US-CERT: United States Computer Emergency Readiness Team
National Cyber Alert System
Cyber Security Bulletin SB09-166
Last updated June 15, 2009
Cyber Security Bulletin SB09-166
Vulnerability Summary for the Week of June 8, 2009
|
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology ( NIST ) National Vulnerability Database ( NVD ) in the past week. The NVD is sponsored by the Department of Homeland Security ( DHS ) National Cyber Security Division ( NCSD ) / United States Computer Emergency Readiness Team ( US-CERT ). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System ( CVSS ) standard. The division of high, medium, and low severities correspond to the following scores:
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. |
| High Vulnerabilities (CVSS Score: 7.0 .. 10.0) | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
adobe -- acrobat adobe -- acrobat_reader |
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF file that contains JBIG2 text region segments with Huffman encoding. | 2009-06-11 | 9.3 | CVE-2009-0198 VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to execute arbitrary code via a crafted file that triggers memory corruption. | 2009-06-11 | 9.3 | CVE-2009-0509 VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889. | 2009-06-11 | 9.3 | CVE-2009-0510 VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889. | 2009-06-11 | 9.3 | CVE-2009-0511 VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0888, and CVE-2009-0889. | 2009-06-11 | 9.3 | CVE-2009-0512 VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0889. | 2009-06-11 | 9.3 | CVE-2009-0888 VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0888. | 2009-06-11 | 9.3 | CVE-2009-0889 VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block. | 2009-06-11 | 9.3 | CVE-2009-1855 VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows attackers to cause a denial of service or possibly execute arbitrary code via a PDF file containing unspecified parameters to the FlateDecode filter, which triggers a heap-based buffer overflow. | 2009-06-11 | 9.3 | CVE-2009-1856 VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a PDF document with a crafted TrueType font. | 2009-06-11 | 9.3 | CVE-2009-1857 VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. | 2009-06-11 | 9.3 | CVE-2009-1858 VUPEN CONFIRM SECUNIA |
|
adobe -- acrobat adobe -- acrobat_reader |
Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. | 2009-06-11 | 9.3 | CVE-2009-1859 VUPEN CONFIRM |
|
adobe -- acrobat adobe -- acrobat_reader |
Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file with a JPX (aka JPEG2000) stream that triggers heap memory corruption. | 2009-06-11 | 9.3 | CVE-2009-1861 CERT-VN |
|
adobe -- acrobat adobe -- acrobat_reader |
Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 have unknown impact and attack vectors, related to "Adobe internally discovered issues." | 2009-06-11 | 10.0 | CVE-2009-2028 CONFIRM |
|
ahmet_donmez -- webeyes_guest_book |
SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid parameter. | 2009-06-05 | 7.5 | CVE-2009-1950 MILW0RM SECUNIA |
|
apple -- safari |
WebKit in Apple Safari before 4.0 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | 2009-06-10 | 9.3 | CVE-2009-1686 VUPEN CONFIRM APPLE |
|
apple -- safari |
The JavaScript garbage collector in WebKit in Apple Safari before 4.0 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer." | 2009-06-10 | 9.3 | CVE-2009-1687 VUPEN SECTRACK |
|
apple -- safari |
Use after free vulnerability in WebKit, as used in Apple Safari before 4.0, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." | 2009-06-10 | 9.3 | CVE-2009-1690 VUPEN CONFIRM SECTRACK APPLE |
|
apple -- safari |
WebKit in Apple Safari before 4.0 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | 2009-06-10 | 9.3 | CVE-2009-1698 MISC VUPEN CONFIRM SECTRACK APPLE |
|
apple -- safari |
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack." | 2009-06-10 | 7.1 | CVE-2009-1699 VUPEN CONFIRM APPLE |
|
apple -- safari |
Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute. | 2009-06-10 | 9.3 | CVE-2009-1701 MISC VUPEN CONFIRM SECTRACK APPLE |
|
apple -- safari |
WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document. | 2009-06-10 | 7.1 | CVE-2009-1703 VUPEN CONFIRM APPLE |
|
apple -- safari |
CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file. | 2009-06-10 | 9.3 | CVE-2009-1704 VUPEN CONFIRM SECTRACK APPLE |
|
apple -- safari |
CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data. | 2009-06-10 | 9.3 | CVE-2009-1705 VUPEN BID CONFIRM APPLE |
