-Cms

SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter.

7.5
2009-05-07 CVE-2008-6794 SFS EZ PUB SQL Injection vulnerability in SFS EZ PUB FSF EX PUB

SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Pub Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2009-05-06 CVE-2009-1551 QT Cute Code Injection vulnerability in Qt-Cute Quickteam 2.0

Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) qte_web_path parameter to qte_web.php and the (2) qte_root parameter to bin/qte_init.php.

7.5
2009-05-06 CVE-2009-1549 Agtc Improper Authentication vulnerability in Agtc Myshop 3.2B

AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto."

7.5
2009-05-06 CVE-2009-1548 Qsix SQL Injection vulnerability in Qsix Blusky CMS

SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a read action.

7.5
2009-05-05 CVE-2009-1521 IBM Unspecified vulnerability in IBM products

Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage Manager (TSM) client 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.5, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17, and the TSM Express client 5.3.3.0 through 5.3.6.5, allows attackers to read or modify arbitrary files via unknown vectors.

7.5
2009-05-04 CVE-2009-1516 Icewarp Buffer Errors vulnerability in Icewarp Merak Mail Server 9.4.1

Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly demonstrated by a web application that accepts untrusted input for this method.

7.5
2009-05-05 CVE-2009-1522 IBM
Microsoft
Unspecified vulnerability in IBM Tivoli Storage Manager Client

The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors.

7.1

41 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-05-05 CVE-2009-1527 Linux Race Condition vulnerability in Linux Kernel

Race condition in the ptrace_attach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACE_ATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect cred_exec_mutex object.

6.9
2009-05-05 CVE-2009-1526 Jbmc Software Link Following vulnerability in Jbmc-Software Directadmin

JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.

6.9
2009-05-07 CVE-2009-1442 Google Numeric Errors vulnerability in Google Chrome

Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.

6.8
2009-05-07 CVE-2008-6793 Dflabs Improper Input Validation vulnerability in Dflabs PTK 0.1/0.2/1.0

The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image.

6.8
2009-05-06 CVE-2009-1561 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Wrt54Gc 1.05.7

Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters.

6.8
2009-05-04 CVE-2009-1518 Beltane Cross-Site Request Forgery (CSRF) vulnerability in Beltane 1.0.15/1.0.16/2.3.8

Cross-site request forgery (CSRF) vulnerability in Beltane before 2.3.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2009-05-04 CVE-2009-1515 Christos Zoulas Buffer Errors vulnerability in Christos Zoulas File 5.00

Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file.

6.8
2009-05-04 CVE-2009-1513 Konstanty Bialkowski Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Konstanty Bialkowski Libmodplug

Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name.

6.8
2009-05-05 CVE-2009-1468 Icewarp SQL Injection vulnerability in Icewarp Email Server and Webmail Server

Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query.

6.5
2009-05-07 CVE-2009-1584 R020 SQL Injection vulnerability in R020 Tematres 1.0.3/1.031

Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php.

6.0
2009-05-04 CVE-2008-6790 Minddezign Improper Input Validation vulnerability in Minddezign Photo Gallery 2.2

The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php.

5.1
2009-05-04 CVE-2008-6789 Minddezign SQL Injection vulnerability in Minddezign Photo Gallery 2.2

SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788.

5.1
2009-05-04 CVE-2008-6788 Minddezign SQL Injection vulnerability in Minddezign Photo Gallery 2.2

SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php.

5.1
2009-05-08 CVE-2009-1590 CGI Rescue Unspecified vulnerability in CGI Rescue Form2Mail 1.21

Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows remote attackers to send email to arbitrary recipients via a web form.

5.0
2009-05-08 CVE-2009-1589 CGI Rescue Unspecified vulnerability in CGI Rescue CGI Rescue Minibbs22

Unspecified vulnerability in CGI RESCUE MiniBBS22 before 1.01 allows remote attackers to send email to arbitrary recipients via unknown vectors.

5.0
2009-05-07 CVE-2008-6792 Ubuntu Cryptographic Issues vulnerability in Ubuntu Linux 8.10

system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks.

5.0
2009-05-06 CVE-2009-1574 Ipsec Tools Remote Denial Of Service vulnerability in IPsec-Tools Prior to 0.7.2

racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.

5.0
2009-05-06 CVE-2009-1572 Quagga Remote Denial Of Service vulnerability in Quagga Autonomous System Number

The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.

