Bulletin (SB09-180)
Vulnerability Summary for the Week of June 22, 2009
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. |
High Vulnerabilities | ||||
---|---|---|---|---|
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
adobe -- shockwave_player |
Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content. | 2009-06-24 | 9.3 | CVE-2009-1860 CONFIRM |
adobe -- shockwave_player |
Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2009-1860. | 2009-06-24 | 9.3 | CVE-2009-2186 CONFIRM |
apple -- iphone_os |
Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials. | 2009-06-19 | 7.1 | CVE-2009-0958 CONFIRM |
apple -- iphone_os |
The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue." | 2009-06-19 | 7.1 | CVE-2009-0959 CONFIRM |
apple -- iphone_os |
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL. | 2009-06-19 | 7.8 | CVE-2009-0960 CONFIRM |
apple -- iphone_os |
The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue." | 2009-06-19 | 7.8 | CVE-2009-1683 CONFIRM |
apple -- iphone_os |
WebKit in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a web page containing an HTMLSelectElement object with a large length attribute. | 2009-06-19 | 7.1 | CVE-2009-1692 VUPEN BID BID CONFIRM OSVDB APPLE |
campusvirtualcomputrade -- campus_virtual-lms |
SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2009-06-22 | 7.5 | CVE-2009-2148 VUPEN MILW0RM |
campware.org -- campsite |
Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the GLOBALS[g_campsiteDir] parameter. | 2009-06-23 | 7.5 | CVE-2009-2183 MILW0RM |
cisco -- physical_access_gateway |
Memory leak on the Cisco Physical Access Gateway with software before 1.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified TCP packets. | 2009-06-24 | 7.8 | CVE-2009-1163 CISCO |
cisco -- video_surveillance_stream_manager |
The Cisco Video Surveillance Stream Manager firmware before 5.3, as used on Cisco Video Surveillance Services Platforms and Video Surveillance Integrated Services Platforms, allows remote attackers to cause a denial of service (reboot) via a malformed payload in a UDP packet to port 37000, related to the xvcrman process, aka Bug ID CSCsj47924. | 2009-06-24 | 7.8 | CVE-2009-2045 CISCO |
edgewall -- firestats firestats -- firestats |
SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2009-06-22 | 7.5 | CVE-2009-2144 CONFIRM |
edraw -- pdf_viewer_component |
Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder. | 2009-06-22 | 9.3 | CVE-2009-2169 SECUNIA FULLDISC |
egyplus -- 7ammel |
cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters. | 2009-06-22 | 7.5 | CVE-2009-2168 MILW0RM |
firestats -- firestats |
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter. | 2009-06-22 | 7.5 | CVE-2009-2143 CONFIRM |
foxitsoftware -- foxit_reader foxitsoftware -- jpeg2000/jbig2_decoder_add-on |
The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an out-of-bounds read. | 2009-06-23 | 9.3 | CVE-2009-0690 CERT-VN |
foxitsoftware -- foxit_reader foxitsoftware -- jpeg2000_jbig2_decoder_add-on |
The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access. | 2009-06-23 | 9.3 | CVE-2009-0691 CERT-VN VUPEN BID CONFIRM |
fuzzylime -- fuzzylime_(cms) |
Directory traversal vulnerability in commsrss.php in fuzzylime (cms) before 3.01b allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a files array element for a blogs action, as demonstrated by the files[0] parameter. | 2009-06-22 | 10.0 | CVE-2008-6833 XF MILW0RM SECUNIA |
fuzzylime -- fuzzylime_(cms) |
Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/commupdate.php in a count action or (2) the heads parameter to code/newsheads.php. NOTE: the blog.php vector is already covered by CVE-2008-3164. | 2009-06-22 | 10.0 | CVE-2008-6834 MILW0RM |
fuzzylime -- fuzzylime_cms |
Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php. | 2009-06-23 | 7.5 | CVE-2009-2176 XF BID MILW0RM SECUNIA OSVDB OSVDB |
google -- chrome |
Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted response. | 2009-06-23 | 9.3 | CVE-2009-2121 SECUNIA CONFIRM CONFIRM |
ibm -- websphere_application_server |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application. | 2009-06-24 | 7.5 | CVE-2009-0903 AIXAPAR AIXAPAR |
isabela_gasparini -- adaptweb |
SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action. | 2009-06-22 | 7.5 | CVE-2009-2152 MILW0RM |
mozilla -- seamonkey mozilla -- thunderbird |
Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type. | 2009-06-25 | 9.3 | CVE-2009-2210 BID CONFIRM |
phpwebthings -- phpwebthings |
SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2009-06-22 | 7.5 | CVE-2009-2147 XF BID MILW0RM SECUNIA |
rs-cms -- rs-cms |
SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the key parameter. | 2009-06-24 | 7.5 | CVE-2009-2209 VUPEN MILW0RM |
samba -- samba |
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. | 2009-06-24 | 9.3 | CVE-2009-1886 VUPEN BID CONFIRM CONFIRM |
serendipitynz -- serene_bach |
SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id. | 2009-06-22 | 7.5 | CVE-2009-2165 BID CONFIRM SECUNIA JVNDB JVN |
sun -- opensolaris sun -- solaris |
Unspecified vulnerability in the TCP/IP networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_117, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. | 2009-06-19 | 7.8 | CVE-2009-2136 SUNALERT CONFIRM |
sun -- opensolaris sun -- solaris |
Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka n2cp) in Sun Solaris 10, and OpenSolaris snv_54 through snv_112, allows context-dependent attackers to cause a denial of service (memory consumption) via unspecified vectors related to a large keylen value. | 2009-06-19 | 7.8 | CVE-2009-2137 SUNALERT CONFIRM |
torrenttrader -- torrenttrader_classic |
account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack. | 2009-06-22 | 7.5 | CVE-2009-2158 XF MISC BID BUGTRAQ MILW0RM |
w2b -- phpdatingclub |
SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter. | 2009-06-23 | 7.5 | CVE-2009-2179 MILW0RM |
zipstore -- zip_store_chat |
Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters. | 2009-06-22 | 7.5 | CVE-2009-2142 VUPEN MILW0RM SECUNIA |
Back to top |
Medium Vulnerabilities | ||||
---|---|---|---|---|
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
4homepages -- 4images |
Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter. | 2009-06-19 | 6.8 | CVE-2009-2132 CONFIRM SECUNIA MISC |
adaptweb -- adaptweb |
Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the newlang parameter. | 2009-06-22 | 5.0 | CVE-2009-2151 MILW0RM |
apple -- iphone_os |
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert. | 2009-06-19 | 5.0 | CVE-2009-0961 CONFIRM |
apple -- iphone_os |
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy. | 2009-06-19 | 6.9 | CVE-2009-1679 CONFIRM |
campusvirtualcomputrade -- campus_virtual-lms |
Multiple cross-site scripting (XSS) vulnerabilities in Campus Virtual-LMS allow remote attackers to inject arbitrary web script or HTML via the (1) courseid parameter to enrolments/step1.php, or the (2) search or (3) siteid parameter to files/shared_list.php. | 2009-06-22 | 4.3 | CVE-2009-2149 VUPEN MILW0RM |
campusvirtualcomputrade -- campus_virtual-lms |
Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a (2) ADD or (3) DELETE action to enrolments/step2.php. | 2009-06-22 | 6.8 | CVE-2009-2150 MILW0RM |
campware.org -- campsite |
Cross-site scripting (XSS) vulnerability in admin-files/templates/list_dir.php in Campsite 3.3.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the listbasedir parameter. | 2009-06-23 | 4.3 | CVE-2009-2181 MILW0RM |
cisco -- video_surveillance_2500_series_ip_camera |
The embedded web server on the Cisco Video Surveillance 2500 Series IP Camera with firmware before 2.1 allows remote attackers to read arbitrary files via a (1) http or (2) https request, related to the (a) SD Camera Web Server and the (b) Wireless Camera HTTP Server, aka Bug IDs CSCsu05515 and CSCsr96497. | 2009-06-24 | 6.8 | CVE-2009-2046 CISCO |
