Weekly Vulnerabilities Reports > May 11 to 17, 2009
Overview
100 new vulnerabilities reported during this period, including 34 critical vulnerabilities and 21 high severity vulnerabilities. This weekly summary report vulnerabilities in 78 products from 60 vendors including Apple, Microsoft, Squirrelmail, Mini Stream, and Adobe. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Permissions, Privileges, and Access Controls", "SQL Injection", and "Cross-site Scripting".
- 92 reported vulnerabilities are remotely exploitables.
- 47 reported vulnerabilities have public exploit available.
- 35 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 95 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 21 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 14 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
34 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-05-16 | CVE-2009-1656 | Xerox | Remote Command Execution vulnerability in Xerox WorkCentre Webserver Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka "command injection vulnerability." | 10.0 |
| 2009-05-11 | CVE-2009-1611 | Electrasoft | Buffer Errors vulnerability in Electrasoft 32Bit FTP 09.04.24 Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 257 reply to a CWD command. | 10.0 |
| 2009-05-15 | CVE-2009-1647 | Ultrafunk | Buffer Errors vulnerability in Ultrafunk Popcorn 1.87 Heap-based buffer overflow in popcorn.exe in Ultrafunk Popcorn 1.87 allows remote POP3 servers to cause a denial of service (application crash) via a long string in a +OK response. | 9.3 |
| 2009-05-15 | CVE-2009-1646 | Mini Stream | Buffer Errors vulnerability in Mini-Stream RM Downloader 3.0.0.9 Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long rtsp URL in a .ram file. | 9.3 |
| 2009-05-15 | CVE-2009-1645 | Mini Stream | Buffer Errors vulnerability in Mini-Stream Easy Rm-Mp3 Converter 3.0.0.7 Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. | 9.3 |
| 2009-05-15 | CVE-2009-1644 | Sorinara | Buffer Errors vulnerability in Sorinara Streaming Audio Player 0.9 Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 allows remote attackers to execute arbitrary code via a crafted .pla file. | 9.3 |
| 2009-05-15 | CVE-2009-1643 | Sorinara | Buffer Errors vulnerability in Sorinara Soritong MP3 Player 1.0 Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows remote attackers to execute arbitrary code via a crafted .m3u file. | 9.3 |
| 2009-05-15 | CVE-2009-1642 | Mini Stream | Buffer Errors vulnerability in Mini-Stream TO MP3 Converter 3.0.0.7 Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. | 9.3 |
| 2009-05-15 | CVE-2009-1641 | Mini Stream | Buffer Errors vulnerability in Mini-Stream Ripper 3.0.1.1 Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. | 9.3 |
| 2009-05-13 | CVE-2009-0945 | Apple Microsoft | Code Injection vulnerability in Apple Safari Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. | 9.3 |
| 2009-05-13 | CVE-2009-0010 | Apple | Numeric Errors vulnerability in Apple mac OS X Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow. | 9.3 |
| 2009-05-12 | CVE-2009-1137 | Microsoft | Buffer Errors vulnerability in Microsoft Office Powerpoint 2000/2002/2003 Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227. | 9.3 |
| 2009-05-12 | CVE-2009-1131 | Microsoft | Buffer Errors vulnerability in Microsoft Office Powerpoint 2000 Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability." | 9.3 |
| 2009-05-12 | CVE-2009-1130 | Microsoft | Buffer Errors vulnerability in Microsoft Office and Office Powerpoint Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability." | 9.3 |
| 2009-05-12 | CVE-2009-1129 | Microsoft | Buffer Errors vulnerability in Microsoft Office Powerpoint 2000/2002/2003 Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128. | 9.3 |
| 2009-05-12 | CVE-2009-1128 | Microsoft | Code Injection vulnerability in Microsoft Office Powerpoint 2000/2002/2003 Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129. | 9.3 |
| 2009-05-12 | CVE-2009-0227 | Microsoft | Buffer Errors vulnerability in Microsoft Office Powerpoint 2000/2002/2003 Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137. | 9.3 |
