Weekly Vulnerabilities Reports > June 15 to 21, 2009
Overview
78 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 25 high severity vulnerabilities. This weekly summary report vulnerabilities in 59 products from 49 vendors including Apple, Elvinbts, Opera, SUN, and Microsoft. Vulnerabilities are notably categorized as "Improper Authentication", "SQL Injection", "Cross-site Scripting", "Path Traversal", and "Permissions, Privileges, and Access Controls".
- 72 reported vulnerabilities are remotely exploitables.
- 26 reported vulnerabilities have public exploit available.
- 47 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 72 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 13 reported vulnerabilities.
- Mozilla has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-06-18 | CVE-2009-2111 | Jnmsolutions | Code Injection vulnerability in Jnmsolutions DB TOP Sites 1.0 Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter. | 10.0 |
2009-06-15 | CVE-2009-2061 | Mozilla | Cryptographic Issues vulnerability in Mozilla Firefox Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. | 9.3 |
25 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-06-19 | CVE-2009-2137 | SUN | Resource Management Errors vulnerability in SUN Opensolaris and Solaris Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka n2cp) in Sun Solaris 10, and OpenSolaris snv_54 through snv_112, allows context-dependent attackers to cause a denial of service (memory consumption) via unspecified vectors related to a large keylen value. | 7.8 |
2009-06-19 | CVE-2009-2136 | SUN | Unspecified vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in the TCP/IP networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_117, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. | 7.8 |
2009-06-19 | CVE-2009-1683 | Apple | Unspecified vulnerability in Apple Iphone OS and Ipod Touch The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue." | 7.8 |
2009-06-18 | CVE-2009-2110 | Jnmsolutions | Path Traversal vulnerability in Jnmsolutions DB TOP Sites 1.0 Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. | 7.6 |
2009-06-19 | CVE-2009-2128 | Elvinbts | SQL Injection vulnerability in Elvinbts 1.1.0 SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the title (aka subject) field. | 7.5 |
2009-06-19 | CVE-2009-2124 | Elvinbts | Path Traversal vulnerability in Elvinbts 1.2.0 Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2009-06-19 | CVE-2009-2123 | Elvinbts | SQL Injection vulnerability in Elvinbts 1.2.0 Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php. | 7.5 |
2009-06-19 | CVE-2009-2122 | Wordpress Paolo Palmonari | SQL Injection vulnerability in Paolo Palmonari Photoracer Plugin for Wordpress 1.0 SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-06-18 | CVE-2009-2117 | Phportal | Improper Authentication vulnerability in PHPortal 1.0 uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username. | 7.5 |
2009-06-18 | CVE-2009-2112 | Frank Karau | Path Traversal vulnerability in Frank-Karau PHPfk 7.03 Directory traversal vulnerability in include/page_bottom.php in phpFK 7.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _FORUM[settings_design_style] parameter. | 7.5 |
2009-06-17 | CVE-2009-2106 | Typo3 Projektseminar Proservice WWU | SQL Injection vulnerability in Projektseminar Proservice WWU Virtual Civil Services 4.2.14/4.2.15/4.3.0 SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-06-17 | CVE-2009-2105 | Kasper Skrhj | SQL Injection vulnerability in Kasper Skrhj References Database SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-06-17 | CVE-2009-2103 | Steve Grundell Typo3 | SQL Injection vulnerability in Steve Grundell Frontend MP3 Player 0.2.0/0.2.1/0.2.2 SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-06-17 | CVE-2009-2102 | COM Jumi Joomla | SQL Injection vulnerability in COM Jumi COM Jumi 2.0.3 SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for Joomla allows remote attackers to execute arbitrary SQL commands via the fileid parameter to index.php. | 7.5 |
2009-06-17 | CVE-2009-2099 | Joomla Ijoomla | SQL Injection vulnerability in Ijoomla COM Rssfeeder SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php. | 7.5 |
2009-06-17 | CVE-2009-2098 | Micheal Glazer | SQL Injection vulnerability in Micheal Glazer PHPortal 1.0 SQL injection vulnerability in topicler.php in phPortal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-06-17 | CVE-2009-2097 | Zokisoft | SQL Injection vulnerability in Zokisoft Zoki Catalog SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog (aka Smart Catalog) allows remote attackers to execute arbitrary SQL commands via the search_text parameter. | 7.5 |
2009-06-17 | CVE-2009-2096 | David Degner | SQL Injection vulnerability in David Degner PHPcollegeexchange 0.1.5C SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter. | 7.5 |
2009-06-16 | CVE-2009-1719 | Apple SUN | Code Injection vulnerability in SUN JRE 1.5.0/1.5.011B03 The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer. | 7.5 |
2009-06-16 | CVE-2009-2082 | Creative WEB Solutions | SQL Injection vulnerability in Creative web Solutions Multi-Level CMS 1.21 SQL injection vulnerability in insidepage.php in Creative Web Solutions Multi-Level CMS 1.21 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2009-06-16 | CVE-2009-2080 | Mrcgiguy | Permissions, Privileges, and Access Controls vulnerability in Mrcgiguy the Ticket System 2.0 admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action. | 7.5 |
