US-CERT: United States Computer Emergency Readiness Team
National Cyber Alert System
Cyber Security Bulletin SB09-159
Last updated June 09, 2009
Cyber Security Bulletin SB09-159
Vulnerability Summary for the Week of June 1, 2009
|
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. |
| High Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
.mhfmedia -- ads_pro |
dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages. | 2009-06-08 | 10.0 | CVE-2008-6826 XF BID MILW0RM SECUNIA OSVDB |
|
a-link -- wl54ap2 a-link -- wl54ap3 |
The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access. | 2009-06-04 | 10.0 | CVE-2008-6824 BUGTRAQ MISC |
|
ahmet_donmez -- webeyes_guest_book |
SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid parameter. | 2009-06-05 | 7.5 | CVE-2009-1950 MILW0RM SECUNIA |
|
aimp -- aimp |
Stack-based buffer overflow in AIMP 2.51 build 330 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag. | 2009-06-05 | 9.3 | CVE-2009-1944 MISC XF MILW0RM SECUNIA OSVDB |
|
apple -- quicktime |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file. | 2009-06-02 | 9.3 | CVE-2009-0185 VUPEN CONFIRM APPLE |
|
apple -- quicktime |
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file. | 2009-06-02 | 9.3 | CVE-2009-0188 VUPEN CONFIRM APPLE |
|
apple -- itunes |
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon. | 2009-06-02 | 9.3 | CVE-2009-0950 VUPEN BID CONFIRM APPLE |
|
apple -- quicktime |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file. | 2009-06-02 | 9.3 | CVE-2009-0951 VUPEN CONFIRM |
|
apple -- quicktime |
Buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted compressed PSD image. | 2009-06-02 | 9.3 | CVE-2009-0952 VUPEN CONFIRM |
|
apple -- quicktime |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | 2009-06-02 | 9.3 | CVE-2009-0953 VUPEN CONFIRM |
|
apple -- quicktime |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types. | 2009-06-02 | 9.3 | CVE-2009-0954 VUPEN BID CONFIRM APPLE |
|
apple -- quicktime |
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue." | 2009-06-02 | 9.3 | CVE-2009-0955 VUPEN BID CONFIRM |
|
apple -- quicktime |
Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie containing a user data atom of size zero. | 2009-06-02 | 9.3 | CVE-2009-0956 VUPEN BID CONFIRM APPLE |
|
apple -- quicktime |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image. | 2009-06-02 | 9.3 | CVE-2009-0957 VUPEN BID CONFIRM APPLE |
|
ascadnetworks -- password_protector_sd |
Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin." | 2009-06-08 | 7.5 | CVE-2009-2003 BID MILW0RM |
|
dokeos -- dokeos |
Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902. | 2009-06-08 | 7.5 | CVE-2009-2004 VUPEN CONFIRM |
|
dokuwiki -- dokuwiki |
inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs. | 2009-06-07 | 9.3 | CVE-2009-1960 CONFIRM |
|
gscripts -- dns_tools |
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter. | 2009-06-04 | 10.0 | CVE-2009-1916 BID MILW0RM SECUNIA |
|
ibm -- websphere_mq |
Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 allows remote attackers to execute arbitrary code via a crafted request. | 2009-06-03 | 10.0 | CVE-2009-0896 VUPEN CONFIRM |
|
ibm -- websphere_application_server |
Unspecified vulnerability in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 has unknown impact and attack vectors, related to a "security exposure in wsadmin." | 2009-06-03 | 7.5 | CVE-2009-1899 VUPEN |
|
ibm -- websphere_application_server |
The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors. | 2009-06-03 | 7.5 | CVE-2009-1901 VUPEN CONFIRM |
|
ibm -- db2 |
The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856. | 2009-06-03 | 10.0 | CVE-2008-6820 CONFIRM AIXAPAR AIXAPAR AIXAPAR CONFIRM |
|
ibm -- db2 |
Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853. | 2009-06-03 | 10.0 | CVE-2008-6821 CONFIRM AIXAPAR AIXAPAR AIXAPAR CONFIRM |
|
ibm -- aix |
Unspecified vulnerability in portmapper (aka portmap) in IBM AIX 5.3 allows attackers to cause a denial of service (daemon hang) via unknown vectors, related to libtli. | 2009-06-07 | 7.8 | CVE-2009-1954 BID CONFIRM |