| 2009-05-12 | CVE-2009-0226 | Microsoft | Buffer Errors vulnerability in Microsoft Office Powerpoint 2000/2002/2003 Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137. | 9.3 |
| 2009-05-12 | CVE-2009-0225 | Microsoft | Code Injection vulnerability in Microsoft Office Powerpoint 2002 Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability." | 9.3 |
| 2009-05-12 | CVE-2009-0224 | Microsoft | Code Injection vulnerability in Microsoft products Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 2003 and 2007 SP1 and SP2; PowerPoint in Microsoft Office 2004 for Mac and 2008 for Mac; Open XML File Format Converter for Mac; Microsoft Works 8.5 and 9.0; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly validate PowerPoint files, which allows remote attackers to execute arbitrary code via multiple crafted BuildList records that include ChartBuild containers, which triggers memory corruption, aka "Memory Corruption Vulnerability." | 9.3 |
| 2009-05-12 | CVE-2009-0223 | Microsoft | Code Injection vulnerability in Microsoft Office Powerpoint 2000/2002/2003 Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. | 9.3 |
| 2009-05-12 | CVE-2009-0222 | Microsoft | Code Injection vulnerability in Microsoft Office Powerpoint 2000/2002/2003 Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. | 9.3 |
| 2009-05-12 | CVE-2009-0221 | Microsoft | Numeric Errors vulnerability in Microsoft Office Powerpoint 2002/2003 Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability." | 9.3 |
| 2009-05-12 | CVE-2009-0220 | Microsoft | Buffer Errors vulnerability in Microsoft Office Powerpoint 2000/2002/2003 Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability." | 9.3 |
| 2009-05-12 | CVE-2009-1627 | SDP Multimedia | Buffer Errors vulnerability in SDP Multimedia Streaming Download Project 2.3.0 Stack-based buffer overflow in Streaming Download Project (SDP) Downloader 2.3.0 allows remote attackers to execute arbitrary code via a long .asf URL in the HREF attribute of a REF element in a .asx file. | 9.3 |
| 2009-05-11 | CVE-2009-1612 | Baofeng | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Baofeng Storm Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. | 9.3 |
| 2009-05-11 | CVE-2009-1608 | Microchip | Buffer Errors vulnerability in Microchip Mplab IDE 8.30 Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly earlier versions allow user-assisted remote attackers to execute arbitrary code via a .MCP project file with long (1) FILE_INFO, (2) CAT_FILTERS, and possibly other fields. | 9.3 |
| 2009-05-11 | CVE-2009-1606 | Dafolo | Buffer Errors vulnerability in Dafolo Dafolocontrol 1.108.6 Multiple stack-based and heap-based buffer overflows in Dafolo DafoloControl ActiveX control (DafoloFFControl.dll) 1.108.6.195 allow remote attackers to execute arbitrary code via long (1) baseurl, (2) kommune, (3) felter, (4) afdeling, (5) Flags, (6) HelpURL, (7) caburl, or (8) filename properties; or (9) a long argument to the Open method. | 9.3 |
| 2009-05-11 | CVE-2009-1605 | Sumatrapdfreader | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sumatrapdfreader Sumatrapdf Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. | 9.3 |
| 2009-05-11 | CVE-2009-1600 | Apple Adobe | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. | 9.3 |
| 2009-05-11 | CVE-2009-1599 | Opera Adobe | Permissions, Privileges, and Access Controls vulnerability in Opera Browser Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. | 9.3 |
| 2009-05-11 | CVE-2009-1598 | Unspecified vulnerability in Google Chrome Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. | 9.3 | |
| 2009-05-11 | CVE-2009-1597 | Mozilla Adobe | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. | 9.3 |
| 2009-05-11 | CVE-2009-0194 | Garmin | Permissions, Privileges, and Access Controls vulnerability in Garmin Communicator Plugin 2.6.4.0 The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the user, which allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a "synchronisation error." | 9.3 |
21 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-05-16 | CVE-2009-1653 | Tinybutstrong | Path Traversal vulnerability in Tinybutstrong 3.4.0 Directory traversal vulnerability in examples/tbs_us_examples_0view.php in TinyButStrong 3.4.0 allows remote attackers to read arbitrary files via a .. | 7.8 |
