Weekly Vulnerabilities Reports > June 8 to 14, 2009

Overview

143 new vulnerabilities reported during this period, including 51 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 103 products from 50 vendors including Apple, Microsoft, Adobe, Mozilla, and Dokeos. Vulnerabilities are notably categorized as "Cross-site Scripting", "Resource Management Errors", "Code Injection", "SQL Injection", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 130 reported vulnerabilities are remotely exploitables.
  • 24 reported vulnerabilities have public exploit available.
  • 43 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 136 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 39 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 14 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

51 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-06-12 CVE-2009-2039 Oscommerce Remote Security vulnerability in Oscommerce Luottokunta 1.3

Unspecified vulnerability in the Luottokunta module before 1.3 for osCommerce has unknown impact and attack vectors related to orders.

10.0
2009-06-12 CVE-2009-2038 Oscommerce Unspecified vulnerability in Oscommerce Finnish Bank Payment

Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact and attack vectors related to bank charges.

10.0
2009-06-11 CVE-2009-2030 SUN
IBM
Security vulnerability in IBM OS/400 JVA-RUN JDK6.0 XML Digital Signature

Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH."

10.0
2009-06-11 CVE-2009-2028 Adobe Unspecified vulnerability in Adobe Acrobat and Acrobat Reader

Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 have unknown impact and attack vectors, related to "Adobe internally discovered issues."

10.0
2009-06-11 CVE-2009-1420 HP Stack Buffer Overflow vulnerability in HP OpenView Network Node Manager 'rping'

Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when used with SNMP (aka HPOvNNM.HPOVSNMP) before 1.30.009 and MIB (aka HPOvNNM.HPOVMIB) before 1.30.009, allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.

10.0
2009-06-10 CVE-2009-1138 Microsoft Resource Management Errors vulnerability in Microsoft Windows 2000

The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.

10.0
2009-06-10 CVE-2009-0568 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."

10.0
2009-06-10 CVE-2009-0228 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows 2000

Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."

10.0
2009-06-08 CVE-2008-6826 Mhfmedia Improper Input Validation vulnerability in Mhfmedia ADS PRO

dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages.

10.0
2009-06-12 CVE-2009-1841 Mozilla Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.

9.3
2009-06-12 CVE-2009-1840 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.

9.3
2009-06-12 CVE-2009-1838 Mozilla Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.

9.3
2009-06-12 CVE-2009-1833 Mozilla Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.

9.3
2009-06-12 CVE-2009-1832 Mozilla Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction."

9.3
2009-06-12 CVE-2009-1392 Mozilla Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.

9.3
2009-06-11 CVE-2009-0202 Microsoft Code Injection vulnerability in Microsoft Office Powerpoint 2000/2002

Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.

9.3
2009-06-11 CVE-2009-1861 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file with a JPX (aka JPEG2000) stream that triggers heap memory corruption.

9.3
2009-06-11 CVE-2009-1859 Adobe Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.

9.3
2009-06-11 CVE-2009-1858 Adobe Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader

The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.

9.3
2009-06-11 CVE-2009-1857 Adobe Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a PDF document with a crafted TrueType font.

9.3
2009-06-11 CVE-2009-1856 Adobe Numeric Errors vulnerability in Adobe Acrobat and Acrobat Reader

Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows attackers to cause a denial of service or possibly execute arbitrary code via a PDF file containing unspecified parameters to the FlateDecode filter, which triggers a heap-based buffer overflow.

9.3
2009-06-11 CVE-2009-1855 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block.

9.3
2009-06-11 CVE-2009-0889 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0888.

9.3
2009-06-11 CVE-2009-0888 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0889.

9.3
2009-06-11 CVE-2009-0512 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0888, and CVE-2009-0889.

9.3
2009-06-11 CVE-2009-0511 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889.

9.3
2009-06-11 CVE-2009-0510 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889.

9.3
2009-06-11 CVE-2009-0509 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to execute arbitrary code via a crafted file that triggers memory corruption.

9.3
2009-06-11 CVE-2009-0198 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF file that contains JBIG2 text region segments with Huffman encoding.

9.3
2009-06-10 CVE-2009-1141 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 6

Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."

9.3
2009-06-10 CVE-2009-1134 Microsoft Code Injection vulnerability in Microsoft products

Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "Record Pointer Corruption Vulnerability."