|
apple -- safari |
Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call. | 2009-06-10 | 9.3 | CVE-2009-1708 VUPEN BID CONFIRM APPLE |
|
apple -- safari |
Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches." | 2009-06-10 | 9.3 | CVE-2009-1709 CONFIRM APPLE |
|
apple -- safari |
WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. | 2009-06-10 | 9.3 | CVE-2009-1711 VUPEN BID CONFIRM APPLE |
|
apple -- safari |
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. | 2009-06-10 | 9.3 | CVE-2009-1712 VUPEN BID CONFIRM SECTRACK APPLE |
|
apple -- safari |
The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors. | 2009-06-10 | 7.1 | CVE-2009-1713 CONFIRM APPLE |
|
apple -- safari |
WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page. | 2009-06-10 | 7.1 | CVE-2009-1718 VUPEN BID CONFIRM APPLE |
|
apple -- safari |
The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method. | 2009-06-10 | 7.2 | CVE-2009-2027 CONFIRM APPLE |
|
ascadnetworks -- password_protector_sd |
Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin." | 2009-06-08 | 7.5 | CVE-2009-2003 BID MILW0RM |
|
dokeos -- dokeos |
Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902. | 2009-06-08 | 7.5 | CVE-2009-2004 VUPEN CONFIRM |
|
dutchmonkey -- dm_filemanager |
admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values. | 2009-06-09 | 7.5 | CVE-2009-2025 VUPEN MILW0RM SECUNIA |
|
frontisgroup -- frontis |
SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3.9.01.24 allows remote attackers to execute arbitrary SQL commands via the source_class parameter in a browse_classes action. | 2009-06-09 | 7.5 | CVE-2009-2013 MILW0RM SECUNIA |
|
geekbill -- open_biller |
SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 2009-06-12 | 7.5 | CVE-2009-2036 BUGTRAQ MILW0RM |
|
hp -- openview_network_node_manager |
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when used with SNMP (aka HPOvNNM.HPOVSNMP) before 1.30.009 and MIB (aka HPOvNNM.HPOVMIB) before 1.30.009, allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors. | 2009-06-11 | 10.0 | CVE-2009-1420 BID SECTRACK HP HP |
|
ideal -- com_moofaq |
Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter . | 2009-06-09 | 7.5 | CVE-2009-2015 BID MILW0RM |
|
joomla -- com_school |
SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php. | 2009-06-09 | 7.5 | CVE-2009-2014 XF BID MILW0RM |
|
mhfmedia -- ads_pro |
dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages. | 2009-06-08 | 10.0 | CVE-2008-6826 XF BID MILW0RM SECUNIA OSVDB |
|
microsoft -- iis |
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability." | 2009-06-10 | 7.6 | CVE-2009-1535 MS MISC MISC MISC MISC FULLDISC FULLDISC FULLDISC |
|
microsoft -- windows_2000 |
Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability." | 2009-06-10 | 10.0 | CVE-2009-0228 MS |
|
microsoft -- windows_2000 microsoft -- windows_2003_server microsoft -- windows_server microsoft -- windows_server_2008 microsoft -- windows_vista microsoft -- windows_xp |
The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." | 2009-06-10 | 9.0 | CVE-2009-0230 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_word microsoft -- office_word_viewer microsoft -- open_xml_file_format_converter |
Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability." | 2009-06-10 | 9.3 | CVE-2009-0563 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_word microsoft -- office_word_viewer microsoft -- open_xml_file_format_converter |
Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability." | 2009-06-10 | 9.3 | CVE-2009-0565 MS |
|
microsoft -- windows_2000 microsoft -- windows_2003_server microsoft -- windows_server microsoft -- windows_server_2008 microsoft -- windows_vista microsoft -- windows_xp |
The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability." | 2009-06-10 | 10.0 | CVE-2009-0568 MS |
|
microsoft -- windows_2000 |
The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. | 2009-06-10 | 10.0 | CVE-2009-1138 MS |
|
microsoft -- adam microsoft -- windows_2000 microsoft -- windows_server_2003 |
Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability." | 2009-06-10 | 7.8 | CVE-2009-1139 MS |
|
microsoft -- office microsoft -- office_xp microsoft -- works microsoft -- office_system_2007 |
Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability." | 2009-06-10 | 9.3 | CVE-2009-1533 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_excel microsoft -- office_excel_viewer microsoft -- office_sharepoint_server microsoft -- open_xml_file_format_converter |
