Weekly Vulnerabilities Reports > November 2 to 8, 2009

Overview

62 new vulnerabilities reported during this period, including 24 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 64 products from 35 vendors including SUN, Microsoft, Typo3, IBM, and Linux. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Code Injection", and "Resource Management Errors".

  • 57 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 16 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 55 reported vulnerabilities are exploitable by an anonymous user.
  • SUN has the most reported vulnerabilities, with 17 reported vulnerabilities.
  • SUN has the most reported critical vulnerabilities, with 10 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

24 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-11-06 CVE-2009-2685 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Power Manager

Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.

10.0
2009-11-04 CVE-2009-3854 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Tivoli Storage Manager

Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2009-11-06 CVE-2009-3850 Blender Code Injection vulnerability in Blender

Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.

9.3
2009-11-05 CVE-2009-3878 Intevydis
SUN
Buffer Errors vulnerability in SUN Java System web Server 7.0

Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12.

9.3
2009-11-05 CVE-2009-3874 SUN
Microsoft
Numeric Errors vulnerability in SUN Jdk, JRE and SDK

Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.

9.3
2009-11-05 CVE-2009-3873 SUN
Microsoft
Buffer Errors vulnerability in SUN Jdk, JRE and SDK

The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.

9.3
2009-11-05 CVE-2009-3872 SUN
Microsoft
Multiple Security vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.

9.3
2009-11-05 CVE-2009-3871 SUN
Microsoft
Buffer Errors vulnerability in SUN Jdk, JRE and SDK

Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.

9.3
2009-11-05 CVE-2009-3869 SUN
Microsoft
Buffer Errors vulnerability in SUN Jdk, JRE and SDK

Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.

9.3
2009-11-05 CVE-2009-3868 SUN
Microsoft
Buffer Errors vulnerability in SUN Jdk, JRE and SDK

Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.

9.3
2009-11-05 CVE-2009-3867 SUN
Microsoft
Buffer Errors vulnerability in SUN Jdk, JRE and SDK

Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.

9.3
2009-11-05 CVE-2009-3866 SUN Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE

The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824.

9.3
2009-11-05 CVE-2009-3865 SUN Code Injection vulnerability in SUN JDK and JRE

The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.

9.3
2009-11-04 CVE-2009-3859 Eeye Buffer Errors vulnerability in Eeye products

Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retina Network Security Scanner 5.10.14, allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .rws file with a long RWS010 entry.

9.3
2009-11-04 CVE-2009-3855 IBM Remote Security vulnerability in Tivoli Storage Manager Express

Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors.

9.3
2009-11-04 CVE-2009-3853 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Tivoli Storage Manager

Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet.

9.3
2009-11-04 CVE-2009-3466 Adobe Resource Management Errors vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information.

9.3
2009-11-04 CVE-2009-3465 Adobe Code Injection vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464.

9.3
2009-11-04 CVE-2009-3464 Adobe Code Injection vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465.

9.3
2009-11-04 CVE-2009-3463 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site.

9.3
2009-11-04 CVE-2009-0306 RIM
IBM
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page.

9.3
2009-11-03 CVE-2009-3031 Symantec Buffer Errors vulnerability in Symantec products

Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.

9.3
2009-11-02 CVE-2009-3838 Pmail Buffer Errors vulnerability in Pmail Pegasus Mail 4.41/4.51

Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message.

9.3
2009-11-02 CVE-2009-3837 Eureka Email Buffer Errors vulnerability in Eureka-Email Eureka Email 2.2Q

Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message.

9.3

11 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-11-02 CVE-2009-3631 Typo3 Code Injection vulnerability in Typo3

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.

8.5
2009-11-06 CVE-2009-3900 IBM Unspecified vulnerability in IBM Powerha

Unspecified vulnerability in the Cluster Management component in IBM PowerHA 5.4, 5.4.1, 5.5, and 6.1 on AIX allows remote attackers to modify the operating-system configuration via packets to the godm port (6177/tcp).

7.8
2009-11-06 CVE-2009-3899 SUN Resource Management Errors vulnerability in SUN Opensolaris and Solaris

Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris 10, and OpenSolaris snv_57 through snv_94, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

7.8
2009-11-06 CVE-2009-3904 Cubecart Permissions, Privileges, and Access Controls vulnerability in Cubecart 4.3.4

classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header.

7.5
2009-11-05 CVE-2009-3864 Microsoft
SUN
Multiple Security vulnerability in Sun Java SE November 2009

The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694.

7.5
2009-11-03 CVE-2009-3852 IBM Unspecified vulnerability in IBM Runtimes for Java Technology 'XML4J' Component

Unspecified vulnerability in the XML component in IBM Runtimes for Java Technology 5.0.0 before SR10 has unknown impact and attack vectors, related to the "updated version of XML4J 4.4.17."

7.5
2009-11-02 CVE-2009-3835 Whorl LTD
Joomla
SQL Injection vulnerability in Whorl LTD Jshop

SQL injection vulnerability in the JShop (com_jshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a product action to index.php.

7.5
2009-11-02 CVE-2009-3834 Webguerilla
Joomla
SQL Injection vulnerability in Webguerilla COM Photoblog Alpha3/Alpha3A

SQL injection vulnerability in the Photoblog (com_photoblog) component alpha 3 and alpha 3a for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in a blogs action to index.php.