9.3
2009-06-10 CVE-2009-0561 Microsoft Numeric Errors vulnerability in Microsoft products

Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka "Record Integer Overflow Vulnerability."

9.3
2009-06-10 CVE-2009-0560 Microsoft Resource Management Errors vulnerability in Microsoft products

Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Field Sanitization Memory Corruption Vulnerability."

9.3
2009-06-10 CVE-2009-0559 Microsoft Code Injection vulnerability in Microsoft products

Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."

9.3
2009-06-10 CVE-2009-0558 Microsoft Code Injection vulnerability in Microsoft products

Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."

9.3
2009-06-10 CVE-2009-0549 Microsoft Code Injection vulnerability in Microsoft products

Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Record Pointer Corruption Vulnerability."

9.3
2009-06-10 CVE-2009-1712 Apple Code Injection vulnerability in Apple Safari

WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.

9.3
2009-06-10 CVE-2009-1711 Apple Resource Management Errors vulnerability in Apple Safari

WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

9.3
2009-06-10 CVE-2009-1709 Apple Resource Management Errors vulnerability in Apple Safari

Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."

9.3
2009-06-10 CVE-2009-1708 Apple Multiple Security vulnerability in RETIRED: Apple Safari Prior to 4.0

Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.

9.3
2009-06-10 CVE-2009-1705 Apple Numeric Errors vulnerability in Apple Safari

CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.

9.3
2009-06-10 CVE-2009-1704 Apple Code Injection vulnerability in Apple Safari

CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.

9.3
2009-06-10 CVE-2009-1701 Apple Resource Management Errors vulnerability in Apple Safari

Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.

9.3
2009-06-10 CVE-2009-1698 Apple Code Injection vulnerability in Apple Safari

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

9.3
2009-06-10 CVE-2009-1533 Microsoft Buffer Errors vulnerability in Microsoft Office, Office XP and Works

Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."

9.3
2009-06-10 CVE-2009-0565 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability."

9.3
2009-06-10 CVE-2009-1690 Apple
Google
Resource Management Errors vulnerability in multiple products

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."

9.3
2009-06-10 CVE-2009-1687 Apple Resource Management Errors vulnerability in Apple Safari

The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."

9.3
2009-06-10 CVE-2009-1686 Apple Improper Input Validation vulnerability in Apple Safari

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

9.3
2009-06-09 CVE-2008-2475 Ebay OS Command Injection vulnerability in Ebay Enhanced Picture Uploader Activex Control

eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property.

9.3
2009-06-10 CVE-2009-0230 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."

9.0

29 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-06-10 CVE-2009-1123 Microsoft Unspecified vulnerability in Microsoft products

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."

7.8
2009-06-10 CVE-2009-0557 Microsoft Code Injection vulnerability in Microsoft products

Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability."

7.8
2009-06-10 CVE-2009-1139 Microsoft Resource Management Errors vulnerability in Microsoft Adam, Windows 2000 and Windows Server 2003

Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."

7.8
2009-06-10 CVE-2009-0563 Microsoft Out-of-bounds Write vulnerability in Microsoft products

Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability."

7.8
2009-06-08 CVE-2008-6828 Symantec Cleartext Storage of Sensitive Information vulnerability in Symantec Altiris Deployment Solution

Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.

7.8
2009-06-08 CVE-2008-6827 Symantec Missing Authentication for Critical Function vulnerability in Symantec Altiris Deployment Solution

The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.

7.8
2009-06-08 CVE-2009-1954 IBM Remote Denial of Service vulnerability in IBM AIX 5.3

Unspecified vulnerability in portmapper (aka portmap) in IBM AIX 5.3 allows attackers to cause a denial of service (daemon hang) via unknown vectors, related to libtli.

7.8
2009-06-12 CVE-2009-1837 Mozilla
Debian
Fedoraproject
Redhat
Use After Free vulnerability in multiple products

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.

7.5
2009-06-12 CVE-2009-2040 Grestul Improper Authentication vulnerability in Grestul 1.2

admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request.

7.5
2009-06-12 CVE-2009-2036 Geekbill SQL Injection vulnerability in Geekbill Open Biller 0.1

SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2009-06-10 CVE-2009-1122 Microsoft Improper Authentication vulnerability in Microsoft Internet Information Services 5.0

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.