| 2009-05-16 | CVE-2009-1652 | 2Daybiz | Permissions, Privileges, and Access Controls vulnerability in 2Daybiz Business Community Script admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request. | 7.5 |
| 2009-05-16 | CVE-2009-1651 | 2Daybiz | SQL Injection vulnerability in 2Daybiz Business Community Script SQL injection vulnerability in admin/member_details.php in 2daybiz Business Community Script allows remote attackers to execute arbitrary SQL commands via the mid parameter. | 7.5 |
| 2009-05-16 | CVE-2009-1650 | Tenfourzero | SQL Injection vulnerability in Tenfourzero Shutter 0.1.1 Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html. | 7.5 |
| 2009-05-16 | CVE-2009-1649 | Bicluc | Path Traversal vulnerability in Bicluc Belive 0.2.3 Directory traversal vulnerability in arch.php in beLive 0.2.3 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2009-05-15 | CVE-2009-1638 | T Dreams | Improper Authentication vulnerability in T-Dreams JOB Career Package 3.0 Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login. | 7.5 |
| 2009-05-15 | CVE-2009-0688 | Carnegie Mellon University | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Carnegie Mellon University Cyrus-Sasl Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c. | 7.5 |
| 2009-05-14 | CVE-2009-1465 | Klinzmann | Credentials Management vulnerability in Klinzmann Application Access Server 2.0.48 Application Access Server (A-A-S) 2.0.48 has "wildbat" as its default password for the admin account, which makes it easier for remote attackers to obtain access. | 7.5 |
| 2009-05-13 | CVE-2009-0152 | Apple | Cleartext Storage of Sensitive Information vulnerability in Apple mac OS X and mac OS X Server iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network. | 7.5 |
| 2009-05-12 | CVE-2009-1626 | Will Kraft | SQL Injection vulnerability in Will Kraft Ez-Blog SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 20090427, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category parameter. | 7.5 |
| 2009-05-12 | CVE-2009-1622 | Ecshop | SQL Injection vulnerability in Ecshop 2.5.0 SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote attackers to execute arbitrary SQL commands via the order_sn parameter in an order_query action. | 7.5 |
| 2009-05-12 | CVE-2009-1619 | Teraway | Improper Authentication vulnerability in Teraway Filestream 1.0 Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1. | 7.5 |
| 2009-05-12 | CVE-2009-1618 | Teraway | Improper Authentication vulnerability in Teraway Livehelp 2.0 Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie. | 7.5 |
| 2009-05-12 | CVE-2009-1617 | Teraway | Improper Authentication vulnerability in Teraway Linktracker 1.0 Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie. | 7.5 |
| 2009-05-12 | CVE-2008-6808 | Scripts FOR Sites | SQL Injection vulnerability in Scripts-For-Sites EZ Link Directory SQL injection vulnerability in links.php in Scripts for Sites (SFS) EZ Link Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | 7.5 |
| 2009-05-12 | CVE-2008-6807 | Ibiblio | Code Injection vulnerability in Ibiblio Osprey 1.0A4.1 PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xml_dir parameter. | 7.5 |
| 2009-05-11 | CVE-2008-6803 | Yigit Aybuga | SQL Injection vulnerability in Yigit Aybuga Dizi Portali SQL injection vulnerability in diziler.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2009-05-11 | CVE-2009-1610 | Jobscript | Permissions, Privileges, and Access Controls vulnerability in Jobscript JOB Script JOB Board Software 2.0 admin/changepassword.php in Job Script Job Board Software 2.0 allows remote attackers to change the administrator password and gain administrator privileges via a direct request. | 7.5 |
| 2009-05-11 | CVE-2009-1603 | Opensc Project Fedoraproject | Cleartext Storage of Sensitive Information vulnerability in multiple products src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted. | 7.5 |
| 2009-05-14 | CVE-2009-0714 | Microsoft Novell Redhat Suse HP | Privilege Escalation vulnerability in HP Data Protector Express 3.5/4.0 Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets. | 7.2 |