cisco -- adaptive_security_appliance cisco -- adaptive_security_appliance |
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694. | 2009-06-25 | 4.3 | CVE-2009-1201 MISC BID BUGTRAQ |
cisco -- adaptive_security_appliance cisco -- adaptive_security_appliance |
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705. | 2009-06-25 | 4.3 | CVE-2009-1202 BID BUGTRAQ |
cisco -- adaptive_security_appliance cisco -- adaptive_security_appliance |
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709. | 2009-06-25 | 6.0 | CVE-2009-1203 BID BUGTRAQ |
citrix -- secure_gateway |
The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an unspecified request. | 2009-06-25 | 5.0 | CVE-2009-2214 XF VUPEN SECTRACK BID CONFIRM |
david_degner -- phpcollegeexchange |
Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php, (2) i_nav.php, (3) user_new_2.php, or (4) house/myrents.php; or (5) allbooks.php, (6) home.php, or (7) mybooks.php in books/. NOTE: house/myrents.php was also separately reported as a local file inclusion issue. | 2009-06-25 | 6.8 | CVE-2009-2218 MILW0RM SECUNIA |
david_degner -- phpcollegeexchange |
Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php; or the (2) home parameter to (d) i_head.php or (e) i_nav.php, or (f) allbooks.php, (g) home.php, or (h) i_nav.php in books/. | 2009-06-25 | 4.3 | CVE-2009-2219 MILW0RM SECUNIA |
dream -- radio_and_tv_player_addon_for_vbulletin |
Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter. | 2009-06-23 | 4.3 | CVE-2009-2172 BID MILW0RM |
egyplus -- 7ammel |
Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | 2009-06-22 | 6.8 | CVE-2009-2167 XF VUPEN MILW0RM |
elvinbts -- elvinbts |
delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs. | 2009-06-19 | 4.0 | CVE-2009-2125 CONFIRM |
freebsd -- freebsd |
FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable IPv6 network interfaces, as demonstrated by modifying the MTU. | 2009-06-24 | 4.6 | CVE-2009-2208 BID FREEBSD |
fuzzylime -- fuzzylime_cms |
code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to condut directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a "../" value. | 2009-06-23 | 6.8 | CVE-2009-2177 XF BID MILW0RM SECUNIA OSVDB |
gravy-media -- media_photo_host |
Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" (slash) in the file password parameter. | 2009-06-23 | 5.0 | CVE-2009-2184 MILW0RM |
gupnp -- gupnp |
GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message. | 2009-06-23 | 5.0 | CVE-2009-2174 FEDORA FEDORA VUPEN BID OSVDB |
henning_makholm -- xcftools |
Stack-based buffer overflow in the flattenIncrementally function in flatten.c in xcftools 1.0.4, as reachable from the (1) xcf2pnm and (2) xcf2png utilities, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image that causes a consersion to a location "above or to the left of the canvas." NOTE: some of these details are obtained from third party information. | 2009-06-23 | 4.3 | CVE-2009-2175 CONFIRM |
ibm -- rational_clearquest |
Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2009-06-25 | 4.3 | CVE-2009-2211 AIXAPAR |
ibm -- rational_clearquest |
The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors. | 2009-06-25 | 5.0 | CVE-2009-2212 AIXAPAR |
jbmc-software -- directadmin |
Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request. | 2009-06-25 | 4.3 | CVE-2009-2216 XF VUPEN BID SECUNIA MISC |
kjtechforce -- mailman |
Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php. | 2009-06-22 | 6.8 | CVE-2009-2164 BUGTRAQ MILW0RM MILW0RM |
mahara -- mahara |
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | 2009-06-23 | 4.3 | CVE-2009-2170 CONFIRM |
mahara -- mahara |
Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact. | 2009-06-23 | 4.0 | CVE-2009-2171 CONFIRM |
ocsinventory-ng -- ocs_inventory_ng |
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter. | 2009-06-22 | 5.0 | CVE-2009-2166 XF |
openswan -- openswan strongswan -- strongswan |