2009-06-16 | CVE-2009-2075 | Drupal Angrydonuts | Permissions, Privileges, and Access Controls vulnerability in Angrydonuts Nodequeue Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors. | 7.5 |
2009-06-16 | CVE-2009-2084 | Llnl | Credentials Management vulnerability in Llnl Slurm Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges. | 7.2 |
2009-06-19 | CVE-2009-1692 | Apple | Resource Management Errors vulnerability in Apple Iphone OS, Ipod Touch and Safari WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object. | 7.1 |
2009-06-19 | CVE-2009-0959 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and Ipod Touch The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue." | 7.1 |
48 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-06-19 | CVE-2009-2132 | 4Homepages | Path Traversal vulnerability in 4Homepages 4Images Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter. | 6.8 |
2009-06-19 | CVE-2009-2129 | Elvinbts | Cross-Site Request Forgery (CSRF) vulnerability in Elvinbts 1.2.0 Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action. | 6.8 |
2009-06-18 | CVE-2009-2118 | Irfanview | Code Injection vulnerability in Irfanview 4.23 Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow. | 6.8 |
2009-06-18 | CVE-2009-2115 | Skybluecanvas | Information Exposure vulnerability in Skybluecanvas 1.1 admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message. | 6.8 |
2009-06-17 | CVE-2009-2101 | Castro XL | Path Traversal vulnerability in Castro XL Torrentvolve 1.4 Directory traversal vulnerability in archive.php in TorrentVolve 1.4, when register_globals is enabled, allows remote attackers to delete arbitrary files via a .. | 6.8 |
2009-06-17 | CVE-2009-2095 | Mundi King | Code Injection vulnerability in Mundi King Mundi Mail 0.8.2 PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi Mail 0.8.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the top parameter. | 6.8 |
2009-06-16 | CVE-2009-1391 | Paul Marquess | Numeric Errors vulnerability in Paul Marquess Compress-Raw-Zlib Perl Module Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009. | 6.8 |
2009-06-16 | CVE-2009-1390 | Mutt Openssl GNU | Improper Authentication vulnerability in Mutt 1.5.19 Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack. | 6.8 |
2009-06-15 | CVE-2009-2073 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Wrt160N 1.02.2 Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wireless router hardware 1 and firmware 1.02.2 allows remote attackers to hijack the authentication of other users for unspecified requests via unknown vectors, as demonstrated using administrator privileges and actions. | 6.8 |
2009-06-15 | CVE-2009-2071 | Improper Authentication vulnerability in Google Chrome Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | 6.8 | |
2009-06-15 | CVE-2009-2070 | Opera | Improper Authentication vulnerability in Opera Browser Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | 6.8 |
2009-06-15 | CVE-2009-2067 | Opera | Improper Authentication vulnerability in Opera Browser Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | 6.8 |
2009-06-15 | CVE-2009-2066 | Apple | Improper Authentication vulnerability in Apple Safari Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | 6.8 |
2009-06-15 | CVE-2009-2065 | Mozilla | Improper Authentication vulnerability in Mozilla Firefox Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | 6.8 |
2009-06-15 | CVE-2009-2064 | Microsoft | Improper Authentication vulnerability in Microsoft Internet Explorer and Pocket IE Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | 6.8 |
2009-06-15 | CVE-2009-2063 | Opera | Improper Authentication vulnerability in Opera Browser Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. | 6.8 |
2009-06-15 | CVE-2009-2062 | Apple | Improper Authentication vulnerability in Apple Safari Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. | 6.8 |
2009-06-15 | CVE-2009-2059 | Opera | Improper Authentication vulnerability in Opera Browser Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | 6.8 |
2009-06-15 | CVE-2009-2058 | Apple | Improper Authentication vulnerability in Apple Safari Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | 6.8 |
2009-06-18 | CVE-2009-2120 | Tekbase | SQL Injection vulnerability in Tekbase All-In-One 3.1 Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) ids parameter to admin.php, the (2) y parameter to members.php, and other unspecified vectors. | 6.5 |
2009-06-15 | CVE-2009-2069 | Microsoft | Improper Authentication vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | 5.8 |
2009-06-15 | CVE-2009-2068 | Opera | Improper Authentication vulnerability in Opera Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | 5.8 |
2009-06-15 | CVE-2009-2060 | Improper Authentication vulnerability in Google Chrome src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | 5.8 | |
2009-06-15 | CVE-2009-2057 | Microsoft | Improper Authentication vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | 5.8 |
2009-06-15 | CVE-2009-2072 | Apple | Improper Authentication vulnerability in Apple Safari Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server. | 5.4 |
2009-06-19 | CVE-2009-2134 | Pivot | Information Exposure vulnerability in Pivot 1.40.4/1.40.7 pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message. | 5.0 |
2009-06-19 | CVE-2009-2130 | Elvinbts | Information Exposure vulnerability in Elvinbts 1.2.0 Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request. | 5.0 |