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Record Pointer Corruption Vulnerability." | 2009-06-10 | 9.3 | CVE-2009-0549 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_excel microsoft -- office_excel_viewer microsoft -- office_sharepoint_server microsoft -- open_xml_file_format_converter |
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability." | 2009-06-10 | 9.3 | CVE-2009-0557 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_excel microsoft -- office_excel_viewer microsoft -- office_sharepoint_server microsoft -- open_xml_file_format_converter |
Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability." | 2009-06-10 | 9.3 | CVE-2009-0558 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_excel microsoft -- office_excel_viewer microsoft -- office_sharepoint_server microsoft -- open_xml_file_format_converter |
Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability." | 2009-06-10 | 9.3 | CVE-2009-0559 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_excel microsoft -- office_excel_viewer microsoft -- office_sharepoint_server microsoft -- open_xml_file_format_converter |
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Field Sanitization Memory Corruption Vulnerability." | 2009-06-10 | 9.3 | CVE-2009-0560 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_excel microsoft -- office_excel_viewer microsoft -- office_sharepoint_server microsoft -- open_xml_file_format_converter |
Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka "Record Integer Overflow Vulnerability." | 2009-06-10 | 9.3 | CVE-2009-0561 MS |
|
microsoft -- iis |
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability." | 2009-06-10 | 7.6 | CVE-2009-1122 MS |
|
microsoft -- windows_2000 microsoft -- windows_server_2003 microsoft -- windows_server_2008 microsoft -- windows_vista microsoft -- windows_xp |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability." | 2009-06-10 | 7.2 | CVE-2009-1123 MS |
|
microsoft -- windows_2000 microsoft -- windows_server_2003 microsoft -- windows_server_2008 microsoft -- windows_vista microsoft -- windows_xp |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability." | 2009-06-10 | 7.2 | CVE-2009-1124 MS |
|
microsoft -- windows_2000 microsoft -- windows_server_2003 microsoft -- windows_server_2008 microsoft -- windows_vista microsoft -- windows_xp |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability." | 2009-06-10 | 7.2 | CVE-2009-1125 MS |
|
microsoft -- windows_2000 microsoft -- windows_server_2003 microsoft -- windows_server_2008 microsoft -- windows_vista microsoft -- windows_xp |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability." | 2009-06-10 | 7.2 | CVE-2009-1126 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_excel microsoft -- office_excel_viewer microsoft -- office_sharepoint_server microsoft -- open_xml_file_format_converter |
Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "Record Pointer Corruption Vulnerability." | 2009-06-10 | 9.3 | CVE-2009-1134 MS |
|
microsoft -- ie |
Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability." | 2009-06-10 | 7.1 | CVE-2009-1140 MS |
|
microsoft -- ie |
Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability." | 2009-06-10 | 9.3 | CVE-2009-1141 MS |
|
microsoft -- ie |
Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka "HTML Object Memory Corruption Vulnerability." | 2009-06-10 | 9.3 | CVE-2009-1528 MS |
|
microsoft -- ie |
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability." | 2009-06-10 | 9.3 | CVE-2009-1529 MS |
|
microsoft -- ie microsoft -- internet_explorer |
Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability." | 2009-06-10 | 9.3 | CVE-2009-1530 MS |
|
microsoft -- ie |
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Object Memory Corruption Vulnerability." | 2009-06-10 | 9.3 | CVE-2009-1531 MS |
|
microsoft -- ie |
Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references" that trigger an access of an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Objects Memory Corruption Vulnerability" or "HTML Object Memory Corruption Vulnerability." | 2009-06-10 | 9.3 | CVE-2009-1532 MS |
|
microsoft -- office_powerpoint |
Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow. | 2009-06-11 | 9.3 | CVE-2009-0202 XF |
|
safenet-inc -- softremote safenet-inc -- softremote1.4 |
Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet SoftRemote before 10.8.6 allows remote attackers to execute arbitrary code via a long request to UDP port 62514. | 2009-06-05 | 10.0 | CVE-2009-1943 VUPEN |
