Weekly Vulnerabilities Reports > June 8 to 14, 2009
Overview
143 new vulnerabilities reported during this period, including 51 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 103 products from 50 vendors including Apple, Microsoft, Adobe, Mozilla, and Dokeos. Vulnerabilities are notably categorized as "Cross-site Scripting", "Resource Management Errors", "Code Injection", "SQL Injection", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 130 reported vulnerabilities are remotely exploitables.
- 24 reported vulnerabilities have public exploit available.
- 43 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 136 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 39 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 14 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
51 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-06-12 | CVE-2009-2039 | Oscommerce | Remote Security vulnerability in Oscommerce Luottokunta 1.3 Unspecified vulnerability in the Luottokunta module before 1.3 for osCommerce has unknown impact and attack vectors related to orders. | 10.0 |
2009-06-12 | CVE-2009-2038 | Oscommerce | Unspecified vulnerability in Oscommerce Finnish Bank Payment Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact and attack vectors related to bank charges. | 10.0 |
2009-06-11 | CVE-2009-2030 | SUN IBM | Security vulnerability in IBM OS/400 JVA-RUN JDK6.0 XML Digital Signature Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH." | 10.0 |
2009-06-11 | CVE-2009-2028 | Adobe | Unspecified vulnerability in Adobe Acrobat and Acrobat Reader Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 have unknown impact and attack vectors, related to "Adobe internally discovered issues." | 10.0 |
2009-06-11 | CVE-2009-1420 | HP | Stack Buffer Overflow vulnerability in HP OpenView Network Node Manager 'rping' Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when used with SNMP (aka HPOvNNM.HPOVSNMP) before 1.30.009 and MIB (aka HPOvNNM.HPOVMIB) before 1.30.009, allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors. | 10.0 |
2009-06-10 | CVE-2009-1138 | Microsoft | Resource Management Errors vulnerability in Microsoft Windows 2000 The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. | 10.0 |
2009-06-10 | CVE-2009-0568 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability." | 10.0 |
2009-06-10 | CVE-2009-0228 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows 2000 Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability." | 10.0 |
2009-06-08 | CVE-2008-6826 | Mhfmedia | Improper Input Validation vulnerability in Mhfmedia ADS PRO dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages. | 10.0 |
2009-06-12 | CVE-2009-1841 | Mozilla | Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. | 9.3 |
2009-06-12 | CVE-2009-1840 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page. | 9.3 |
2009-06-12 | CVE-2009-1838 | Mozilla | Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler. | 9.3 |
2009-06-12 | CVE-2009-1833 | Mozilla | Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors. | 9.3 |
2009-06-12 | CVE-2009-1832 | Mozilla | Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." | 9.3 |
2009-06-12 | CVE-2009-1392 | Mozilla | Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors. | 9.3 |
2009-06-11 | CVE-2009-0202 | Microsoft | Code Injection vulnerability in Microsoft Office Powerpoint 2000/2002 Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow. | 9.3 |
2009-06-11 | CVE-2009-1861 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file with a JPX (aka JPEG2000) stream that triggers heap memory corruption. | 9.3 |
2009-06-11 | CVE-2009-1859 | Adobe | Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. | 9.3 |
2009-06-11 | CVE-2009-1858 | Adobe | Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. | 9.3 |
2009-06-11 | CVE-2009-1857 | Adobe | Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a PDF document with a crafted TrueType font. | 9.3 |
2009-06-11 | CVE-2009-1856 | Adobe | Numeric Errors vulnerability in Adobe Acrobat and Acrobat Reader Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows attackers to cause a denial of service or possibly execute arbitrary code via a PDF file containing unspecified parameters to the FlateDecode filter, which triggers a heap-based buffer overflow. | 9.3 |
2009-06-11 | CVE-2009-1855 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block. | 9.3 |
2009-06-11 | CVE-2009-0889 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0888. | 9.3 |
2009-06-11 | CVE-2009-0888 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0889. | 9.3 |
2009-06-11 | CVE-2009-0512 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0888, and CVE-2009-0889. | 9.3 |
2009-06-11 | CVE-2009-0511 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889. | 9.3 |
2009-06-11 | CVE-2009-0510 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889. | 9.3 |