2009-06-19 | CVE-2009-0961 | Apple | Unspecified vulnerability in Apple Iphone OS and Ipod Touch The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert. | 5.0 |
2009-06-18 | CVE-2009-2108 | GIT | Resource Management Errors vulnerability in GIT git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments. | 5.0 |
2009-06-17 | CVE-2009-2100 | Joomla Joomlapraise | Path Traversal vulnerability in Joomlapraise COM Projectfork 2.0.10 Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. | 5.0 |
2009-06-16 | CVE-2009-1761 | CA | Improper Input Validation vulnerability in CA Arcserve Backup R12.0 The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error. | 5.0 |
2009-06-19 | CVE-2009-2135 | SUN | Race Condition vulnerability in SUN Opensolaris and Solaris Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions. | 4.9 |
2009-06-18 | CVE-2009-1935 | Freebsd | Numeric Errors vulnerability in Freebsd Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors. | 4.9 |
2009-06-19 | CVE-2009-2138 | Tbdev | Improper Input Validation vulnerability in Tbdev Tbdev.Net Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or (2) the returnto parameter in a delete action to news.php. | 4.3 |
2009-06-19 | CVE-2009-2133 | Pivot | Cross-Site Scripting vulnerability in Pivot 1.40.4/1.40.7 Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.40.4 and 1.40.7 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) sort parameter to pivot/index.php, (3) the value of a check array parameter in a delete action to pivot/index.php, (4) the element name in a check array parameter in a delete action to pivot/index.php, (5) the edituser parameter in an edituser action to pivot/index.php, (6) the edit parameter in a templates action to pivot/index.php, (7) the blog parameter in a blog_edit1 action to pivot/index.php, (8) the cat parameter in a cat_edit action to pivot/index.php, (9) a certain form field in a doaction=1 request to pivot/index.php, (10) the url field in a my_weblog edit_prefs action to pivot/user.php, or (11) the username (aka name) field in a my_weblog reg_user action to pivot/user.php. | 4.3 |
2009-06-19 | CVE-2009-2127 | Elvinbts | Cross-Site Scripting vulnerability in Elvinbts 1.2.0 Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2009-06-19 | CVE-2009-2126 | Elvinbts | Cross-Site Scripting vulnerability in Elvinbts 1.1.0 Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the title (aka subject) field. | 4.3 |
2009-06-19 | CVE-2009-0960 | Apple | Unspecified vulnerability in Apple Iphone OS and Ipod Touch The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL. | 4.3 |
2009-06-19 | CVE-2009-0958 | Apple | Information Exposure vulnerability in Apple Iphone OS and Ipod Touch Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials. | 4.3 |
2009-06-18 | CVE-2009-2119 | F5 | Cross-Site Scripting vulnerability in F5 Firepass SSL VPN Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter. | 4.3 |
2009-06-18 | CVE-2009-2114 | Skybluecanvas | Cross-Site Scripting vulnerability in Skybluecanvas 1.1 Multiple cross-site scripting (XSS) vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the (1) mgroup, (2) mgr, (3) objtype, (4) id, and (5) dir parameters. | 4.3 |
2009-06-17 | CVE-2009-2107 | Webmediaexplorer | Cross-Site Scripting vulnerability in Webmediaexplorer Webmedia Explorer 5.09/5.10 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Webmedia Explorer (webmex) 5.09 and 5.10 allow remote attackers to inject arbitrary web script or HTML via event handlers such as onmouseover in the (1) search or (2) tag parameters; (3) arbitrary invalid parameter names that are not properly handled when triggered on a column; (4) bookmark parameter in an edit action; or (5) email parameter in a remember action. | 4.3 |
2009-06-17 | CVE-2009-2104 | UDO VON Eynern Typo3 | Cross-Site Scripting vulnerability in UDO VON Eynern Modern Guest Book Commenting System Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-06-16 | CVE-2009-2081 | Phpwebthings | Path Traversal vulnerability in PHPwebthings Directory traversal vulnerability in help.php in phpWebThings 1.5.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. | 4.3 |
2009-06-16 | CVE-2009-2078 | Drupal Heine Familiedeelstra | Cross-Site Scripting vulnerability in Heine.Familiedeelstra Booktree Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) node title and (2) node body in a tree root page. | 4.3 |
2009-06-19 | CVE-2009-2125 | Elvinbts | Permissions, Privileges, and Access Controls vulnerability in Elvinbts 1.1.0 delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs. | 4.0 |
2009-06-18 | CVE-2009-2116 | Skybluecanvas | Path Traversal vulnerability in Skybluecanvas 1.1 Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a .. | 4.0 |
2009-06-16 | CVE-2009-2077 | Angrydonuts Drupal | Permissions, Privileges, and Access Controls vulnerability in Angrydonuts Views Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries. | 4.0 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-06-19 | CVE-2009-2131 | 4Homepages | Cross-Site Scripting vulnerability in 4Homepages 4Images Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture. | 3.5 |
2009-06-19 | CVE-2009-1680 | Apple | Information Exposure vulnerability in Apple Iphone OS and Ipod Touch Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history. | 2.1 |
2009-06-19 | CVE-2009-1679 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Ipod Touch The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy. | 2.1 |