7.5
2009-11-06 CVE-2009-3725 Linux
Canonical
Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems.

7.2
2009-11-03 CVE-2009-3851 SUN Denial-Of-Service vulnerability in SUN Solaris 10.0

Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended screen locking did not occur, related to the "restart daemon."

7.2
2009-11-04 CVE-2009-3547 Linux
Novell
Opensuse
Suse
Canonical
Fedoraproject
Vmware
Redhat
Operation on a Resource after Expiration or Release vulnerability in multiple products

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

7.0

25 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-11-02 CVE-2009-2267 Vmware Local Privilege Escalation vulnerability in VMware Products Page Fault Exception

VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.

6.9
2009-11-02 CVE-2009-3839 SUN Remote Privilege Escalation vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server.

6.8
2009-11-02 CVE-2009-3635 Typo3 Improper Authentication vulnerability in Typo3

The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.

6.8
2009-11-03 CVE-2009-3298 Mahara Permissions, Privileges, and Access Controls vulnerability in Mahara

Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors.

6.5
2009-11-02 CVE-2009-3632 Typo3 SQL Injection vulnerability in Typo3

SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters.

6.5
2009-11-02 CVE-2009-3836 Arubanetworks Remote Denial of Service vulnerability in Aruba Mobility Controller 802.11 Association Request Frame

ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame.

6.1
2009-11-04 CVE-2009-3860 Idefense Permissions, Privileges, and Access Controls vulnerability in Idefense Comraider

Multiple insecure method vulnerabilities in Idefense Labs COMRaider allow remote attackers to create or overwrite arbitrary files via the (1) CreateFolder and (2) Copy methods.

5.8
2009-11-02 CVE-2009-3630 Typo3 Multiple Security vulnerability in TYPO3 Core

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue.

5.5
2009-11-05 CVE-2009-3877 SUN
Linux
Microsoft
Resource Management Errors vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.

5.0
2009-11-05 CVE-2009-3876 SUN
Linux
Microsoft
Resource Management Errors vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.

5.0
2009-11-05 CVE-2009-3875 SUN
Linux
Microsoft
Cryptographic Issues vulnerability in SUN Jdk, JRE and SDK

The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.

5.0
2009-11-04 CVE-2009-3863 Novell Buffer Errors vulnerability in Novell Groupwise 7.0.3.1294

Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method.

5.0
2009-11-04 CVE-2009-3862 Novell Improper Authentication vulnerability in Novell Edirectory

The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value.

5.0
2009-11-06 CVE-2009-3905 Ecouriersoftware Cross-Site Scripting vulnerability in Ecouriersoftware E-Courirer CMS

Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to (1) Wizard_tracking.asp, (2) wizard_oe2.asp, (3) your-register.asp, (4) main-whyregister.asp, and (5) your.asp in home/, and other unspecified vectors.

4.3
2009-11-06 CVE-2009-3903 Manageengine Cross-Site Scripting vulnerability in Manageengine Netflow Analyzer 7.5

Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) section parameters.

4.3
2009-11-06 CVE-2009-3901 Ecouriersoftware Cross-Site Scripting vulnerability in Ecouriersoftware E-Courirer CMS

Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.

4.3
2009-11-04 CVE-2009-3858 Gejosoft Cross-Site Scripting vulnerability in Gejosoft

Cross-site scripting (XSS) vulnerability in GejoSoft allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI in photos/tags.

4.3
2009-11-04 CVE-2009-3857 Softonic Buffer Errors vulnerability in Softonic Scite 1.72

Buffer overflow in Softonic International SciTE 1.72 allows user-assisted remote attackers to cause a denial of service (application crash) via a Ruby (.rb) file containing a long string, which triggers the crash when a scroll bar is used.

4.3
2009-11-04 CVE-2009-3856 Twilightcms Cross-site Scripting vulnerability in Twilightcms Twilight CMS

Cross-site scripting (XSS) vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter.

4.3
2009-11-03 CVE-2009-3299 Mahara Cross-Site Scripting vulnerability in Mahara

Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-11-02 CVE-2009-3833 Tftgallery Cross-Site Scripting vulnerability in Tftgallery 0.13

Cross-site scripting (XSS) vulnerability in index.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the album parameter.

4.3
2009-11-02 CVE-2009-3636 Typo3 Cross-Site Scripting vulnerability in Typo3

Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

4.3
2009-11-02 CVE-2009-3634 Typo3 Cross-Site Scripting vulnerability in Typo3

Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

4.3
2009-11-02 CVE-2009-3633 Typo3 Cross-Site Request Forgery (CSRF) vulnerability in Typo3

Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.

4.3
2009-11-02 CVE-2009-3628 Typo3 Information Exposure vulnerability in Typo3

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.

4.0

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-11-02 CVE-2009-3629 Typo3 Cross-Site Scripting vulnerability in Typo3

Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2009-11-06 CVE-2009-3300 Internet2 Cross-Site Scripting vulnerability in Internet2 Identity Provider and Service Provider

Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms.

2.6