Weekly Vulnerabilities Reports > November 9 to 15, 2009

Overview

88 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 67 products from 39 vendors including Apple, Microsoft, SUN, Drupal, and Google. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Code Injection", "Resource Management Errors", and "Permissions, Privileges, and Access Controls".

  • 78 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 16 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 84 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 27 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 13 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

20 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-11-12 CVE-2009-3935 IBM Security vulnerability in IBM BladeCenter Advanced Management Module

Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors.

10.0
2009-11-11 CVE-2009-2523 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows 2000

The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."

10.0
2009-11-13 CVE-2009-3384 Apple
Microsoft
Unspecified vulnerability in Apple Safari

Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.

9.3
2009-11-13 CVE-2009-1570 Gimp Numeric Errors vulnerability in Gimp 2.6.7

Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.

9.3
2009-11-12 CVE-2009-3932 Google Denial-Of-Service vulnerability in Chrome

The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting "SQL metadata into a bad state."

9.3
2009-11-12 CVE-2009-3931 Google Improper Input Validation vulnerability in Google Chrome

Incomplete blacklist vulnerability in browser/download/download_exe.cc in Google Chrome before 3.0.195.32 allows remote attackers to force the download of certain dangerous files via a "Content-Disposition: attachment" designation, as demonstrated by (1) .mht and (2) .mhtml files, which are automatically executed by Internet Explorer 6; (3) .svg files, which are automatically executed by Safari; (4) .xml files; (5) .htt files; (6) .xsl files; (7) .xslt files; and (8) image files that are forbidden by the victim's site policy.

9.3
2009-11-11 CVE-2009-3134 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel Field Sanitization Vulnerability."

9.3
2009-11-11 CVE-2009-3133 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."

9.3
2009-11-11 CVE-2009-3132 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed formula, related to a "pointer corruption" issue, aka "Excel Index Parsing Vulnerability."

9.3
2009-11-11 CVE-2009-3131 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a spreadsheet with a crafted formula embedded in a cell, aka "Excel Formula Parsing Memory Corruption Vulnerability."

9.3
2009-11-11 CVE-2009-3130 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."

9.3
2009-11-11 CVE-2009-3135 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."

9.3
2009-11-11 CVE-2009-3129 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."

9.3
2009-11-11 CVE-2009-3128 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."

9.3
2009-11-11 CVE-2009-3127 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."

9.3
2009-11-11 CVE-2009-2514 Microsoft Code Injection vulnerability in Microsoft products

win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."

9.3
2009-11-11 CVE-2009-2512 Microsoft Code Injection vulnerability in Microsoft Windows Server 2008 and Windows Vista

The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka "Web Services on Devices API Memory Corruption Vulnerability."

9.3
2009-11-10 CVE-2009-3930 Christos Zoulas Numeric Errors vulnerability in Christos Zoulas File

Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.

9.3
2009-11-10 CVE-2009-2819 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors.

9.3
2009-11-10 CVE-2009-3924 Raven Software
Punkbuster
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and possibly other applications when Even Balance PunkBuster 1.728 or earlier is enabled, allows remote attackers to cause a denial of service (application server crash) and possibly execute arbitrary code via a long restart packet.

9.3

15 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-11-11 CVE-2009-1928 Microsoft Resource Management Errors vulnerability in Microsoft products

Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) on Windows Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via a malformed (1) LDAP or (2) LDAPS request, aka "LSASS Recursive Stack Overflow Vulnerability."

7.8
2009-11-09 CVE-2009-3726 Linux Resource Management Errors vulnerability in Linux Kernel

The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.

7.8
2009-11-12 CVE-2009-3548 Apache Credentials Management vulnerability in Apache Tomcat

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

7.5
2009-11-10 CVE-2009-2833 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

7.5
2009-11-10 CVE-2009-2828 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

7.5
2009-11-10 CVE-2009-3923 SUN Improper Authentication vulnerability in SUN Virtual Desktop Infrastructure and Virtualbox

The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.

7.5
2009-11-09 CVE-2009-3886 SUN Unspecified vulnerability in SUN JRE 1.6.0

The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531.

7.5
2009-11-09 CVE-2009-3883 SUN Information Exposure vulnerability in SUN Jdk, JRE and Openjdk

Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138.

7.5
2009-11-09 CVE-2009-3882 SUN Information Exposure vulnerability in SUN Jdk, JRE and Openjdk

Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026.

7.5
2009-11-09 CVE-2009-3881 SUN Information Exposure vulnerability in SUN JRE and Openjdk

Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650.

7.5
2009-11-09 CVE-2009-3879 SUN Unspecified vulnerability in SUN JRE and Openjdk

Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057.