|
sun -- jdk ibm -- os/400 |
Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH." | 2009-06-11 | 10.0 | CVE-2009-2030 VUPEN AIXAPAR AIXAPAR |
|
tzo -- webcal |
SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 allows remote attackers to execute arbitrary SQL commands via the event_id parameter. | 2009-06-05 | 7.5 | CVE-2009-1945 XF MILW0RM SECUNIA |
|
virtuenetz -- virtue_shopping_mall |
SQL injection vulnerability in products.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 2009-06-09 | 7.5 | CVE-2009-2016 MILW0RM SECUNIA |
|
virtuenetz -- virtue_book_store |
SQL injection vulnerability in products.php in Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 2009-06-09 | 7.5 | CVE-2009-2017 MILW0RM SECUNIA |
|
virtuenetz -- virtue_news_manager |
SQL injection vulnerability in news_detail.php in Virtue News Manager allows remote attackers to execute arbitrary SQL commands via the nid parameter. | 2009-06-09 | 7.5 | CVE-2009-2019 VUPEN MILW0RM SECUNIA |
|
virtuenetz -- virtue_classifieds |
SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter. | 2009-06-09 | 7.5 | CVE-2009-2021 VUPEN MILW0RM SECUNIA |
| Back to top | ||||
| Medium Vulnerabilities (CVSS Score: 4.0 .. 6.9) | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
| online grades | Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) GLOBALS[SKIN] parameter to index.php and the (2) skin parameter to admin/admin.php. | 2009-06-12 | 6.8 | CVE-2009-2037 XF XF MILW0RM |
|
apache -- tomcat |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. | 2009-06-05 | 5.0 | CVE-2009-0033 VUPEN BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
|
apache -- tomcat |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. | 2009-06-05 | 4.3 | CVE-2009-0580 VUPEN CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
|
apache -- apr-util |
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, related to an "underflow flaw." | 2009-06-07 | 4.3 | CVE-2009-0023 CONFIRM DEBIAN |
|
apache -- apr-util apache -- http_server |
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. | 2009-06-07 | 5.0 | CVE-2009-1955 DEBIAN CONFIRM MLIST |
|
apache -- apr-util |
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input. | 2009-06-07 | 6.4 | CVE-2009-1956 CONFIRM MLIST CONFIRM |
|
apple -- cups |
Multiple integer overflows in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. | 2009-06-09 | 6.8 | CVE-2009-0791 CONFIRM |
|
apple -- cups |
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. | 2009-06-09 | 5.0 | CVE-2009-0949 DEBIAN |
|
apple -- cups |
The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw." | 2009-06-09 | 5.0 | CVE-2009-1196 CONFIRM |
|
apple -- safari |
WebKit in Apple Safari before 4.0 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document. | 2009-06-10 | 4.3 | CVE-2009-1681 VUPEN CONFIRM APPLE |
|
apple -- safari |
Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. | 2009-06-10 | 4.3 | CVE-2009-1682 VUPEN BID CONFIRM APPLE |
|
apple -- safari |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. | 2009-06-10 | 4.3 | CVE-2009-1684 VUPEN CONFIRM SECTRACK APPLE |
|
apple -- safari |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document. | 2009-06-10 | 4.3 | CVE-2009-1685 VUPEN CONFIRM SECTRACK APPLE |
|
apple -- safari |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method." | 2009-06-10 | 4.3 | CVE-2009-1688 VUPEN CONFIRM SECTRACK APPLE |
|
apple -- safari |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement. | 2009-06-10 | 4.3 | CVE-2009-1689 VUPEN BID CONFIRM APPLE |
|
apple -- safari |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript prototypes in other domains. | 2009-06-10 | 4.3 | CVE-2009-1691 VUPEN BID CONFIRM APPLE |
|
apple -- safari |
WebKit in Apple Safari before 4.0 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." | 2009-06-10 | 5.8 | CVE-2009-1693 VUPEN BID CONFIRM APPLE |
|
apple -- safari |
WebKit in Apple Safari before 4.0 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue." | 2009-06-10 | 5.8 | CVE-2009-1694 VUPEN |
|
apple -- safari |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition. | 2009-06-10 | 4.3 | CVE-2009-1695 VUPEN CONFIRM SECTRACK APPLE |
|
apple -- safari |
WebKit in Apple Safari before 4.0 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session. | 2009-06-10 | 5.0 | CVE-2009-1696 VUPEN CONFIRM APPLE |
|
apple -- safari |
CRLF injection vulnerability in WebKit in Apple Safari before 4.0 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header. | 2009-06-10 | 4.3 | CVE-2009-1697 VUPEN CONFIRM SECTRACK APPLE |