| 2009-05-13 | CVE-2008-1517 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues. | 7.2 |
43 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-05-14 | CVE-2009-1629 | Antony Lesuisse | Improper Authentication vulnerability in Antony Lesuisse Ajaxterm ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack. | 6.8 |
| 2009-05-14 | CVE-2009-1579 | Squirrelmail | Code Injection vulnerability in Squirrelmail The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. | 6.8 |
| 2009-05-14 | CVE-2009-1464 | Klinzmann | Cross-Site Request Forgery (CSRF) vulnerability in Klinzmann Application Access Server 2.0.48 Multiple cross-site request forgery (CSRF) vulnerabilities in index.aas in Application Access Server (A-A-S) 2.0.48 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary programs via a command job, (2) stop services via a setservice job, or (3) terminate processes via a killprocess job. | 6.8 |
| 2009-05-13 | CVE-2009-0944 | Apple | Code Injection vulnerability in Apple mac OS X and mac OS X Server The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption. | 6.8 |
| 2009-05-13 | CVE-2009-0943 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. | 6.8 |
| 2009-05-13 | CVE-2009-0942 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. | 6.8 |
| 2009-05-13 | CVE-2009-0160 | Apple | Code Injection vulnerability in Apple mac OS X and mac OS X Server QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption. | 6.8 |
| 2009-05-13 | CVE-2009-0158 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server. | 6.8 |
| 2009-05-13 | CVE-2009-0157 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers. | 6.8 |
| 2009-05-13 | CVE-2009-0155 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based buffer overflow. | 6.8 |
| 2009-05-13 | CVE-2009-0154 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font. | 6.8 |
| 2009-05-13 | CVE-2009-0145 | Apple | Code Injection vulnerability in Apple mac OS X and mac OS X Server CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption. | 6.8 |
| 2009-05-12 | CVE-2009-1625 | Davlin | Path Traversal vulnerability in Davlin Thickbox Gallery 2 Directory traversal vulnerability in index.php in Thickbox Gallery 2 allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2009-05-12 | CVE-2008-6806 | 7 Shop | Improper Input Validation vulnerability in 7-Shop 7Shop 0.9Beta/1.0 Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/. | 6.8 |
| 2009-05-11 | CVE-2009-1615 | Gowondesigns | Unspecified vulnerability in Gowondesigns Leap 0.1.4 Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request. | 6.8 |
| 2009-05-11 | CVE-2009-1613 | Gowondesigns | SQL Injection vulnerability in Gowondesigns Leap 0.1.4 Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter. | 6.8 |
| 2009-05-11 | CVE-2008-6805 | Micgr | SQL Injection vulnerability in Micgr MIC Blog 0.0.3 Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to category.php, the (2) user parameter to login.php, and the (3) site parameter to register.php. | 6.8 |
| 2009-05-11 | CVE-2009-1609 | Battleblog | Improper Input Validation vulnerability in Battleblog Battle Blog 1.25 Unrestricted file upload vulnerability in admin/uploadform.asp in Battle Blog 1.25 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | 6.8 |
| 2009-05-11 | CVE-2009-1601 | Ubuntu | Permissions, Privileges, and Access Controls vulnerability in Ubuntu Linux 9.04 The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory. | 6.8 |
| 2009-05-16 | CVE-2009-1655 | Easy Scripts | SQL Injection vulnerability in Easy-Scripts Answer and Question Script Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password. | 6.5 |
| 2009-05-11 | CVE-2009-1596 | Igniterealtime | Improper Authentication vulnerability in Igniterealtime Openfire Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet. | 6.5 |
| 2009-05-15 | CVE-2009-1637 | Simplecustomer | Permissions, Privileges, and Access Controls vulnerability in Simplecustomer Simple Customer 1.3 profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters. | 6.4 |
| 2009-05-13 | CVE-2009-0161 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate. | 6.4 |