2009-06-11 | CVE-2009-0509 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to execute arbitrary code via a crafted file that triggers memory corruption. | 9.3 |
2009-06-11 | CVE-2009-0198 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF file that contains JBIG2 text region segments with Huffman encoding. | 9.3 |
2009-06-10 | CVE-2009-1141 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability." | 9.3 |
2009-06-10 | CVE-2009-1134 | Microsoft | Code Injection vulnerability in Microsoft products Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "Record Pointer Corruption Vulnerability." | 9.3 |
2009-06-10 | CVE-2009-0561 | Microsoft | Numeric Errors vulnerability in Microsoft products Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka "Record Integer Overflow Vulnerability." | 9.3 |
2009-06-10 | CVE-2009-0560 | Microsoft | Resource Management Errors vulnerability in Microsoft products Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Field Sanitization Memory Corruption Vulnerability." | 9.3 |
2009-06-10 | CVE-2009-0559 | Microsoft | Code Injection vulnerability in Microsoft products Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability." | 9.3 |
2009-06-10 | CVE-2009-0558 | Microsoft | Code Injection vulnerability in Microsoft products Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability." | 9.3 |
2009-06-10 | CVE-2009-0549 | Microsoft | Code Injection vulnerability in Microsoft products Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Record Pointer Corruption Vulnerability." | 9.3 |
2009-06-10 | CVE-2009-1712 | Apple | Code Injection vulnerability in Apple Safari WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. | 9.3 |
2009-06-10 | CVE-2009-1711 | Apple | Resource Management Errors vulnerability in Apple Safari WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. | 9.3 |
2009-06-10 | CVE-2009-1709 | Apple | Resource Management Errors vulnerability in Apple Safari Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches." | 9.3 |
2009-06-10 | CVE-2009-1708 | Apple | Multiple Security vulnerability in RETIRED: Apple Safari Prior to 4.0 Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call. | 9.3 |
2009-06-10 | CVE-2009-1705 | Apple | Numeric Errors vulnerability in Apple Safari CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data. | 9.3 |
2009-06-10 | CVE-2009-1704 | Apple | Code Injection vulnerability in Apple Safari CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file. | 9.3 |
2009-06-10 | CVE-2009-1701 | Apple | Resource Management Errors vulnerability in Apple Safari Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute. | 9.3 |
2009-06-10 | CVE-2009-1698 | Apple | Code Injection vulnerability in Apple Safari WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | 9.3 |
2009-06-10 | CVE-2009-1533 | Microsoft | Buffer Errors vulnerability in Microsoft Office, Office XP and Works Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability." | 9.3 |
2009-06-10 | CVE-2009-0565 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability." | 9.3 |
2009-06-10 | CVE-2009-1690 | Apple | Resource Management Errors vulnerability in multiple products Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." | 9.3 |
2009-06-10 | CVE-2009-1687 | Apple | Resource Management Errors vulnerability in Apple Safari The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer." | 9.3 |
2009-06-10 | CVE-2009-1686 | Apple | Improper Input Validation vulnerability in Apple Safari WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | 9.3 |
2009-06-09 | CVE-2008-2475 | Ebay | OS Command Injection vulnerability in Ebay Enhanced Picture Uploader Activex Control eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property. | 9.3 |
2009-06-10 | CVE-2009-0230 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." | 9.0 |
29 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-06-10 | CVE-2009-1123 | Microsoft | Unspecified vulnerability in Microsoft products The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability." | 7.8 |
2009-06-10 | CVE-2009-0557 | Microsoft | Code Injection vulnerability in Microsoft products Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability." | 7.8 |
2009-06-10 | CVE-2009-1139 | Microsoft | Resource Management Errors vulnerability in Microsoft Adam, Windows 2000 and Windows Server 2003 Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability." | 7.8 |
2009-06-10 | CVE-2009-0563 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability." | 7.8 |
2009-06-08 | CVE-2008-6828 | Symantec | Cleartext Storage of Sensitive Information vulnerability in Symantec Altiris Deployment Solution Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server. | 7.8 |
2009-06-08 | CVE-2008-6827 | Symantec | Missing Authentication for Critical Function vulnerability in Symantec Altiris Deployment Solution The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function. | 7.8 |