7.5
2009-11-09 CVE-2009-3913 Xerox SQL Injection vulnerability in Xerox Fiery Webtools

SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter.

7.5
2009-11-11 CVE-2009-2513 Microsoft Improper Input Validation vulnerability in Microsoft products

The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."

7.2
2009-11-11 CVE-2009-1127 Microsoft Improper Input Validation vulnerability in Microsoft products

win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."

7.2
2009-11-13 CVE-2009-3676 Microsoft Resource Management Errors vulnerability in Microsoft Windows 7 and Windows Server 2008

The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."

7.1

53 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-11-13 CVE-2009-3938 Poppler Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Poppler 0.10.6/0.12.0

Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file.

6.8
2009-11-13 CVE-2009-2816 Apple
Google
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.

6.8
2009-11-12 CVE-2007-5475 Marvell
Linksys
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple buffer overflows in the Marvell wireless driver, as used in Linksys WAP4400N Wi-Fi access point with firmware 1.2.17 on the Marvell 88W8361P-BEM1 chipset, and other products, allow remote 802.11-authenticated users to cause a denial of service (wireless access point crash) and possibly execute arbitrary code via an association request with long (1) rates, (2) extended rates, and unspecified other information elements.

6.8
2009-11-10 CVE-2009-2839 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

6.8
2009-11-10 CVE-2009-2838 Apple Numeric Errors vulnerability in Apple mac OS X 10.5.8

Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.

6.8
2009-11-10 CVE-2009-2837 Apple Buffer Errors vulnerability in Apple mac OS X 10.5.8/10.6/10.6.1

Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.

6.8
2009-11-10 CVE-2009-2830 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file.

6.8
2009-11-10 CVE-2009-2827 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image.

6.8
2009-11-10 CVE-2009-2826 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.

6.8
2009-11-10 CVE-2009-2824 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.

6.8
2009-11-10 CVE-2009-2810 Apple Multiple Security vulnerability in RETIRED: Apple Mac OS X 2009-006

Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a "potentially unsafe" warning message.

6.8
2009-11-09 CVE-2009-3922 Drupal
Chad Phillips
Cross-Site Request Forgery (CSRF) vulnerability in Chad Phillips Userprotect

Multiple cross-site request forgery (CSRF) vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that (1) delete the editing protection of a user or (2) delete a certain type of administrative-bypass rule.

6.8
2009-11-10 CVE-2009-2836 Apple Race Condition vulnerability in Apple mac OS X and mac OS X Server

Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors.

6.2
2009-11-13 CVE-2009-3936 Citrix Cryptographic Issues vulnerability in Citrix products

Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555.

5.8
2009-11-10 CVE-2009-2831 Apple Multiple Security vulnerability in RETIRED: Apple Mac OS X 2009-006

Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."

5.8
2009-11-09 CVE-2009-3555 Apache
GNU
Microsoft
Mozilla
Openssl
Canonical
Debian
Fedoraproject
Cryptographic Issues vulnerability in multiple products

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

5.8
2009-11-12 CVE-2009-0052 Netgear
Atheros
Remote Denial of Service vulnerability in NETGEAR WNDAP330 Management Frame

The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame.

5.5
2009-11-10 CVE-2009-2808 Apple Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server

Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.

5.4
2009-11-10 CVE-2009-2832 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Server

Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool." Per: http://support.apple.com/kb/HT3937 "This issue affects Mac OS X Server systems only"

5.1
2009-11-13 CVE-2009-2841 Apple Unspecified vulnerability in Apple Safari

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.

5.0
2009-11-12 CVE-2009-3933 Webkit
Google
Resource Management Errors vulnerability in Webkit 2.4.11

WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions.

5.0
2009-11-10 CVE-2009-2829 Apple Credentials Management vulnerability in Apple mac OS X Server 10.5.8

Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection" issue.

5.0
2009-11-10 CVE-2009-2818 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Server

Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack).

5.0
2009-11-10 CVE-2009-3727 Digium Information Exposure vulnerability in Digium Asterisk, Asterisknow and S800I

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.

5.0
2009-11-10 CVE-2009-3619 Viewvc Remote Security vulnerability in ViewVC

Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."

5.0
2009-11-09 CVE-2009-3885 SUN
Microsoft
Unspecified vulnerability in SUN JRE

Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file, probably a related issue to CVE-2007-2789, aka Bug Id 6632445.

5.0
2009-11-09 CVE-2009-3884 SUN Unspecified vulnerability in SUN JRE and Openjdk

The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.

5.0
2009-11-09 CVE-2009-3880 SUN Permissions, Privileges, and Access Controls vulnerability in SUN JRE and Openjdk

The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.