| 2009-05-14 | CVE-2009-1580 | Squirrelmail | Improper Authentication vulnerability in Squirrelmail Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. | 5.8 |
| 2009-05-14 | CVE-2009-1466 | Klinzmann | Cleartext Storage of Sensitive Information vulnerability in Klinzmann Application Access Server 2.0.48 Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file. | 5.5 |
| 2009-05-14 | CVE-2009-1632 | Ipsec Tools | Resource Management Errors vulnerability in Ipsec-Tools Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. | 5.0 |
| 2009-05-12 | CVE-2009-1624 | DEW Code | Path Traversal vulnerability in Dew-Code Dew-Newphplinks 2.0 Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2009-05-12 | CVE-2009-1621 | Opencart | Path Traversal vulnerability in Opencart 1.1.8 Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2009-05-11 | CVE-2009-1602 | Pablosoftwaresolutions | Buffer Errors vulnerability in Pablosoftwaresolutions Quick'N Easy Mail Server 3.3 Pablo Software Solutions Quick 'n Easy Mail Server 3.3 allows remote attackers to cause a denial of service (daemon outage or CPU consumption) via multiple long SMTP commands, as demonstrated by HELO commands. | 5.0 |
| 2009-05-14 | CVE-2009-1630 | Linux Opensuse Debian Canonical Vmware | Permissions, Privileges, and Access Controls vulnerability in multiple products The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver. | 4.4 |
| 2009-05-13 | CVE-2009-0150 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image. | 4.4 |
| 2009-05-13 | CVE-2009-0149 | Apple | Code Injection vulnerability in Apple mac OS X and mac OS X Server Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption. | 4.4 |
| 2009-05-16 | CVE-2009-1654 | Easy Scripts | Cross-Site Scripting vulnerability in Easy-Scripts Answer and Question Script Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy Scripts Answer and Question Script allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. | 4.3 |
| 2009-05-14 | CVE-2009-1581 | Squirrelmail | Cross-Site Scripting vulnerability in Squirrelmail functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message. | 4.3 |
| 2009-05-14 | CVE-2009-1578 | Squirrelmail | Cross-Site Scripting vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING). | 4.3 |
| 2009-05-13 | CVE-2009-0162 | Apple Microsoft | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. | 4.3 |
| 2009-05-13 | CVE-2009-0156 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read. | 4.3 |
| 2009-05-13 | CVE-2009-0153 | Apple | Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. | 4.3 |
| 2009-05-13 | CVE-2009-0144 | Apple | Configuration vulnerability in Apple mac OS X and mac OS X Server CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections. | 4.3 |
| 2009-05-12 | CVE-2009-1623 | DEW Code | Cross-Site Scripting vulnerability in Dew-Code Dew-Newphplinks 2.0 Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to inject arbitrary web script or HTML via the PID parameter. | 4.3 |
| 2009-05-12 | CVE-2009-1620 | Mata | Cross-Site Scripting vulnerability in Mata Matachat Multiple cross-site scripting (XSS) vulnerabilities in input.php in MataChat allow remote attackers to inject arbitrary web script or HTML via the (1) nickname and (2) color parameters. | 4.3 |
| 2009-05-11 | CVE-2009-1607 | Linkbase | Cross-Site Scripting vulnerability in Linkbase 2.0 Cross-site scripting (XSS) vulnerability in the administrator panel in phpForm.net LinkBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the username in a registration, which is not properly handled when the administrator accesses the Users menu. | 4.3 |
| 2009-05-11 | CVE-2009-1595 | Igniterealtime | Improper Authentication vulnerability in Igniterealtime Openfire The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action. | 4.0 |
2 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-05-11 | CVE-2009-1614 | Gowondesigns | Cross-Site Scripting vulnerability in Gowondesigns Leap 0.1.4 Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). | 2.6 |
| 2009-05-14 | CVE-2009-1631 | Gnome | Permissions, Privileges, and Access Controls vulnerability in Gnome Evolution The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. | 2.1 |