|
imagemagick -- imagemagick |
Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information. | 2009-06-02 | 9.3 | CVE-2009-1882 VUPEN BID SECUNIA OSVDB CONFIRM CONFIRM |
|
intel -- e1000 linux -- kernel |
Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size. | 2009-06-04 | 7.8 | CVE-2009-1385 CONFIRM CONFIRM CONFIRM |
|
joomlame -- com_agoragroup |
SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php. | 2009-06-01 | 7.5 | CVE-2009-1848 BID MILW0RM |
|
modsecurity -- modsecurity |
The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference. | 2009-06-03 | 7.8 | CVE-2009-1902 FEDORA |
|
modsecurity -- modsecurity |
The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method. | 2009-06-03 | 7.1 | CVE-2009-1903 FEDORA FEDORA VUPEN |
|
newearthpt -- imguoload |
Unrestricted file upload vulnerability in uploadp.php in New Earth Programming Team (NEPT) imgupload (aka Image Uploader) 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a modified content type, then accessing this file via a direct request, as demonstrated by an upload with an image/jpeg content type. NOTE: some of these details are obtained from third party information. | 2009-06-04 | 7.5 | CVE-2008-6822 XF BID MILW0RM SECUNIA OSVDB |
|
newsboard -- unclassified_newsboard |
SQL injection vulnerability in the UnbDbEncode function in unb_lib/database.lib.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to execute arbitrary SQL commands via the Query parameter in a search action to forum.php, a different vector than CVE-2005-3686. | 2009-06-05 | 7.5 | CVE-2009-1947 XF BID MILW0RM SECUNIA |
|
openskip -- skip |
SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2009-06-04 | 7.5 | CVE-2009-1909 JVN |
|
rafal_kucharski -- rtwebalbum |
SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote attackers to execute arbitrary SQL commands via the AlbumId parameter. | 2009-06-04 | 7.5 | CVE-2009-1910 XF BID BUGTRAQ MILW0RM SECUNIA CONFIRM CONFIRM |
|
safenet -- softremote safenet -- softremote1.4 |
Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet SoftRemote before 10.8.6 allows remote attackers to execute arbitrary code via a long request to UDP port 62514. | 2009-06-05 | 10.0 | CVE-2009-1943 XF MISC VUPEN SECTRACK BID BUGTRAQ SECUNIA OSVDB |
|
tzo -- webcal |
SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 allows remote attackers to execute arbitrary SQL commands via the event_id parameter. | 2009-06-05 | 7.5 | CVE-2009-1945 XF MILW0RM |
|
unclassified -- newsboard |
import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | 2009-06-05 | 7.8 | CVE-2009-1949 XF BID MILW0RM |
|
xvid -- xvid |
Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the xvidcore library in Xvid before 1.2.2, as used by Windows Media Player and other applications, allow remote attackers to execute arbitrary code by providing a crafted macroblock (aka MBlock) number in a video stream in a crafted movie file that triggers heap memory corruption, related to a "missing resync marker range check" and the (1) decoder_iframe, (2) decoder_pframe, and (3) decoder_bframe functions. | 2009-06-02 | 10.0 | CVE-2009-0893 CONFIRM |
|
xvid -- xvid |
Heap-based buffer overflow in the decoder_create function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the DirectShow (aka DShow) frontend and improper handling of the XVID_ERR_MEMORY return code during processing of a crafted movie file. NOTE: some of these details are obtained from third party information. | 2009-06-02 | 10.0 | CVE-2009-0894 CONFIRM CONFIRM |
| Back to top | ||||
| Medium Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
a-link -- wl54ap2 a-link -- wl54ap3 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify the network configuration via certain parameters to goform/formWanTcpipSetup or (2) modify credentials via certain parameters to goform/formPasswordSetup. | 2009-06-04 | 6.8 | CVE-2008-6823 MISC |
|
adaptbb -- adaptbb |
PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter. | 2009-06-05 | 6.8 | CVE-2009-1946 XF MILW0RM SECUNIA OSVDB |
|
apache -- tomcat |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. | 2009-06-05 | 5.0 | CVE-2009-0033 VUPEN BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
|
apache -- tomcat |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. | 2009-06-05 | 4.3 | CVE-2009-0580 VUPEN CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
|
apache -- apr-util |
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, related to an "underflow flaw." | 2009-06-07 | 4.3 | CVE-2009-0023 CONFIRM DEBIAN |
|
apache -- apr-util apache -- http_server |
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. | 2009-06-07 | 5.0 | CVE-2009-1955 DEBIAN CONFIRM MLIST |
|
apache -- apr-util |
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input. | 2009-06-07 | 6.4 | CVE-2009-1956 CONFIRM MLIST CONFIRM |
|
apple -- mac_os_x apple -- mac_os_x_server |
Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow. | 2009-06-05 | 6.8 | CVE-2009-1717 BID BUGTRAQ CONFIRM SECTRACK |
|
atlassian -- jira |
Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated using secure/AddComment!default.jspa (aka "Add Comment"). | 2009-06-08 | 4.3 | CVE-2008-6831 CONFIRM |
|
atlassian -- jira |
Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2009-06-08 | 6.8 | CVE-2008-6832 XF BID SECUNIA OSVDB |
|
cisco -- ironport_email_security_appliances cisco -- ironport_asyncos |
Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter. | 2009-06-05 | 4.3 | CVE-2009-1162 SECTRACK BID CONFIRM SECUNIA |
|
citrix -- web_interface |
The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the attacker must also have valid credentials to the Web Interface. | 2009-06-08 | 4.0 | CVE-2008-6830 VUPEN CONFIRM OSVDB |
|
claroline -- claroline |
Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header. | 2009-06-04 | 4.3 | CVE-2009-1907 BID CONFIRM |
|
claudio_klingler -- quixplorer tinywebgallery -- tinywebgallery |
Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php. | 2009-06-04 | 6.8 | CVE-2009-1911 BID |
|
cpcommerce -- cpcommerce |
_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, ro execute arbitrary PHP code or read arbitrary files, via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500. | 2009-06-05 | 6.8 | CVE-2009-1936 MILW0RM SECUNIA |
|
dokeos -- dokeos |
Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors. | 2009-06-08 | 6.8 | CVE-2009-2005 VUPEN CONFIRM |
|
dokeos -- dokeos |
Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. (dot dot) and a ..\ (dot dot backslash) in the lang parameter to main/exercice/hotspot_lang_conversion.php and (2) read arbitrary files via a .. (dot dot) in the doc_url parameter to main/exercice/Hpdownload.php. | 2009-06-08 | 5.0 | CVE-2009-2007 VUPEN CONFIRM |
|
dokeos -- dokeos |
Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2. | 2009-06-08 | 6.8 | CVE-2009-2008 VUPEN CONFIRM |
|
dokeos -- dokeos |
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to main/exercice/testheaderpage.php. | 2009-06-08 | 4.3 | CVE-2009-2009 VUPEN CONFIRM |
|
gstreamer -- good_plug-ins |
Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow. | 2009-06-04 | 6.8 | CVE-2009-1932 BID SECUNIA OSVDB CONFIRM |
|
haudenschilt -- family_connections_cms |
Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter. | 2009-06-08 | 6.5 | CVE-2009-2010 VUPEN BID BUGTRAQ MILW0RM SECUNIA |
|
hp -- discovery&dependency_mapping_inventory |
Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.0.0 through 2.52, 7.50, and 7.51 on Windows allows remote attackers to access DDMI agents via unknown vectors. | 2009-06-07 | 4.0 | CVE-2009-1419 HP HP |
|
ibm -- intregrated_solutions_console ibm -- websphere_application_server ibm -- websphere_portal |
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors. | 2009-06-03 | 4.3 | CVE-2009-0899 CONFIRM |
|
ibm -- websphere_application_server |
The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network. | 2009-06-03 | 5.0 | CVE-2009-1898 VUPEN CONFIRM |
