Weekly Vulnerabilities Reports > November 2 to 8, 2009
Overview
63 new vulnerabilities reported during this period, including 24 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 65 products from 35 vendors including SUN, Microsoft, Typo3, Linux, and IBM. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Code Injection", and "Resource Management Errors".
- 58 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 17 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 56 reported vulnerabilities are exploitable by an anonymous user.
- SUN has the most reported vulnerabilities, with 17 reported vulnerabilities.
- SUN has the most reported critical vulnerabilities, with 10 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
24 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-11-06 | CVE-2009-2685 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Power Manager Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable. | 10.0 |
| 2009-11-04 | CVE-2009-3854 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Tivoli Storage Manager Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2009-11-06 | CVE-2009-3850 | Blender | Code Injection vulnerability in Blender Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA. | 9.3 |
| 2009-11-05 | CVE-2009-3878 | Intevydis SUN | Buffer Errors vulnerability in SUN Java System web Server 7.0 Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. | 9.3 |
| 2009-11-05 | CVE-2009-3874 | SUN Microsoft | Numeric Errors vulnerability in SUN Jdk, JRE and SDK Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. | 9.3 |
| 2009-11-05 | CVE-2009-3873 | SUN Microsoft | Buffer Errors vulnerability in SUN Jdk, JRE and SDK The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. | 9.3 |
| 2009-11-05 | CVE-2009-3872 | SUN Microsoft | Multiple Security vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. | 9.3 |
| 2009-11-05 | CVE-2009-3871 | SUN Microsoft | Buffer Errors vulnerability in SUN Jdk, JRE and SDK Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. | 9.3 |
| 2009-11-05 | CVE-2009-3869 | SUN Microsoft | Buffer Errors vulnerability in SUN Jdk, JRE and SDK Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. | 9.3 |
| 2009-11-05 | CVE-2009-3868 | SUN Microsoft | Buffer Errors vulnerability in SUN Jdk, JRE and SDK Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. | 9.3 |
| 2009-11-05 | CVE-2009-3867 | SUN Microsoft | Buffer Errors vulnerability in SUN Jdk, JRE and SDK Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. | 9.3 |
| 2009-11-05 | CVE-2009-3866 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824. | 9.3 |
| 2009-11-05 | CVE-2009-3865 | SUN | Code Injection vulnerability in SUN JDK and JRE The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. | 9.3 |
| 2009-11-04 | CVE-2009-3859 | Eeye | Buffer Errors vulnerability in Eeye products Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retina Network Security Scanner 5.10.14, allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .rws file with a long RWS010 entry. | 9.3 |
| 2009-11-04 | CVE-2009-3855 | IBM | Remote Security vulnerability in Tivoli Storage Manager Express Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors. | 9.3 |
| 2009-11-04 | CVE-2009-3853 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Tivoli Storage Manager Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet. | 9.3 |
| 2009-11-04 | CVE-2009-3466 | Adobe | Resource Management Errors vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information. | 9.3 |
| 2009-11-04 | CVE-2009-3465 | Adobe | Code Injection vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. | 9.3 |
| 2009-11-04 | CVE-2009-3464 | Adobe | Code Injection vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. | 9.3 |
| 2009-11-04 | CVE-2009-3463 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. | 9.3 |
| 2009-11-04 | CVE-2009-0306 | RIM IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. | 9.3 |
| 2009-11-03 | CVE-2009-3031 | Symantec | Buffer Errors vulnerability in Symantec products Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument. | 9.3 |
| 2009-11-02 | CVE-2009-3838 | Pmail | Buffer Errors vulnerability in Pmail Pegasus Mail 4.41/4.51 Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message. | 9.3 |
| 2009-11-02 | CVE-2009-3837 | Eureka Email | Buffer Errors vulnerability in Eureka-Email Eureka Email 2.2Q Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message. | 9.3 |
11 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-11-02 | CVE-2009-3631 | Typo3 | Code Injection vulnerability in Typo3 The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. | 8.5 |
| 2009-11-06 | CVE-2009-3900 | IBM | Unspecified vulnerability in IBM Powerha Unspecified vulnerability in the Cluster Management component in IBM PowerHA 5.4, 5.4.1, 5.5, and 6.1 on AIX allows remote attackers to modify the operating-system configuration via packets to the godm port (6177/tcp). | 7.8 |
| 2009-11-06 | CVE-2009-3899 | SUN | Resource Management Errors vulnerability in SUN Opensolaris and Solaris Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris 10, and OpenSolaris snv_57 through snv_94, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | 7.8 |
| 2009-11-06 | CVE-2009-3904 | Cubecart | Permissions, Privileges, and Access Controls vulnerability in Cubecart 4.3.4 classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header. | 7.5 |
| 2009-11-05 | CVE-2009-3864 | Microsoft SUN | Multiple Security vulnerability in Sun Java SE November 2009 The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694. | 7.5 |
| 2009-11-03 | CVE-2009-3852 | IBM | Unspecified vulnerability in IBM Runtimes for Java Technology 'XML4J' Component Unspecified vulnerability in the XML component in IBM Runtimes for Java Technology 5.0.0 before SR10 has unknown impact and attack vectors, related to the "updated version of XML4J 4.4.17." | 7.5 |
| 2009-11-02 | CVE-2009-3835 | Whorl LTD Joomla | SQL Injection vulnerability in Whorl LTD Jshop SQL injection vulnerability in the JShop (com_jshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a product action to index.php. | 7.5 |