7.5
2009-06-10 CVE-2009-1699 Apple
Canonical
Opensuse
XXE vulnerability in multiple products

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."

7.5
2009-06-10 CVE-2009-1535 Microsoft Improper Authentication vulnerability in Microsoft Internet Information Services 5.1/6.0

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.

7.5
2009-06-09 CVE-2009-2025 Dutchmonkey Permissions, Privileges, and Access Controls vulnerability in Dutchmonkey DM Filemanager 3.9.2

admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values.

7.5
2009-06-09 CVE-2009-2021 Virtuenetz SQL Injection vulnerability in Virtuenetz Virtue Classifieds

SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter.

7.5
2009-06-09 CVE-2009-2019 Virtuenetz SQL Injection vulnerability in Virtuenetz Virtue News Manager

SQL injection vulnerability in news_detail.php in Virtue News Manager allows remote attackers to execute arbitrary SQL commands via the nid parameter.

7.5
2009-06-09 CVE-2009-2017 Virtuenetz SQL Injection vulnerability in Virtuenetz Virtue Book Store

SQL injection vulnerability in products.php in Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2009-06-09 CVE-2009-2016 Virtuenetz SQL Injection vulnerability in Virtuenetz Virtue Shopping Mall

SQL injection vulnerability in products.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2009-06-09 CVE-2009-2015 Joomla
Ideal
Path Traversal vulnerability in Ideal COM Moofaq 1.0

Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a ..

7.5
2009-06-09 CVE-2009-2014 Joomla SQL Injection vulnerability in Joomla COM School 1.4

SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php.

7.5
2009-06-09 CVE-2009-2013 Frontisgroup SQL Injection vulnerability in Frontisgroup Frontis 3.9.01.24

SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3.9.01.24 allows remote attackers to execute arbitrary SQL commands via the source_class parameter in a browse_classes action.

7.5
2009-06-09 CVE-2009-0949 Apple
Canonical
Debian
Opensuse
Suse
Use of Uninitialized Resource vulnerability in multiple products

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.

7.5
2009-06-08 CVE-2009-2004 Dokeos SQL Injection vulnerability in Dokeos 1.8.5

Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902.

7.5
2009-06-08 CVE-2009-2003 Ascadnetworks Improper Authentication vulnerability in Ascadnetworks Password Protector SD 1.3.1

Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin."

7.5
2009-06-08 CVE-2009-1955 Apache
Apple
Suse
Debian
Canonical
Fedoraproject
Oracle
XML Entity Expansion vulnerability in multiple products

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

7.5
2009-06-10 CVE-2009-2027 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Safari

The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method.

7.2
2009-06-10 CVE-2009-1718 Apple Information Exposure vulnerability in Apple Safari

WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.

7.1
2009-06-10 CVE-2009-1713 Apple Information Exposure vulnerability in Apple Safari

The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.

7.1
2009-06-10 CVE-2009-1703 Apple Information Exposure vulnerability in Apple Safari

WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document.

7.1

56 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-06-12 CVE-2009-1836 Mozilla Improper Authentication vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

6.8
2009-06-12 CVE-2009-2037 Onlinegrades Path Traversal vulnerability in Onlinegrades Online Grades 3.2.4

Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a ..

6.8
2009-06-09 CVE-2009-2023 Shop Script SQL Injection vulnerability in Shop-Script 2.12

SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter.

6.8
2009-06-09 CVE-2009-2018 Jaredeckersley SQL Injection vulnerability in Jaredeckersley Mycars

SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authuserid parameter.

6.8
2009-06-08 CVE-2009-2008 Dokeos SQL Injection vulnerability in Dokeos 1.8.5

Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2.

6.8
2009-06-08 CVE-2009-2005 Dokeos Cross-Site Request Forgery (CSRF) vulnerability in Dokeos 1.8.5

Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.

6.8
2009-06-08 CVE-2008-6832 Atlassian Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira 3.13

Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2009-06-08 CVE-2009-2010 Haudenschilt SQL Injection vulnerability in Haudenschilt Family Connections CMS

Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter.

6.5
2009-06-12 CVE-2009-2035 Drupal Unspecified vulnerability in Drupal Services Module for Drupal 6.X0.12

Unspecified vulnerability in Services 6.x before 6.x-0.14, a module for Drupal, when key-based access is enabled, allows remote attackers to read or add keys and access unauthorized services via unspecified vectors.