|
apple -- safari |
The XSLT implementation in WebKit in Apple Safari before 4.0 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. | 2009-06-10 | 4.3 | CVE-2009-1700 VUPEN CONFIRM APPLE |
|
apple -- safari |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects. | 2009-06-10 | 4.3 | CVE-2009-1702 VUPEN CONFIRM SECTRACK APPLE |
|
apple -- safari |
The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie. | 2009-06-10 | 5.0 | CVE-2009-1706 VUPEN BID CONFIRM APPLE |
|
apple -- safari |
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes. | 2009-06-10 | 4.3 | CVE-2009-1714 VUPEN BID CONFIRM APPLE |
|
apple -- safari |
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges. | 2009-06-10 | 4.3 | CVE-2009-1715 VUPEN CONFIRM SECTRACK APPLE |
|
atlassian -- jira |
Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated using secure/AddComment!default.jspa (aka "Add Comment"). | 2009-06-08 | 4.3 | CVE-2008-6831 CONFIRM |
|
atlassian -- jira |
Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2009-06-08 | 6.8 | CVE-2008-6832 XF BID SECUNIA OSVDB |
|
cisco -- ironport_email_security_appliances cisco -- ironport_asyncos |
Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter. | 2009-06-05 | 4.3 | CVE-2009-1162 XF SECTRACK BID CONFIRM SECUNIA OSVDB |
|
citrix -- web_interface |
The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the attacker must also have valid credentials to the Web Interface. | 2009-06-08 | 4.0 | CVE-2008-6830 VUPEN CONFIRM OSVDB |
|
dokeos -- dokeos |
Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors. | 2009-06-08 | 6.8 | CVE-2009-2005 VUPEN CONFIRM |
|
dokeos -- dokeos |
Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. (dot dot) and a ..\ (dot dot backslash) in the lang parameter to main/exercice/hotspot_lang_conversion.php and (2) read arbitrary files via a .. (dot dot) in the doc_url parameter to main/exercice/Hpdownload.php. | 2009-06-08 | 5.0 | CVE-2009-2007 VUPEN CONFIRM |
|
dokeos -- dokeos |
Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2. | 2009-06-08 | 6.8 | CVE-2009-2008 VUPEN CONFIRM |
|
dokeos -- dokeos |
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to main/exercice/testheaderpage.php. | 2009-06-08 | 4.3 | CVE-2009-2009 VUPEN CONFIRM |
|
drupal -- services_module_for_drupal |
Unspecified vulnerability in Services 6.x before 6.x-0.14, a module for Drupal, when key-based access is enabled, allows remote attackers to read or add keys and access unauthorized services via unspecified vectors. | 2009-06-12 | 6.4 | CVE-2009-2035 OSVDB CONFIRM CONFIRM |
|
fipsasp -- fipscms_light |
fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for _fipsdb/db.mdb. | 2009-06-09 | 5.0 | CVE-2009-2022 XF MILW0RM |
|
haudenschilt -- family_connections_cms |
Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter. | 2009-06-08 | 6.5 | CVE-2009-2010 VUPEN BID BUGTRAQ MILW0RM SECUNIA |
|
hp -- discovery&dependency_mapping_inventory |
Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.0.0 through 2.52, 7.50, and 7.51 on Windows allows remote attackers to access DDMI agents via unknown vectors. | 2009-06-07 | 4.0 | CVE-2009-1419 HP HP |
|
jaredeckersley -- mycars |
SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authuserid parameter. | 2009-06-09 | 6.8 | CVE-2009-2018 XF VUPEN MILW0RM SECUNIA |
|
joomla -- joomla |
Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2009-06-05 | 4.3 | CVE-2009-1939 BID |
|
microsoft -- windows_2000 microsoft -- windows_2003_server microsoft -- windows_server_2008 microsoft -- windows_vista microsoft -- windows_xp |
The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." | 2009-06-10 | 4.9 | CVE-2009-0229 MS |
|
microsoft -- windows_search |
Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability." | 2009-06-10 | 4.3 | CVE-2009-0239 MS |
|
pagedowntech -- pdshoppro |
Cross-site scripting (XSS) vulnerability in search.asp in PDshopPro, when downloaded before 20070308, allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 2009-06-12 | 4.3 | CVE-2009-2032 SECUNIA MISC |
|
rasterbar_software -- libtorrent |
Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file. | 2009-06-11 | 5.8 | CVE-2009-1760 XF VUPEN BID BUGTRAQ CONFIRM MISC |
|
ricardo_alexandre_de_oliveira_staudt -- yogurt |
Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 2009-06-12 | 4.3 | CVE-2009-2033 BID MILW0RM |
|
ricardo_alexandre_de_oliveira_staudt -- yogurt |
SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter. | 2009-06-12 | 6.0 | CVE-2009-2034 BID MILW0RM |