|
ibm -- websphere_application_server |
The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 allow attackers to obtain sensitive information via unspecified vectors. | 2009-06-03 | 5.0 | CVE-2009-1900 VUPEN CONFIRM |
|
ibm -- db2 |
IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls. | 2009-06-03 | 4.9 | CVE-2008-2154 CONFIRM AIXAPAR AIXAPAR CONFIRM |
|
ibm -- db2 |
The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32. | 2009-06-03 | 4.3 | CVE-2009-1906 CONFIRM AIXAPAR AIXAPAR |
|
ibm -- filenet_content_manager ibm -- websphere_application_server oracle -- weblogic_application_server |
IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors. | 2009-06-07 | 4.6 | CVE-2009-1953 BID CONFIRM SECUNIA |
|
icq -- icq |
Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ICQ 6.5 allows remote attackers to cause a denial of service (persistent crash) and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash when browsing a folder that contains this file. | 2009-06-04 | 4.3 | CVE-2009-1915 XF BID BUGTRAQ MILW0RM |
|
irssi -- irssi |
Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow. | 2009-06-07 | 5.0 | CVE-2009-1959 MISC MLIST CONFIRM CONFIRM |
|
joomla -- joomla |
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel. | 2009-06-05 | 4.3 | CVE-2009-1938 BID |
|
joomla -- ja_purity |
Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2009-06-05 | 4.3 | CVE-2009-1939 XF BID SECUNIA OSVDB CONFIRM |
|
joomla -- joomla |
Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2009-06-05 | 4.3 | CVE-2009-1940 BID OSVDB CONFIRM |
|
lightneasy -- lightneasy |
Cross-site scripting (XSS) vulnerability in the comment posting feature in LightNEasy 2.2.1 "no database" (aka flat) and 2.2.2 SQLite allows remote attackers to inject arbitrary web script or HTML via the (1) commentname (aka Author), (2) commentemail (aka Email), and (3) commentmessage (aka Comment) parameters. NOTE: some of these details are obtained from third party information. | 2009-06-05 | 4.3 | CVE-2009-1937 BID BUGTRAQ SECUNIA MISC |
|
linux -- kernel |
The pci_register_iommu_region function in arch/sparc/kernel/pci_common.c in the Linux kernel before 2.6.29 on the sparc64 platform allows local users to cause a denial of service (system crash) by reading the /proc/iomem file, related to uninitialized pointers and the request_resource function. | 2009-06-04 | 4.9 | CVE-2009-1914 MLIST CONFIRM CONFIRM |
|
luxbum -- luxbum |
SQL injection vulnerability in manager.php in LuxBum 0.5.5, when magic_quotes_gpc is disabled and dotclear authentication is used, allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | 2009-06-04 | 5.1 | CVE-2009-1913 XF VUPEN BID MILW0RM SECUNIA |
|
mt312 -- img-bbs |
Cross-site scripting (XSS) vulnerability in MT312 IMG-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to model.php with a timestamp before 20090521. | 2009-06-02 | 4.3 | CVE-2009-1881 SECUNIA OSVDB JVNDB JVN |
|
openskip -- skip |
Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2009-06-04 | 4.3 | CVE-2009-1908 BID SECUNIA CONFIRM JVNDB JVN CONFIRM |
|
openssl -- openssl openssl_project -- openssl redhat -- openssl |
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. | 2009-06-04 | 5.0 | CVE-2009-1386 CONFIRM |
|
openssl -- openssl openssl_project -- openssl redhat -- openssl |
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." | 2009-06-04 | 5.0 | CVE-2009-1387 CONFIRM CONFIRM |
|
phpeasycode -- pad_site_scripts |
PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt. | 2009-06-05 | 5.0 | CVE-2009-1941 XF MILW0RM |
|
propertymaxpro -- propertymax_pro_free |
Cross-site scripting (XSS) vulnerability in index.php in PropertyMax Pro FREE 0.3 allows remote attackers to inject arbitrary web script or HTML via the pl parameter in a mi action. | 2009-06-05 | 4.3 | CVE-2009-1951 MILW0RM SECUNIA |
|
propertymaxpro -- propertymax_pro_free |
Multiple SQL injection vulnerabilities in the administrative login feature in PropertyMax Pro FREE 0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | 2009-06-05 | 6.8 | CVE-2009-1952 MILW0RM SECUNIA |