| 2009-11-02 | CVE-2009-3834 | Webguerilla Joomla | SQL Injection vulnerability in Webguerilla COM Photoblog Alpha3/Alpha3A SQL injection vulnerability in the Photoblog (com_photoblog) component alpha 3 and alpha 3a for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in a blogs action to index.php. | 7.5 |
| 2009-11-06 | CVE-2009-3725 | Linux Canonical | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems. | 7.2 |
| 2009-11-03 | CVE-2009-3851 | SUN | Denial-Of-Service vulnerability in SUN Solaris 10.0 Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended screen locking did not occur, related to the "restart daemon." | 7.2 |
| 2009-11-04 | CVE-2009-3547 | Linux Novell Opensuse Suse Canonical Fedoraproject Vmware Redhat | Operation on a Resource after Expiration or Release vulnerability in multiple products Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. | 7.0 |
26 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-11-02 | CVE-2009-2267 | Vmware | Local Privilege Escalation vulnerability in VMware Products Page Fault Exception VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register. | 6.9 |
| 2009-11-02 | CVE-2009-3839 | SUN | Remote Privilege Escalation vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server. | 6.8 |
| 2009-11-02 | CVE-2009-3635 | Typo3 | Improper Authentication vulnerability in Typo3 The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential. | 6.8 |
| 2009-11-03 | CVE-2009-3298 | Mahara | Permissions, Privileges, and Access Controls vulnerability in Mahara Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors. | 6.5 |
| 2009-11-02 | CVE-2009-3632 | Typo3 | SQL Injection vulnerability in Typo3 SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters. | 6.5 |
| 2009-11-02 | CVE-2009-3836 | Arubanetworks | Remote Denial of Service vulnerability in Aruba Mobility Controller 802.11 Association Request Frame ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame. | 6.1 |
| 2009-11-04 | CVE-2009-3860 | Idefense | Permissions, Privileges, and Access Controls vulnerability in Idefense Comraider Multiple insecure method vulnerabilities in Idefense Labs COMRaider allow remote attackers to create or overwrite arbitrary files via the (1) CreateFolder and (2) Copy methods. | 5.8 |
| 2009-11-02 | CVE-2009-3630 | Typo3 | Multiple Security vulnerability in TYPO3 Core The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue. | 5.5 |
| 2009-11-05 | CVE-2009-3877 | SUN Linux Microsoft | Resource Management Errors vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. | 5.0 |
| 2009-11-05 | CVE-2009-3876 | SUN Linux Microsoft | Resource Management Errors vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. | 5.0 |
| 2009-11-05 | CVE-2009-3875 | SUN Linux Microsoft | Cryptographic Issues vulnerability in SUN Jdk, JRE and SDK The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503. | 5.0 |
| 2009-11-04 | CVE-2009-3863 | Novell | Buffer Errors vulnerability in Novell Groupwise 7.0.3.1294 Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method. | 5.0 |
| 2009-11-04 | CVE-2009-3862 | Novell | Improper Authentication vulnerability in Novell Edirectory The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value. | 5.0 |
| 2009-11-02 | CVE-2009-3733 | Vmware Linux | Path Traversal vulnerability in VMWare Esx, Esxi and Server Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2009-11-06 | CVE-2009-3905 | Ecouriersoftware | Cross-Site Scripting vulnerability in Ecouriersoftware E-Courirer CMS Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to (1) Wizard_tracking.asp, (2) wizard_oe2.asp, (3) your-register.asp, (4) main-whyregister.asp, and (5) your.asp in home/, and other unspecified vectors. | 4.3 |
| 2009-11-06 | CVE-2009-3903 | Manageengine | Cross-Site Scripting vulnerability in Manageengine Netflow Analyzer 7.5 Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) section parameters. | 4.3 |
| 2009-11-06 | CVE-2009-3901 | Ecouriersoftware | Cross-Site Scripting vulnerability in Ecouriersoftware E-Courirer CMS Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors. | 4.3 |
| 2009-11-04 | CVE-2009-3858 | Gejosoft | Cross-Site Scripting vulnerability in Gejosoft Cross-site scripting (XSS) vulnerability in GejoSoft allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI in photos/tags. | 4.3 |
| 2009-11-04 | CVE-2009-3857 | Softonic | Buffer Errors vulnerability in Softonic Scite 1.72 Buffer overflow in Softonic International SciTE 1.72 allows user-assisted remote attackers to cause a denial of service (application crash) via a Ruby (.rb) file containing a long string, which triggers the crash when a scroll bar is used. | 4.3 |
| 2009-11-04 | CVE-2009-3856 | Twilightcms | Cross-site Scripting vulnerability in Twilightcms Twilight CMS Cross-site scripting (XSS) vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. | 4.3 |
| 2009-11-03 | CVE-2009-3299 | Mahara | Cross-Site Scripting vulnerability in Mahara Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-11-02 | CVE-2009-3833 | Tftgallery | Cross-Site Scripting vulnerability in Tftgallery 0.13 Cross-site scripting (XSS) vulnerability in index.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the album parameter. | 4.3 |
| 2009-11-02 | CVE-2009-3636 | Typo3 | Cross-Site Scripting vulnerability in Typo3 Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
| 2009-11-02 | CVE-2009-3634 | Typo3 | Cross-Site Scripting vulnerability in Typo3 Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
| 2009-11-02 | CVE-2009-3633 | Typo3 | Cross-Site Request Forgery (CSRF) vulnerability in Typo3 Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm. | 4.3 |
| 2009-11-02 | CVE-2009-3628 | Typo3 | Information Exposure vulnerability in Typo3 The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element. | 4.0 |
2 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-11-02 | CVE-2009-3629 | Typo3 | Cross-Site Scripting vulnerability in Typo3 Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2009-11-06 | CVE-2009-3300 | Internet2 | Cross-Site Scripting vulnerability in Internet2 Identity Provider and Service Provider Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms. | 2.6 |