|
ruby-lang -- ruby |
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. | 2009-06-11 | 5.0 | CVE-2009-1904 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
|
shop-script -- shop-script |
SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter. | 2009-06-09 | 6.8 | CVE-2009-2023 VUPEN MILW0RM SECUNIA |
|
strongswan -- strongswan |
charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA request. | 2009-06-07 | 5.0 | CVE-2009-1957 CONFIRM CONFIRM |
|
strongswan -- strongswan |
charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector. | 2009-06-07 | 5.0 | CVE-2009-1958 CONFIRM CONFIRM |
|
sun -- opensolaris sun -- solaris |
Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, does not properly manage credential caches, which allows local users to access Kerberized NFS mount points and Kerberized NFS shares via unspecified vectors. | 2009-06-05 | 4.7 | CVE-2009-1933 SUNALERT CONFIRM |
|
sun -- java_system_web_server sun -- one_web_server |
Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error. | 2009-06-05 | 4.3 | CVE-2009-1934 SUNALERT CONFIRM |
|
sun -- opensolaris sun -- solaris |
Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks. | 2009-06-11 | 5.0 | CVE-2009-2029 SUNALERT CONFIRM |
|
symantec -- altiris_deployment_solution symantec -- altiris_notification_server |
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function. | 2009-06-08 | 6.8 | CVE-2008-6827 VUPEN CONFIRM MISC |
|
symantec -- altiris_deployment_solution |
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server. | 2009-06-08 | 4.3 | CVE-2008-6828 VUPEN CONFIRM |
|
vicftps -- vicftps |
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash). NOTE: this might be the same issue as CVE-2008-2031. | 2009-06-08 | 5.0 | CVE-2008-6829 VUPEN MILW0RM |
|
virtuenetz -- virtue_news_manager |
Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue News Manager allows remote attackers to inject arbitrary web script or HTML via the nid parameter. | 2009-06-09 | 4.3 | CVE-2009-2020 VUPEN MILW0RM |
|
vt.rovno -- asp_vt_auth |
Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt. | 2009-06-09 | 5.0 | CVE-2009-2024 XF MILW0RM |
|
xfig -- xfig debian -- debian_linux |
Xfig in Debian GNU/Linux, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID. | 2009-06-07 | 4.4 | CVE-2009-1962 XF BID MLIST SECUNIA |
| Back to top | ||||
| Low Vulnerabilities (CVSS Score: 0.0 .. 3.9) | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
apache -- tomcat |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. | 2009-06-05 | 3.6 | CVE-2009-0783 CONFIRM BUGTRAQ CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
|
apple -- safari |
Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors. | 2009-06-10 | 1.2 | CVE-2009-1707 VUPEN CONFIRM APPLE |
|
apple -- safari |
WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property. | 2009-06-10 | 2.6 | CVE-2009-1710 VUPEN BID CONFIRM APPLE |
|
apple -- safari |
CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files. | 2009-06-10 | 2.1 | CVE-2009-1716 VUPEN BID CONFIRM APPLE |
|
dokeos -- dokeos |
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content parameters in a new personal agenda item action; the (4) title and (5) tutor_name parameters in a new course action; and the (6) student and (7) course parameters to main/mySpace/myStudents.php. NOTE: vectors 2 and 3 might only be exploitable via a separate CSRF vulnerability. | 2009-06-08 | 2.6 | CVE-2009-2006 VUPEN CONFIRM |
|
ebay -- enhanced_picture_uploader_activex_control |
eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property. | 2009-06-09 | 0.0 | CVE-2008-2475 CERT-VN |
|
linux -- kernel |
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions. | 2009-06-07 | 1.9 | CVE-2009-1961 MLIST MLIST CONFIRM |
|
sun -- opensolaris |
Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through snv_110, when a CIFS server is enabled, allows local users to cause a denial of service (idpmapd daemon crash and idmapd outage) via unknown vectors. | 2009-06-09 | 1.9 | CVE-2009-2012 BID SUNALERT |
|
sun -- opensolaris |
smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount permissions are used, allows local users to read arbitrary files, and list arbitrary directories, on CIFS volumes. | 2009-06-11 | 2.1 | CVE-2009-2031 BID SUNALERT |
|
ubuntu -- 73-oubuntu ubuntu -- ubuntu |
The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root. | 2009-06-09 | 1.9 | CVE-2009-1296 UBUNTU SECTRACK SECUNIA |
| Back to top | ||||
PDF Version