5.0
2009-11-09 CVE-2009-3729 SUN Unspecified vulnerability in SUN JRE 1.5.0/1.6.0

Unspecified vulnerability in the TrueType font parsing functionality in Sun Java SE 5.0 before Update 22 and 6 before Update 17 allows remote attackers to cause a denial of service (application crash) via a certain test suite, aka Bug Id 6815780.

5.0
2009-11-09 CVE-2009-3728 SUN Path Traversal vulnerability in SUN JRE and Openjdk

Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a ..

5.0
2009-11-09 CVE-2009-3920 Sean Robertson
Drupal
Permissions, Privileges, and Access Controls vulnerability in Sean Robertson Crmngp

An administration page in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal does not perform the expected access control, which allows remote attackers to read log information via unspecified vectors.

5.0
2009-11-09 CVE-2009-3912 Tftgallery Path Traversal vulnerability in Tftgallery 0.13

Directory traversal vulnerability in index.php in TFTgallery 0.13 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the album parameter.

5.0
2009-11-13 CVE-2009-3937 SUN Resource Management Errors vulnerability in SUN Opensolaris

Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106 through snv_126 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors involving tcp_sendmsg processing "ancillary data."

4.9
2009-11-10 CVE-2009-2840 Apple Multiple Security vulnerability in RETIRED: Apple Mac OS X 2009-006

Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors.

4.9
2009-11-10 CVE-2009-2834 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.

4.9
2009-11-10 CVE-2009-2835 Apple Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server

The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.

4.6
2009-11-13 CVE-2009-3566 Mcafee Cross-Site Scripting vulnerability in Mcafee Intrushield Network Security Manager 5.1.7.7/5.1.7.73

McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.

4.3
2009-11-13 CVE-2009-3565 Mcafee Cross-Site Scripting vulnerability in Mcafee Intrushield Network Security Manager 5.1.7.7/5.1.7.73

Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.

4.3
2009-11-13 CVE-2009-2842 Apple Information Disclosure vulnerability in Apple Safari Shortcut Menu Options

Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.

4.3
2009-11-12 CVE-2009-3934 Google Unspecified vulnerability in Google Chrome

The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated by a message in Yahoo! Mail.

4.3
2009-11-10 CVE-2009-2825 Apple Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server

Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

4.3
2009-11-10 CVE-2009-2823 Apple Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server

The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.

4.3
2009-11-10 CVE-2009-2820 Apple Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server

The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.

4.3
2009-11-10 CVE-2009-3618 Viewvc Cross-Site Scripting vulnerability in Viewvc

Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter.

4.3
2009-11-09 CVE-2009-3919 Sean Robertson
Drupal
Cross-Site Scripting vulnerability in Sean Robertson Crmngp

Cross-site scripting (XSS) vulnerability in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied information."

4.3
2009-11-09 CVE-2009-3918 Drupal
Karim Ratib
Cross-Site Scripting vulnerability in Karim Ratib Zoomify

Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title.

4.3
2009-11-09 CVE-2009-3917 Drupal
Greg Knaddison
Cross-Site Scripting vulnerability in Greg Knaddison S5 6.X1.0/6.X1.Xdev

Cross-site scripting (XSS) vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element.

4.3
2009-11-09 CVE-2009-3916 Drupal
Ronan Dowling
Cross-Site Scripting vulnerability in Ronan Dowling Nodehierarchy

Cross-site scripting (XSS) vulnerability in the Node Hierarchy module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a child node title.

4.3
2009-11-09 CVE-2009-3915 Drupal
John C Fiala
Cross-Site Scripting vulnerability in John C Fiala Link

Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field.

4.3
2009-11-09 CVE-2009-3914 Drupal
Wolfgang Ziegler
Cross-Site Scripting vulnerability in Wolfgang Ziegler Temporary Invitation

Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation.

4.3
2009-11-09 CVE-2009-3911 Tftgallery Cross-Site Scripting vulnerability in Tftgallery 0.13

Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the sample parameter.

4.3
2009-11-13 CVE-2009-2678 HP Unspecified vulnerability in HP Nonstop Server

Unspecified vulnerability in Open System Services (OSS) Name Server on HP NonStop G06.27, G06.28, G06.29, G06.30, H06.06, H06.07, H06.08, and J06.03 allows remote attackers to obtain sensitive information via unknown vectors.

4.0
2009-11-09 CVE-2009-3921 Drupal
Ezra Barnett Gildesgame
Permissions, Privileges, and Access Controls vulnerability in Ezra Barnett Gildesgame Smartqueue OG

The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages.

4.0

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS