Weekly Vulnerabilities Reports > June 15 to 21, 2009

Overview

87 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 27 high severity vulnerabilities. This weekly summary report vulnerabilities in 69 products from 54 vendors including Apple, Elvinbts, Drupal, Opera, and SUN. Vulnerabilities are notably categorized as "Improper Authentication", "SQL Injection", "Cross-site Scripting", "Path Traversal", and "Permissions, Privileges, and Access Controls".

  • 81 reported vulnerabilities are remotely exploitables.
  • 29 reported vulnerabilities have public exploit available.
  • 55 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 77 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-06-18 CVE-2009-2111 Jnmsolutions Code Injection vulnerability in Jnmsolutions DB TOP Sites 1.0

Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter.

10.0
2009-06-16 CVE-2009-2011 Dxstudio
Mozilla
OS Command Injection vulnerability in Dxstudio DX Studio Player 3.0.12.0/3.0.22.0

Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.

9.3
2009-06-15 CVE-2009-2061 Mozilla Cryptographic Issues vulnerability in Mozilla Firefox

Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

9.3

27 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-06-19 CVE-2009-2137 SUN Resource Management Errors vulnerability in SUN Opensolaris and Solaris

Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka n2cp) in Sun Solaris 10, and OpenSolaris snv_54 through snv_112, allows context-dependent attackers to cause a denial of service (memory consumption) via unspecified vectors related to a large keylen value.

7.8
2009-06-19 CVE-2009-2136 SUN Unspecified vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in the TCP/IP networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_117, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames.

7.8
2009-06-19 CVE-2009-1683 Apple Multiple vulnerability in Apple Iphone, Iphone OS and Ipod Touch

The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue."

7.8
2009-06-16 CVE-2009-1389 Linux Buffer Errors vulnerability in Linux Kernel and Linux Kernel

Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet.

7.8
2009-06-18 CVE-2009-2110 Jnmsolutions Path Traversal vulnerability in Jnmsolutions DB TOP Sites 1.0

Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..

7.6
2009-06-19 CVE-2009-2128 Elvinbts SQL Injection vulnerability in Elvinbts 1.1.0

SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the title (aka subject) field.

7.5
2009-06-19 CVE-2009-2124 Elvinbts Path Traversal vulnerability in Elvinbts 1.2.0

Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-06-19 CVE-2009-2123 Elvinbts SQL Injection vulnerability in Elvinbts 1.2.0

Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php.

7.5
2009-06-19 CVE-2009-2122 Wordpress
Paolo Palmonari
SQL Injection vulnerability in Paolo Palmonari Photoracer Plugin for Wordpress 1.0

SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-06-18 CVE-2009-2117 Phportal Improper Authentication vulnerability in PHPortal 1.0

uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username.

7.5
2009-06-18 CVE-2009-2113 Daan Sprenkels SQL Injection vulnerability in Daan Sprenkels Fretsweb 1.2

Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php.

7.5
2009-06-18 CVE-2009-2112 Frank Karau Path Traversal vulnerability in Frank-Karau PHPfk 7.03

Directory traversal vulnerability in include/page_bottom.php in phpFK 7.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _FORUM[settings_design_style] parameter.

7.5
2009-06-17 CVE-2009-2106 Typo3
Projektseminar Proservice WWU
SQL Injection vulnerability in Projektseminar Proservice WWU Virtual Civil Services 4.2.14/4.2.15/4.3.0

SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-06-17 CVE-2009-2105 Kasper Skrhj SQL Injection vulnerability in Kasper Skrhj References Database

SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-06-17 CVE-2009-2103 Steve Grundell
Typo3
SQL Injection vulnerability in Steve Grundell Frontend MP3 Player 0.2.0/0.2.1/0.2.2

SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-06-17 CVE-2009-2102 COM Jumi
Joomla
SQL Injection vulnerability in COM Jumi COM Jumi 2.0.3

SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for Joomla allows remote attackers to execute arbitrary SQL commands via the fileid parameter to index.php.

7.5
2009-06-17 CVE-2009-2099 Joomla
Ijoomla
SQL Injection vulnerability in Ijoomla COM Rssfeeder

SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php.

7.5
2009-06-17 CVE-2009-2098 Micheal Glazer SQL Injection vulnerability in Micheal Glazer PHPortal 1.0

SQL injection vulnerability in topicler.php in phPortal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-06-17 CVE-2009-2097 Zokisoft SQL Injection vulnerability in Zokisoft Zoki Catalog

SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog (aka Smart Catalog) allows remote attackers to execute arbitrary SQL commands via the search_text parameter.

7.5
2009-06-17 CVE-2009-2096 David Degner SQL Injection vulnerability in David Degner PHPcollegeexchange 0.1.5C

SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter.

7.5
2009-06-16 CVE-2009-1719 Apple
SUN
Code Injection vulnerability in SUN JRE 1.5.0/1.5.011B03

The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer.

7.5
2009-06-16 CVE-2009-2082 Creative WEB Solutions SQL Injection vulnerability in Creative web Solutions Multi-Level CMS 1.21

SQL injection vulnerability in insidepage.php in Creative Web Solutions Multi-Level CMS 1.21 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2009-06-16 CVE-2009-2080 Mrcgiguy Permissions, Privileges, and Access Controls vulnerability in Mrcgiguy the Ticket System 2.0

admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action.

7.5
2009-06-16 CVE-2009-2075 Drupal
Angrydonuts
Permissions, Privileges, and Access Controls vulnerability in Angrydonuts Nodequeue

Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors.

7.5
2009-06-16 CVE-2009-2084 Llnl Credentials Management vulnerability in Llnl Slurm

Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges.

7.2
2009-06-19 CVE-2009-1692 Apple Resource Management Errors vulnerability in Apple products

WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.

7.1
2009-06-19 CVE-2009-0959 Apple Improper Input Validation vulnerability in Apple Iphone, Iphone OS and Ipod Touch

The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue."

7.1

50 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-06-19 CVE-2009-2132 4Homepages Path Traversal vulnerability in 4Homepages 4Images

Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.

6.8
2009-06-19 CVE-2009-2129 Elvinbts Cross-Site Request Forgery (CSRF) vulnerability in Elvinbts 1.2.0

Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action.

6.8
2009-06-18 CVE-2009-2118 Irfanview Code Injection vulnerability in Irfanview 4.23

Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow.

6.8
2009-06-18 CVE-2009-2115 Skybluecanvas Information Exposure vulnerability in Skybluecanvas 1.1

admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message.

6.8
2009-06-17 CVE-2009-2101 Castro XL Path Traversal vulnerability in Castro XL Torrentvolve 1.4

Directory traversal vulnerability in archive.php in TorrentVolve 1.4, when register_globals is enabled, allows remote attackers to delete arbitrary files via a ..

6.8
2009-06-17 CVE-2009-2095 Mundi King Code Injection vulnerability in Mundi King Mundi Mail 0.8.2

PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi Mail 0.8.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the top parameter.

6.8
2009-06-16 CVE-2009-1391 Paul Marquess Numeric Errors vulnerability in Paul Marquess Compress-Raw-Zlib Perl Module

Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.

6.8
2009-06-16 CVE-2009-1390 Mutt
Openssl
GNU
Improper Authentication vulnerability in Mutt 1.5.19

Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.

6.8
2009-06-15 CVE-2009-2073 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Wrt160N 1.02.2

Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wireless router hardware 1 and firmware 1.02.2 allows remote attackers to hijack the authentication of other users for unspecified requests via unknown vectors, as demonstrated using administrator privileges and actions.

6.8
2009-06-15 CVE-2009-2071 Google Improper Authentication vulnerability in Google Chrome

Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.

6.8
2009-06-15 CVE-2009-2070 Opera Improper Authentication vulnerability in Opera Browser

Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.

6.8
2009-06-15 CVE-2009-2067 Opera Improper Authentication vulnerability in Opera Browser

Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

6.8
2009-06-15 CVE-2009-2066 Apple Improper Authentication vulnerability in Apple Safari

Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

6.8
2009-06-15 CVE-2009-2065 Mozilla Improper Authentication vulnerability in Mozilla Firefox

Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

6.8
2009-06-15 CVE-2009-2064 Microsoft Improper Authentication vulnerability in Microsoft Internet Explorer and Pocket IE

Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

6.8
2009-06-15 CVE-2009-2063 Opera Improper Authentication vulnerability in Opera Browser

Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

6.8
2009-06-15 CVE-2009-2062 Apple Improper Authentication vulnerability in Apple Safari

Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

6.8
2009-06-15 CVE-2009-2059 Opera Improper Authentication vulnerability in Opera Browser

Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

6.8
2009-06-15 CVE-2009-2058 Apple Improper Authentication vulnerability in Apple Safari

Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

6.8
2009-06-18 CVE-2009-2120 Tekbase SQL Injection vulnerability in Tekbase All-In-One 3.1

Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) ids parameter to admin.php, the (2) y parameter to members.php, and other unspecified vectors.

6.5
2009-06-15 CVE-2009-2069 Microsoft Improper Authentication vulnerability in Microsoft IE

Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.

5.8
2009-06-15 CVE-2009-2068 Opera Improper Authentication vulnerability in Opera

Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

5.8
2009-06-15 CVE-2009-2060 Google Improper Authentication vulnerability in Google Chrome

src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

5.8
2009-06-15 CVE-2009-2057 Microsoft Improper Authentication vulnerability in Microsoft IE

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

5.8
2009-06-15 CVE-2009-2072 Apple Improper Authentication vulnerability in Apple Safari

Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server.

5.4
2009-06-19 CVE-2009-2134 Pivot Information Exposure vulnerability in Pivot 1.40.4/1.40.7

pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message.

5.0
2009-06-19 CVE-2009-2130 Elvinbts Information Exposure vulnerability in Elvinbts 1.2.0

Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request.

5.0
2009-06-19 CVE-2009-0961 Apple Multiple vulnerability in Apple Iphone, Iphone OS and Ipod Touch

The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.

5.0
2009-06-18 CVE-2009-2109 Daan Sprenkels Path Traversal vulnerability in Daan Sprenkels Fretsweb 1.2

Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors, possibly related to admin/common.php.

5.0
2009-06-18 CVE-2009-2108 GIT Resource Management Errors vulnerability in GIT

git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments.

5.0
2009-06-17 CVE-2009-2100 Joomla
Joomlapraise
Path Traversal vulnerability in Joomlapraise COM Projectfork 2.0.10

Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.

5.0
2009-06-16 CVE-2009-1761 CA Improper Input Validation vulnerability in CA Arcserve Backup R12.0

The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error.

5.0
2009-06-16 CVE-2008-5515 Apache Path Traversal vulnerability in Apache Tomcat

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via ..

5.0
2009-06-19 CVE-2009-2135 SUN Race Condition vulnerability in SUN Opensolaris and Solaris

Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions.

4.9
2009-06-18 CVE-2009-1935 Freebsd Numeric Errors vulnerability in Freebsd

Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors.

4.9
2009-06-19 CVE-2009-2138 Tbdev Improper Input Validation vulnerability in Tbdev Tbdev.Net

Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or (2) the returnto parameter in a delete action to news.php.

4.3
2009-06-19 CVE-2009-2133 Pivot Cross-Site Scripting vulnerability in Pivot 1.40.4/1.40.7

Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.40.4 and 1.40.7 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) sort parameter to pivot/index.php, (3) the value of a check array parameter in a delete action to pivot/index.php, (4) the element name in a check array parameter in a delete action to pivot/index.php, (5) the edituser parameter in an edituser action to pivot/index.php, (6) the edit parameter in a templates action to pivot/index.php, (7) the blog parameter in a blog_edit1 action to pivot/index.php, (8) the cat parameter in a cat_edit action to pivot/index.php, (9) a certain form field in a doaction=1 request to pivot/index.php, (10) the url field in a my_weblog edit_prefs action to pivot/user.php, or (11) the username (aka name) field in a my_weblog reg_user action to pivot/user.php.

4.3
2009-06-19 CVE-2009-2127 Elvinbts Cross-Site Scripting vulnerability in Elvinbts 1.2.0

Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2009-06-19 CVE-2009-2126 Elvinbts Cross-Site Scripting vulnerability in Elvinbts 1.1.0

Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the title (aka subject) field.

4.3
2009-06-19 CVE-2009-0960 Apple Multiple vulnerability in Apple Iphone, Iphone OS and Ipod Touch

The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL.

4.3
2009-06-19 CVE-2009-0958 Apple Information Exposure vulnerability in Apple Iphone, Iphone OS and Ipod Touch

Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials.

4.3
2009-06-18 CVE-2009-2119 F5 Cross-Site Scripting vulnerability in F5 Firepass SSL VPN

Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter.

4.3
2009-06-18 CVE-2009-2114 Skybluecanvas Cross-Site Scripting vulnerability in Skybluecanvas 1.1

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the (1) mgroup, (2) mgr, (3) objtype, (4) id, and (5) dir parameters.

4.3
2009-06-17 CVE-2009-2107 Webmediaexplorer Cross-Site Scripting vulnerability in Webmediaexplorer Webmedia Explorer 5.09/5.10

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Webmedia Explorer (webmex) 5.09 and 5.10 allow remote attackers to inject arbitrary web script or HTML via event handlers such as onmouseover in the (1) search or (2) tag parameters; (3) arbitrary invalid parameter names that are not properly handled when triggered on a column; (4) bookmark parameter in an edit action; or (5) email parameter in a remember action.

4.3
2009-06-17 CVE-2009-2104 UDO VON Eynern
Typo3
Cross-Site Scripting vulnerability in UDO VON Eynern Modern Guest Book Commenting System

Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-06-16 CVE-2009-2081 Phpwebthings Path Traversal vulnerability in PHPwebthings

Directory traversal vulnerability in help.php in phpWebThings 1.5.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..

4.3
2009-06-16 CVE-2009-2078 Drupal
Heine Familiedeelstra
Cross-Site Scripting vulnerability in Heine.Familiedeelstra Booktree

Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) node title and (2) node body in a tree root page.

4.3
2009-06-19 CVE-2009-2125 Elvinbts Permissions, Privileges, and Access Controls vulnerability in Elvinbts 1.1.0

delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs.

4.0
2009-06-18 CVE-2009-2116 Skybluecanvas Path Traversal vulnerability in Skybluecanvas 1.1

Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a ..

4.0
2009-06-16 CVE-2009-2077 Angrydonuts
Drupal
Permissions, Privileges, and Access Controls vulnerability in Angrydonuts Views

Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries.

4.0

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-06-19 CVE-2009-2131 4Homepages Cross-Site Scripting vulnerability in 4Homepages 4Images

Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.

3.5
2009-06-16 CVE-2009-2083 Drupal
Mattias Hutterer
Cross-Site Scripting vulnerability in Mattias Hutterer Taxonomy Manager 5.X1.0/5.X1.1/5.X1.Xdev

Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."

3.5
2009-06-16 CVE-2009-2079 Drupal Cross-Site Scripting vulnerability in Drupal Taxonomy Manager

Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via (1) vocabulary names, (2) synonyms, and (3) term names.

3.5
2009-06-16 CVE-2009-2076 Drupal Cross-Site Scripting vulnerability in Drupal Views

Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature.

3.5
2009-06-16 CVE-2009-2074 Drupal Cross-Site Scripting vulnerability in Drupal Nodequeue

Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names.

3.5
2009-06-19 CVE-2009-1680 Apple Information Exposure vulnerability in Apple Iphone, Iphone OS and Ipod Touch

Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history.

2.1
2009-06-19 CVE-2009-1679 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone, Iphone OS and Ipod Touch

The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy.

2.1