|
strongswan -- strongswan |
charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA request. | 2009-06-07 | 5.0 | CVE-2009-1957 CONFIRM CONFIRM |
|
strongswan -- strongswan |
charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector. | 2009-06-07 | 5.0 | CVE-2009-1958 CONFIRM CONFIRM |
|
sun -- opensolaris sun -- solaris |
Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, does not properly manage credential caches, which allows local users to access Kerberized NFS mount points and Kerberized NFS shares via unspecified vectors. | 2009-06-05 | 4.7 | CVE-2009-1933 SUNALERT CONFIRM |
|
sun -- java_system_web_server sun -- one_web_server |
Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error. | 2009-06-05 | 4.3 | CVE-2009-1934 SUNALERT CONFIRM |
|
symantec -- altiris_deployment_solution symantec -- altiris_notification_server |
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function. | 2009-06-08 | 6.8 | CVE-2008-6827 VUPEN CONFIRM MISC |
|
symantec -- altiris_deployment_solution |
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server. | 2009-06-08 | 4.3 | CVE-2008-6828 VUPEN CONFIRM |
|
unclassified -- newsboard |
Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard (UNB) 1.6.4, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to (1) read arbitrary recently-modified files via a .. (dot dot) in the GLOBALS[filename] parameter or (2) include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[UTE][__tplCollection][a][file] parameter. | 2009-06-05 | 5.1 | CVE-2009-1948 XF XF BID MILW0RM SECUNIA |
|
vicftps -- vicftps |
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash). NOTE: this might be the same issue as CVE-2008-2031. | 2009-06-08 | 5.0 | CVE-2008-6829 VUPEN MILW0RM |
|
vmware -- ace vmware -- esx vmware -- esxi vmware -- fusion vmware -- player vmware -- server vmware -- workstation |
Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors. | 2009-06-01 | 4.0 | CVE-2009-1805 CONFIRM |
|
webspell -- webspell |
Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php. | 2009-06-04 | 6.8 | CVE-2009-1912 CONFIRM CONFIRM CONFIRM BID OSVDB |
|
xfig -- xfig debian -- debian_linux |
Xfig in Debian GNU/Linux, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID. | 2009-06-07 | 4.4 | CVE-2009-1962 XF BID MLIST |
| Back to top | ||||
| Low Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
apache -- tomcat |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. | 2009-06-05 | 3.6 | CVE-2009-0783 CONFIRM BUGTRAQ CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
|
dokeos -- dokeos |
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content parameters in a new personal agenda item action; the (4) title and (5) tutor_name parameters in a new course action; and the (6) student and (7) course parameters to main/mySpace/myStudents.php. NOTE: vectors 2 and 3 might only be exploitable via a separate CSRF vulnerability. | 2009-06-08 | 2.6 | CVE-2009-2006 VUPEN CONFIRM |
|
drupal -- drupal |
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not properly handled in the "HTML exports of books" feature; and (2) allow remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via the help text of an arbitrary vocabulary. NOTE: vector 1 exists because of an incomplete fix for CVE-2009-1575. | 2009-06-01 | 3.5 | CVE-2009-1844 CONFIRM |
|
drupal -- quiz |
Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors. | 2009-06-05 | 3.5 | CVE-2009-1942 BID OSVDB CONFIRM CONFIRM |
|
ibm -- db2 |
The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors. | 2009-06-03 | 2.6 | CVE-2009-1905 CONFIRM CONFIRM CONFIRM AIXAPAR AIXAPAR AIXAPAR CONFIRM |
|
linux -- kernel |
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions. | 2009-06-07 | 1.9 | CVE-2009-1961 MLIST MLIST CONFIRM |
|
trixbox -- trixbox |
Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter. | 2009-06-05 | 3.6 | CVE-2008-6825 XF BID MILW0RM OSVDB FULLDISC |
| Back to top | ||||
PDF Version