2009-06-08 | CVE-2009-1954 | IBM | Remote Denial of Service vulnerability in IBM AIX 5.3 Unspecified vulnerability in portmapper (aka portmap) in IBM AIX 5.3 allows attackers to cause a denial of service (daemon hang) via unknown vectors, related to libtli. | 7.8 |
2009-06-12 | CVE-2009-1837 | Mozilla Debian Fedoraproject Redhat | Use After Free vulnerability in multiple products Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. | 7.5 |
2009-06-12 | CVE-2009-2040 | Grestul | Improper Authentication vulnerability in Grestul 1.2 admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request. | 7.5 |
2009-06-12 | CVE-2009-2036 | Geekbill | SQL Injection vulnerability in Geekbill Open Biller 0.1 SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2009-06-10 | CVE-2009-1122 | Microsoft | Improper Authentication vulnerability in Microsoft Internet Information Services 5.0 The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. | 7.5 |
2009-06-10 | CVE-2009-1699 | Apple Canonical Opensuse | XXE vulnerability in multiple products The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack." | 7.5 |
2009-06-10 | CVE-2009-1535 | Microsoft | Improper Authentication vulnerability in Microsoft Internet Information Services 5.1/6.0 The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122. | 7.5 |
2009-06-09 | CVE-2009-2025 | Dutchmonkey | Permissions, Privileges, and Access Controls vulnerability in Dutchmonkey DM Filemanager 3.9.2 admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values. | 7.5 |
2009-06-09 | CVE-2009-2021 | Virtuenetz | SQL Injection vulnerability in Virtuenetz Virtue Classifieds SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter. | 7.5 |
2009-06-09 | CVE-2009-2019 | Virtuenetz | SQL Injection vulnerability in Virtuenetz Virtue News Manager SQL injection vulnerability in news_detail.php in Virtue News Manager allows remote attackers to execute arbitrary SQL commands via the nid parameter. | 7.5 |
2009-06-09 | CVE-2009-2017 | Virtuenetz | SQL Injection vulnerability in Virtuenetz Virtue Book Store SQL injection vulnerability in products.php in Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
2009-06-09 | CVE-2009-2016 | Virtuenetz | SQL Injection vulnerability in Virtuenetz Virtue Shopping Mall SQL injection vulnerability in products.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
2009-06-09 | CVE-2009-2015 | Joomla Ideal | Path Traversal vulnerability in Ideal COM Moofaq 1.0 Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. | 7.5 |
2009-06-09 | CVE-2009-2014 | Joomla | SQL Injection vulnerability in Joomla COM School 1.4 SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php. | 7.5 |
2009-06-09 | CVE-2009-2013 | Frontisgroup | SQL Injection vulnerability in Frontisgroup Frontis 3.9.01.24 SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3.9.01.24 allows remote attackers to execute arbitrary SQL commands via the source_class parameter in a browse_classes action. | 7.5 |
2009-06-09 | CVE-2009-0949 | Apple Canonical Debian Opensuse Suse | Use of Uninitialized Resource vulnerability in multiple products The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. | 7.5 |
2009-06-08 | CVE-2009-2004 | Dokeos | SQL Injection vulnerability in Dokeos 1.8.5 Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902. | 7.5 |
2009-06-08 | CVE-2009-2003 | Ascadnetworks | Improper Authentication vulnerability in Ascadnetworks Password Protector SD 1.3.1 Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin." | 7.5 |
2009-06-08 | CVE-2009-1955 | Apache Apple Suse Debian Canonical Fedoraproject Oracle | XML Entity Expansion vulnerability in multiple products The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. | 7.5 |
2009-06-10 | CVE-2009-2027 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Safari The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method. | 7.2 |
2009-06-10 | CVE-2009-1718 | Apple | Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page. | 7.1 |
2009-06-10 | CVE-2009-1713 | Apple | Information Exposure vulnerability in Apple Safari The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors. | 7.1 |
2009-06-10 | CVE-2009-1703 | Apple | Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document. | 7.1 |
56 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-06-12 | CVE-2009-1836 | Mozilla | Improper Authentication vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | 6.8 |
2009-06-12 | CVE-2009-2037 | Onlinegrades | Path Traversal vulnerability in Onlinegrades Online Grades 3.2.4 Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2009-06-09 | CVE-2009-2023 | Shop Script | SQL Injection vulnerability in Shop-Script 2.12 SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter. | 6.8 |
2009-06-09 | CVE-2009-2018 | Jaredeckersley | SQL Injection vulnerability in Jaredeckersley Mycars SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authuserid parameter. | 6.8 |
2009-06-08 | CVE-2009-2008 | Dokeos | SQL Injection vulnerability in Dokeos 1.8.5 Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2. | 6.8 |
2009-06-08 | CVE-2009-2005 | Dokeos | Cross-Site Request Forgery (CSRF) vulnerability in Dokeos 1.8.5 Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors. | 6.8 |
2009-06-08 | CVE-2008-6832 | Atlassian | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira 3.13 Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2009-06-08 | CVE-2009-2010 | Haudenschilt | SQL Injection vulnerability in Haudenschilt Family Connections CMS Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter. | 6.5 |
2009-06-12 | CVE-2009-2035 | Drupal | Unspecified vulnerability in Drupal Services Module for Drupal 6.X0.12 Unspecified vulnerability in Services 6.x before 6.x-0.14, a module for Drupal, when key-based access is enabled, allows remote attackers to read or add keys and access unauthorized services via unspecified vectors. | 6.4 |
2009-06-12 | CVE-2009-2034 | Ricardo Alexandre DE Oliveira Staudt | SQL Injection vulnerability in Ricardo Alexandre DE Oliveira Staudt Yogurt 0.3 SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter. | 6.0 |
2009-06-11 | CVE-2009-1760 | Rasterbar Software | Path Traversal vulnerability in Rasterbar Software Libtorrent 0/0.12/0.12.1 Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. | 5.8 |
2009-06-10 | CVE-2009-1694 | Apple | Multiple Security vulnerability in RETIRED: Apple Safari Prior to 4.0 WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue." | 5.8 |
2009-06-10 | CVE-2009-1693 | Apple | Multiple Security vulnerability in RETIRED: Apple Safari Prior to 4.0 WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." | 5.8 |
2009-06-12 | CVE-2009-1839 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack. | 5.4 |
2009-06-11 | CVE-2009-1904 | Ruby Lang | Numeric Errors vulnerability in Ruby-Lang Ruby 1.8.6/1.8.7 The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. | 5.0 |
2009-06-11 | CVE-2009-2029 | SUN | Remote Denial Of Service vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks. | 5.0 |
2009-06-10 | CVE-2009-1706 | Apple | Information Exposure vulnerability in Apple Safari The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie. | 5.0 |
2009-06-10 | CVE-2009-1696 | Apple | Cryptographic Issues vulnerability in Apple Safari WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session. | 5.0 |
2009-06-09 | CVE-2009-2024 | VT Rovno | Permissions, Privileges, and Access Controls vulnerability in Vt.Rovno ASP VT Auth 1.0 Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt. | 5.0 |
2009-06-09 | CVE-2009-2022 | Fipsasp | Permissions, Privileges, and Access Controls vulnerability in Fipsasp Fipscms Light 2.1 fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for _fipsdb/db.mdb. | 5.0 |
2009-06-09 | CVE-2009-1196 | Apple | Resource Management Errors vulnerability in Apple Cups 1.1.17/1.1.22 The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw." | 5.0 |
2009-06-08 | CVE-2009-2007 | Dokeos | Path Traversal vulnerability in Dokeos 1.8.5 Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. | 5.0 |
2009-06-08 | CVE-2008-6829 | Vicftps | Improper Input Validation vulnerability in Vicftps 5.0 VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash). | 5.0 |
2009-06-08 | CVE-2009-1959 | Irssi | Numeric Errors vulnerability in Irssi 0.8.13 Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow. | 5.0 |
2009-06-08 | CVE-2009-1958 | Strongswan | Resource Management Errors vulnerability in Strongswan charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector. | 5.0 |
2009-06-08 | CVE-2009-1957 | Strongswan | Resource Management Errors vulnerability in Strongswan charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA request. | 5.0 |
2009-06-08 | CVE-2009-1961 | Linux Debian Canonical Opensuse Suse | Improper Locking vulnerability in multiple products The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions. | 4.7 |
2009-06-08 | CVE-2009-1953 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Filenet Content Manager 4.0/4.0.1/4.5 IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors. | 4.6 |
2009-06-08 | CVE-2009-1962 | Xfig Debian | Link Following vulnerability in multiple products Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID. | 4.4 |
2009-06-12 | CVE-2009-2044 | Mozilla Linux | Improper Input Validation vulnerability in Mozilla Firefox Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element. | 4.3 |
2009-06-12 | CVE-2009-2043 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to interaction with TinyMCE. | 4.3 |
2009-06-12 | CVE-2009-1835 | Mozilla | Information Exposure vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning. | 4.3 |
2009-06-12 | CVE-2009-1834 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters. | 4.3 |
2009-06-12 | CVE-2009-2042 | Libpng | Information Exposure vulnerability in Libpng libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. | 4.3 |
2009-06-12 | CVE-2009-2041 | Activecollab | Cross-Site Scripting vulnerability in Activecollab 0.7.1 Cross-site scripting (XSS) vulnerability in A51 D.O.O. | 4.3 |