6.4
2009-06-12 CVE-2009-2034 Ricardo Alexandre DE Oliveira Staudt SQL Injection vulnerability in Ricardo Alexandre DE Oliveira Staudt Yogurt 0.3

SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter.

6.0
2009-06-11 CVE-2009-1760 Rasterbar Software Path Traversal vulnerability in Rasterbar Software Libtorrent 0/0.12/0.12.1

Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a ..

5.8
2009-06-10 CVE-2009-1694 Apple Multiple Security vulnerability in RETIRED: Apple Safari Prior to 4.0

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue."

5.8
2009-06-10 CVE-2009-1693 Apple Multiple Security vulnerability in RETIRED: Apple Safari Prior to 4.0

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."

5.8
2009-06-12 CVE-2009-1839 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.

5.4
2009-06-11 CVE-2009-1904 Ruby Lang Numeric Errors vulnerability in Ruby-Lang Ruby 1.8.6/1.8.7

The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.

5.0
2009-06-11 CVE-2009-2029 SUN Remote Denial Of Service vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.

5.0
2009-06-10 CVE-2009-1706 Apple Information Exposure vulnerability in Apple Safari

The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie.

5.0
2009-06-10 CVE-2009-1696 Apple Cryptographic Issues vulnerability in Apple Safari

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.

5.0
2009-06-09 CVE-2009-2024 VT Rovno Permissions, Privileges, and Access Controls vulnerability in Vt.Rovno ASP VT Auth 1.0

Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt.

5.0
2009-06-09 CVE-2009-2022 Fipsasp Permissions, Privileges, and Access Controls vulnerability in Fipsasp Fipscms Light 2.1

fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for _fipsdb/db.mdb.

5.0
2009-06-09 CVE-2009-1196 Apple Resource Management Errors vulnerability in Apple Cups 1.1.17/1.1.22

The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw."

5.0
2009-06-08 CVE-2009-2007 Dokeos Path Traversal vulnerability in Dokeos 1.8.5

Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a ..

5.0
2009-06-08 CVE-2008-6829 Vicftps Improper Input Validation vulnerability in Vicftps 5.0

VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash).

5.0
2009-06-08 CVE-2009-1959 Irssi Numeric Errors vulnerability in Irssi 0.8.13

Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.

5.0
2009-06-08 CVE-2009-1958 Strongswan Resource Management Errors vulnerability in Strongswan

charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector.

5.0
2009-06-08 CVE-2009-1957 Strongswan Resource Management Errors vulnerability in Strongswan

charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA request.

5.0
2009-06-08 CVE-2009-1961 Linux
Debian
Canonical
Opensuse
Suse
Improper Locking vulnerability in multiple products

The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.

4.7
2009-06-08 CVE-2009-1953 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Filenet Content Manager 4.0/4.0.1/4.5

IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors.

4.6
2009-06-08 CVE-2009-1962 Xfig
Debian
Link Following vulnerability in multiple products

Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID.

4.4
2009-06-12 CVE-2009-2044 Mozilla
Linux
Improper Input Validation vulnerability in Mozilla Firefox

Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.

4.3
2009-06-12 CVE-2009-2043 Mozilla Improper Input Validation vulnerability in Mozilla Firefox

nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to interaction with TinyMCE.

4.3
2009-06-12 CVE-2009-1835 Mozilla Information Exposure vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.

4.3
2009-06-12 CVE-2009-1834 Mozilla Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey

Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters.

4.3
2009-06-12 CVE-2009-2042 Libpng Information Exposure vulnerability in Libpng

libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.

4.3
2009-06-12 CVE-2009-2041 Activecollab Cross-Site Scripting vulnerability in Activecollab 0.7.1

Cross-site scripting (XSS) vulnerability in A51 D.O.O.

4.3
2009-06-12 CVE-2009-2033 Ricardo Alexandre DE Oliveira Staudt Cross-Site Scripting vulnerability in Ricardo Alexandre DE Oliveira Staudt Yogurt 0.3

Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2009-06-12 CVE-2009-2032 Pagedowntech Cross-Site Scripting vulnerability in Pagedowntech Pdshoppro

Cross-site scripting (XSS) vulnerability in search.asp in PDshopPro, when downloaded before 20070308, allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2009-06-10 CVE-2009-1715 Apple Cross-Site Scripting vulnerability in Apple Safari

Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges.