The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string. | 2009-06-24 | 5.0 | CVE-2009-2185 BID |
pantha -- translucid |
Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI, and the (c) NodeID parameter to the default URI for the admin section; and allow remote authenticated users to inject arbitrary web script or HTML via the (d) Title (aka page name) and (e) Url fields in a (1) new or (2) modified page. | 2009-06-22 | 4.3 | CVE-2009-2145 MISC |
pc4arb -- pc4_uploader |
Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) absolute path in the file parameter. | 2009-06-23 | 5.0 | CVE-2009-2180 MILW0RM |
phantom-inker -- nbbc |
Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via an invalid URL in a BBCode img tag. | 2009-06-25 | 4.3 | CVE-2009-2217 CONFIRM CONFIRM MISC |
php.s3.to -- php-i-board |
Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2009-06-26 | 4.3 | CVE-2009-2221 SECUNIA CONFIRM JVNDB JVN |
php.s3.to -- php-i-board |
Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors, probably related to mail. | 2009-06-26 | 5.0 | CVE-2009-2222 SECUNIA CONFIRM JVNDB JVN |
pivot -- pivot |
Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.40.4 and 1.40.7 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) sort parameter to pivot/index.php, (3) the value of a check array parameter in a delete action to pivot/index.php, (4) the element name in a check array parameter in a delete action to pivot/index.php, (5) the edituser parameter in an edituser action to pivot/index.php, (6) the edit parameter in a templates action to pivot/index.php, (7) the blog parameter in a blog_edit1 action to pivot/index.php, (8) the cat parameter in a cat_edit action to pivot/index.php, (9) a certain form field in a doaction=1 request to pivot/index.php, (10) the url field in a my_weblog edit_prefs action to pivot/user.php, or (11) the username (aka name) field in a my_weblog reg_user action to pivot/user.php. | 2009-06-19 | 4.3 | CVE-2009-2133 XF XF BID BUGTRAQ MILW0RM SECUNIA OSVDB OSVDB MISC |
pivot -- pivot |
pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message. | 2009-06-19 | 5.0 | CVE-2009-2134 BUGTRAQ MILW0RM MISC |
samba -- samba |
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. | 2009-06-24 | 5.8 | CVE-2009-1888 VUPEN CONFIRM CONFIRM CONFIRM CONFIRM |
sappy.dk -- impleo_music_collection |
Cross-site scripting (XSS) vulnerability in index.php in Impleo Music Collection 2.0 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. | 2009-06-22 | 4.3 | CVE-2009-2153 MILW0RM |
sappy.dk -- impleo_music_collection |
SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | 2009-06-22 | 6.8 | CVE-2009-2154 MILW0RM |
sitecore -- cms |
Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter. | 2009-06-22 | 4.3 | CVE-2009-2163 BUGTRAQ BUGTRAQ SECUNIA MISC |
sugarcrm -- sugarcrm |
Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name. | 2009-06-22 | 6.0 | CVE-2009-2146 MISC CONFIRM BID SECUNIA |
sun -- opensolaris sun -- solaris |
Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions. | 2009-06-19 | 4.9 | CVE-2009-2135 SUNALERT CONFIRM |
sun -- opensolaris sun -- solaris |
Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ and (b) DL_DISABMULTI_REQ messages with ARP messages. | 2009-06-24 | 4.9 | CVE-2009-2187 BID SUNALERT CONFIRM |
tbdev -- tbdev.net |
Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or (2) the returnto parameter in a delete action to news.php. NOTE: this can be leveraged for cross-site scripting (XSS) by redirecting to a data: URI. | 2009-06-19 | 4.3 | CVE-2009-2138 MILW0RM MISC |
tbdev -- tbdev.net |
Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field to my.php. | 2009-06-22 | 4.3 | CVE-2009-2141 MILW0RM SECUNIA MISC |
torrenttrader -- torrenttrader_classic |
Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to execute arbitrary SQL commands via (1) the origmsg parameter to account-inbox.php; the categ parameter to (2) delreq.php and (3) admin-delreq.php; (4) the choice parameter to index.php; (5) the id parameter to modrules.php in an edited (aka edit) action; the (6) user, (7) torrent, (8) forumid, and (9) forumpost parameters to report.php; (10) the delmp parameter to take-deletepm.php; (11) the delreport parameter to takedelreport.php; (12) the delreq parameter to takedelreq.php; (13) the clases parameter to takestaffmess.php; and (14) the warndisable parameter to takewarndisable.php; and allow remote attackers to execute arbitrary SQL commands via (15) the wherecatin parameter to browse.php, (16) the limit parameter to today.php, and (17) the where parameter to torrents-details.php. | 2009-06-22 | 6.5 | CVE-2009-2157 XF XF XF XF XF XF MISC BID BUGTRAQ MILW0RM SECUNIA |
torrenttrader -- torrenttrader_classic |
backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/. | 2009-06-22 | 6.4 | CVE-2009-2159 XF MISC BID BUGTRAQ MILW0RM SECUNIA |
torrenttrader -- torrenttrader_classic |
TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to (2) obtain other potentially sensitive information via a direct request to check.php. | 2009-06-22 | 5.0 | CVE-2009-2160 XF XF MISC BID BUGTRAQ MILW0RM SECUNIA |
torrenttrader -- torrenttrader_classic |
Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter, in conjunction with a modified component name. | 2009-06-22 | 5.1 | CVE-2009-2161 XF MISC BID BUGTRAQ MILW0RM SECUNIA |
tribiq -- tribiq_cms |
Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary files via directory traversal sequences in the template_path parameter to (1) masthead.inc.php, (2) toppanel.inc.php, and (3) contact.inc.php in templates/mytribiqsite/tribiq-CL-9000/includes; and the use_template_family parameter to (4) templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php. NOTE: the tribal-GPL-1066/includes/header.inc.php vector is already covered by CVE-2008-4894. | 2009-06-26 | 5.1 | CVE-2009-2220 BID MILW0RM SECUNIA |
urdland -- urd |
Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the fatal_error page and unspecified other components. | 2009-06-25 | 4.3 | CVE-2009-2215 CONFIRM |
w2b -- phpdatingclub |
Cross-site scripting (XSS) vulnerability in website.php in phpDatingClub 3.7 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 2009-06-23 | 4.3 | CVE-2009-2178 MILW0RM |
xoops -- pukiwikimod |
Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2009-06-22 | 4.3 | CVE-2009-2162 CONFIRM SECUNIA JVNDB JVN |
zohocorp -- webnms |
Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2009-06-22 | 4.3 | CVE-2009-2155 SECUNIA |
Back to top |
Low Vulnerabilities | ||||
---|---|---|---|---|
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
apple -- iphone_os |
Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history. | 2009-06-19 | 2.1 | CVE-2009-1680 CONFIRM |
citrix -- netscaler_access_gateway_firmware |
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions. | 2009-06-25 | 3.5 | CVE-2009-2213 VUPEN CONFIRM |
gameis -- carom3d |
The LAN game feature in Carom3D 5.06 allows remote authenticated users to cause a denial of service (application hang) via a crafted HTTP request to TCP port 28012. | 2009-06-23 | 3.5 | CVE-2009-2173 XF MILW0RM |
torrenttrader -- torrenttrader_classic |
Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Title field to requests.php, related to viewrequests.php; and (2) the Torrent Name field to torrents-upload.php, related to the logging of torrent uploads; and allow remote attackers to inject arbitrary web script or HTML via (3) the ttversion parameter to themes/default/footer.php, the (4) SITENAME and (5) CURUSER[username] parameters to themes/default/header.php, (6) the todayactive parameter to visitorstoday.php, (7) the activepeople parameter to visitorsnow.php, (8) the faq_categ[999][title] parameter to faq.php, and (9) the keepget parameter to torrents-details.php. | 2009-06-22 | 3.5 | CVE-2009-2156 XF XF MISC BID BUGTRAQ MILW0RM SECUNIA |
Back to top |
This product is provided subject to this Notification and this Privacy & Use policy.