5.0
2009-05-06 CVE-2009-1555 Cisco Information Exposure vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24

The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by reading the SetupWizard.exe process memory, a related issue to CVE-2008-4390.

5.0
2009-05-06 CVE-2009-1550 Zakkis Permissions, Privileges, and Access Controls vulnerability in Zakkis ABC Advertise 1.0

Zakkis Technology ABC Advertise 1.0 does not properly restrict access to admin.inc.php, which allows remote attackers to obtain the administrator login name and password via a direct request.

5.0
2009-05-05 CVE-2009-1490 Sendmail Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sendmail

Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.

5.0
2009-05-05 CVE-2009-1523 Mortbay Path Traversal vulnerability in Mortbay Jetty

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

5.0
2009-05-04 CVE-2009-1519 Pecio CMS Path Traversal vulnerability in Pecio-Cms Pecio CMS 1.1.5

Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 allows remote attackers to read arbitrary files via a ..

5.0
2009-05-04 CVE-2008-6791 Klever Improper Input Validation vulnerability in Klever Pumpkin 2.7.2.0

PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial of service via a write request with a long mode field.

5.0
2009-05-04 CVE-2009-1514 Google Resource Management Errors vulnerability in Google Chrome 1.0.154.53

Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value.

5.0
2009-05-06 CVE-2009-1573 Debian
Redhat
Ubuntu
Branden Robinson
Permissions, Privileges, and Access Controls vulnerability in multiple products

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.

4.6
2009-05-07 CVE-2009-1585 R020 SQL Injection vulnerability in R020 Tematres 1.031

Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_correo_electronico and (2) id_password parameters to login.php.

4.4
2009-05-07 CVE-2008-6801 Vivvo Cross-Site Request Forgery (CSRF) vulnerability in Vivvo 4.0.1/4.0.2

Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4.0.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

4.4
2009-05-05 CVE-2009-1184 Linux Configuration vulnerability in Linux Kernel

The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic.

4.4
2009-05-08 CVE-2009-1591 CGI Rescue Cross-Site Scripting vulnerability in CGI Rescue CGI web Mailer

CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 allows remote attackers to inject arbitrary HTTP headers, and conduct cross-site scripting (XSS) or HTTP response splitting attacks, via CRLF sequences in an unspecified web form.

4.3
2009-05-08 CVE-2009-1588 CGI Rescue Cross-Site Scripting vulnerability in CGI Rescue CGI Rescue Minibbs 10.0/8.0/9.0

Cross-site scripting (XSS) vulnerability in CGI RESCUE MiniBBS 8t before 8.95t, 8 before 8.95, 9 before 9.08, and 10 before 10.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-05-07 CVE-2009-1583 R020 Cross-Site Scripting vulnerability in R020 Tematres 1.0.3/1.031

Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php.

4.3
2009-05-06 CVE-2009-1576 Drupal Unspecified vulnerability in Drupal

Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an attacker-controlled site, possibly related to multiple / (slash) characters that are not properly handled by includes/bootstrap.inc, as demonstrated using the search box.

4.3
2009-05-06 CVE-2009-1575 Drupal Cross-Site Scripting vulnerability in Drupal

Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7.

4.3
2009-05-06 CVE-2009-1557 Cisco Cross-Site Scripting vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24

Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi.

4.3
2009-05-06 CVE-2009-1554 Oracle
SUN
Cross-Site Scripting vulnerability in SUN Woodstock 4.2

Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF.

4.3
2009-05-06 CVE-2009-1553 Oracle Cross-Site Scripting vulnerability in Oracle Glassfish Server 2.1

Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.

4.3
2009-05-05 CVE-2009-1469 Icewarp Code Injection vulnerability in Icewarp Email Server and Webmail Server

CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user's correct credentials, and requests that the user compose a reply that includes this message.

4.3
2009-05-05 CVE-2009-1467 Icewarp Cross-Site Scripting vulnerability in Icewarp Email Server and Webmail Server

Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php; or the (2) title, (3) link, or (4) description element in an RSS feed, related to the getHTML function in server/inc/rss/item.php.

4.3
2009-05-05 CVE-2009-1524 Mortbay Cross-Site Scripting vulnerability in Mortbay Jetty

Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.

4.3
2009-05-04 CVE-2009-1517 Symantec Remote Denial of Service vulnerability in Symantec Norton Ghost 14.0

Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-05-06 CVE-2009-1556 Cisco Information Exposure vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24

img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507.

3.5