4.3
2009-06-10 CVE-2009-1714 Apple Cross-Site Scripting vulnerability in Apple Safari

Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes.

4.3
2009-06-10 CVE-2009-1702 Apple Cross-site Scripting vulnerability in Apple Safari

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.

4.3
2009-06-10 CVE-2009-1700 Apple Information Exposure vulnerability in Apple Safari

The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.

4.3
2009-06-10 CVE-2009-1697 Apple Improper Input Validation vulnerability in Apple Safari

CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header.

4.3
2009-06-10 CVE-2009-1695 Apple Cross-Site Scripting vulnerability in Apple Safari

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition.

4.3
2009-06-10 CVE-2009-0239 Microsoft Cross-Site Scripting vulnerability in Microsoft Windows Search 4.0

Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."

4.3
2009-06-10 CVE-2009-1691 Apple Cross-Site Scripting vulnerability in Apple Safari

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript prototypes in other domains.

4.3
2009-06-10 CVE-2009-1689 Apple Cross-Site Scripting vulnerability in Apple Safari

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement.

4.3
2009-06-10 CVE-2009-1688 Apple Cross-Site Scripting vulnerability in Apple Safari

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method."

4.3
2009-06-10 CVE-2009-1685 Apple Cross-Site Scripting vulnerability in Apple Safari

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document.

4.3
2009-06-10 CVE-2009-1684 Apple Cross-Site Scripting vulnerability in Apple Safari

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document.

4.3
2009-06-10 CVE-2009-1682 Apple Credentials Management vulnerability in Apple Safari

Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.

4.3
2009-06-10 CVE-2009-1681 Apple Multiple Security vulnerability in RETIRED: Apple Safari Prior to 4.0

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.

4.3
2009-06-09 CVE-2009-2020 Virtuenetz Cross-Site Scripting vulnerability in Virtuenetz Virtue News Manager

Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue News Manager allows remote attackers to inject arbitrary web script or HTML via the nid parameter.

4.3
2009-06-08 CVE-2009-2009 Dokeos Cross-Site Scripting vulnerability in Dokeos 1.8.5

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to main/exercice/testheaderpage.php.

4.3
2009-06-08 CVE-2008-6831 Atlassian Cross-Site Scripting vulnerability in Atlassian Jira 3.13

Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated using secure/AddComment!default.jspa (aka "Add Comment").

4.3
2009-06-08 CVE-2008-6830 Citrix Unspecified vulnerability in Citrix web Interface 5.0/5.0.1

The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session.

4.0
2009-06-08 CVE-2009-1419 Microsoft
HP
Unspecified vulnerability in HP Discovery&Dependency Mapping Inventory

Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.0.0 through 2.52, 7.50, and 7.51 on Windows allows remote attackers to access DDMI agents via unknown vectors.

4.0

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-06-10 CVE-2009-1710 Apple Multiple Security vulnerability in RETIRED: Apple Safari Prior to 4.0

WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.

2.6
2009-06-08 CVE-2009-2006 Dokeos Cross-Site Scripting vulnerability in Dokeos 1.8.5

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content parameters in a new personal agenda item action; the (4) title and (5) tutor_name parameters in a new course action; and the (6) student and (7) course parameters to main/mySpace/myStudents.php.

2.6
2009-06-11 CVE-2009-2031 SUN Information Exposure vulnerability in SUN Opensolaris

smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount permissions are used, allows local users to read arbitrary files, and list arbitrary directories, on CIFS volumes.

2.1
2009-06-10 CVE-2009-1716 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Safari

CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.

2.1
2009-06-09 CVE-2009-1296 Ubuntu Information Exposure vulnerability in Ubuntu 73-Oubuntu and Ubuntu

The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk.

1.9
2009-06-09 CVE-2009-2012 SUN Local Denial Of Service vulnerability in Sun OpenSolaris 'idmap(1M)'

Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through snv_110, when a CIFS server is enabled, allows local users to cause a denial of service (idpmapd daemon crash and idmapd outage) via unknown vectors.

1.9
2009-06-10 CVE-2009-1707 Apple Race Condition vulnerability in Apple Safari

Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.

1.2