2009-06-12 | CVE-2009-2033 | Ricardo Alexandre DE Oliveira Staudt | Cross-Site Scripting vulnerability in Ricardo Alexandre DE Oliveira Staudt Yogurt 0.3 Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
2009-06-12 | CVE-2009-2032 | Pagedowntech | Cross-Site Scripting vulnerability in Pagedowntech Pdshoppro Cross-site scripting (XSS) vulnerability in search.asp in PDshopPro, when downloaded before 20070308, allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
2009-06-10 | CVE-2009-1715 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges. | 4.3 |
2009-06-10 | CVE-2009-1714 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes. | 4.3 |
2009-06-10 | CVE-2009-1702 | Apple | Cross-site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects. | 4.3 |
2009-06-10 | CVE-2009-1700 | Apple | Information Exposure vulnerability in Apple Safari The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. | 4.3 |
2009-06-10 | CVE-2009-1697 | Apple | Improper Input Validation vulnerability in Apple Safari CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header. | 4.3 |
2009-06-10 | CVE-2009-1695 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition. | 4.3 |
2009-06-10 | CVE-2009-0239 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Windows Search 4.0 Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability." | 4.3 |
2009-06-10 | CVE-2009-1691 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript prototypes in other domains. | 4.3 |
2009-06-10 | CVE-2009-1689 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement. | 4.3 |
2009-06-10 | CVE-2009-1688 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method." | 4.3 |
2009-06-10 | CVE-2009-1685 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document. | 4.3 |
2009-06-10 | CVE-2009-1684 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. | 4.3 |
2009-06-10 | CVE-2009-1682 | Apple | Credentials Management vulnerability in Apple Safari Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. | 4.3 |
2009-06-10 | CVE-2009-1681 | Apple | Multiple Security vulnerability in RETIRED: Apple Safari Prior to 4.0 WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document. | 4.3 |
2009-06-09 | CVE-2009-2020 | Virtuenetz | Cross-Site Scripting vulnerability in Virtuenetz Virtue News Manager Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue News Manager allows remote attackers to inject arbitrary web script or HTML via the nid parameter. | 4.3 |
2009-06-08 | CVE-2009-2009 | Dokeos | Cross-Site Scripting vulnerability in Dokeos 1.8.5 Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to main/exercice/testheaderpage.php. | 4.3 |
2009-06-08 | CVE-2008-6831 | Atlassian | Cross-Site Scripting vulnerability in Atlassian Jira 3.13 Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated using secure/AddComment!default.jspa (aka "Add Comment"). | 4.3 |
2009-06-08 | CVE-2008-6830 | Citrix | Unspecified vulnerability in Citrix web Interface 5.0/5.0.1 The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. | 4.0 |
2009-06-08 | CVE-2009-1419 | Microsoft HP | Unspecified vulnerability in HP Discovery&Dependency Mapping Inventory Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.0.0 through 2.52, 7.50, and 7.51 on Windows allows remote attackers to access DDMI agents via unknown vectors. | 4.0 |
7 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-06-10 | CVE-2009-1710 | Apple | Multiple Security vulnerability in RETIRED: Apple Safari Prior to 4.0 WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property. | 2.6 |
2009-06-08 | CVE-2009-2006 | Dokeos | Cross-Site Scripting vulnerability in Dokeos 1.8.5 Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content parameters in a new personal agenda item action; the (4) title and (5) tutor_name parameters in a new course action; and the (6) student and (7) course parameters to main/mySpace/myStudents.php. | 2.6 |
2009-06-11 | CVE-2009-2031 | SUN | Information Exposure vulnerability in SUN Opensolaris smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount permissions are used, allows local users to read arbitrary files, and list arbitrary directories, on CIFS volumes. | 2.1 |
2009-06-10 | CVE-2009-1716 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Safari CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files. | 2.1 |
2009-06-09 | CVE-2009-1296 | Ubuntu | Information Exposure vulnerability in Ubuntu 73-Oubuntu and Ubuntu The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. | 1.9 |
2009-06-09 | CVE-2009-2012 | SUN | Local Denial Of Service vulnerability in Sun OpenSolaris 'idmap(1M)' Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through snv_110, when a CIFS server is enabled, allows local users to cause a denial of service (idpmapd daemon crash and idmapd outage) via unknown vectors. | 1.9 |
2009-06-10 | CVE-2009-1707 | Apple | Race Condition vulnerability in Apple Safari Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors. | 1.2 |