Software Vulnerability
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Archives
| Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |Sat, 27 Jun 09
php-i-board
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2222
Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors, probably related to mail.
Sat, 27 Jun 09
php-i-board
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2221
Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Sat, 27 Jun 09
tribiq_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2220
Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary files via directory traversal sequences in the template_path parameter to (1) masthead.inc.php, (2) toppanel.inc.php, and (3) contact.inc.php in templates/mytribiqsite/tribiq-CL-9000/includes; and the use_template_family parameter to (4) templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_con...
Fri, 26 Jun 09
adaptive_security_appliance
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1203
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.
Fri, 26 Jun 09
adaptive_security_appliance
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1202
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705.
Fri, 26 Jun 09
adaptive_security_appliance
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1201
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.
Sat, 20 Jun 09
tekbase_all-in-one
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2120
Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) ids parameter to admin.php, the (2) y parameter to members.php, and other unspecified vectors.
Sat, 20 Jun 09
firepass_ssl_vpn
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2119
Cross-site scripting (XSS) vulnerability in the login interface in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted password field. NOTE: some of these details are obtained from third party information.
Sat, 20 Jun 09
irfanview
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2118
Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow.
Sat, 20 Jun 09
phportal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2117
uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username.
Sat, 20 Jun 09
skybluecanvas
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2116
Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a .. (dot dot) in the dir parameter.
Sat, 20 Jun 09
skybluecanvas
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2115
admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message.
Sat, 20 Jun 09
skybluecanvas
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2114
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the (1) mgroup, (2) mgr, (3) objtype, (4) id, and (5) dir parameters.
Sat, 20 Jun 09
fretsweb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2113
Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php.
Sat, 20 Jun 09
phpfk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2112
Directory traversal vulnerability in include/page_bottom.php in phpFK 7.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _FORUM[settings_design_style] parameter.
Sat, 20 Jun 09
db_top_sites
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2111
Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter.
Sat, 20 Jun 09
db_top_sites
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2110
Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the u parameter to (1) full.php, (2) index.php, and (3) contact.php.
Sat, 20 Jun 09
fretsweb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2109
Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors, possibly related to admin/common.php.
Sat, 20 Jun 09
git
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2108
git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments.
Sat, 20 Jun 09
freebsd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1935
Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors.
Fri, 19 Jun 09
webmedia_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2107
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Webmedia Explorer (webmex) 5.09 and 5.10 allow remote attackers to inject arbitrary web script or HTML via event handlers such as onmouseover in the (1) search or (2) tag parameters; (3) arbitrary invalid parameter names that are not properly handled when triggered on a column; (4) bookmark parameter in an edit action; or (5) email parameter in a remember action.
Fri, 19 Jun 09
virtual_civil_services
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2106
SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Fri, 19 Jun 09
references_database
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2105
SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Fri, 19 Jun 09
modern_guest_book_commenting_system
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2104
Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Fri, 19 Jun 09
frontend_mp3_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2103
SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Fri, 19 Jun 09
com_jumi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2102
SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for Joomla allows remote attackers to execute arbitrary SQL commands via the fileid parameter to index.php.
Fri, 19 Jun 09
torrentvolve
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2101
Directory traversal vulnerability in archive.php in TorrentVolve 1.4, when register_globals is enabled, allows remote attackers to delete arbitrary files via a .. (dot dot) in the deleteTorrent parameter.
Fri, 19 Jun 09
com_projectfork
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2100
Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
Fri, 19 Jun 09
com_rssfeeder
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2099
SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php.
Fri, 19 Jun 09
phportal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2098
SQL injection vulnerability in topicler.php in phPortal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 19 Jun 09
zoki_catalog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2097
SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog (aka Smart Catalog) allows remote attackers to execute arbitrary SQL commands via the search_text parameter. NOTE: some of these details are obtained from third party information.
Fri, 19 Jun 09
phpcollegeexchange
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2096
SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter.
Fri, 19 Jun 09
mundi_mail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2095
PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi Mail 0.8.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the top parameter. NOTE: when allow_url_fopen is disabled, directory traversal attacks are possible to include and execute arbitrary local files.
Thu, 18 Jun 09
slurm
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2084
Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges.
Thu, 18 Jun 09
brightstor_arcserve_backup
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1761
The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error.
Thu, 18 Jun 09
jre
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1719
The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer.
Thu, 18 Jun 09
compress-raw-zlib_perl_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1391
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.
Thu, 18 Jun 09
kernel, linux_kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1389
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet.
Thu, 18 Jun 09
taxonomy_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2083
Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."
Thu, 18 Jun 09
multi-level_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2082
SQL injection vulnerability in insidepage.php in Creative Web Solutions Multi-Level CMS 1.21 allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: some of these details are obtained from third party information.
Thu, 18 Jun 09
dx_studio_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2011
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.
Thu, 18 Jun 09
mutt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1390
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
Thu, 18 Jun 09
tomcat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5515
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
Thu, 18 Jun 09
phpwebthings
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2081
Directory traversal vulnerability in help.php in phpWebThings 1.5.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter.
Thu, 18 Jun 09
the_ticket_system
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2080
admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action.
Thu, 18 Jun 09
taxonomy_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2079
Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via (1) vocabulary names, (2) synonyms, and (3) term names.
Thu, 18 Jun 09
booktree
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2078
Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) node title and (2) node body in a tree root page.
Thu, 18 Jun 09
views
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2077
Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries.
Thu, 18 Jun 09
views
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2076
Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions.
Thu, 18 Jun 09
nodequeue
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2075
Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors.
Thu, 18 Jun 09
nodequeue
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2074
Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names.
Wed, 17 Jun 09
wrt160n
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2073
Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wireless router hardware 1 and firmware 1.02.2 allows remote attackers to hijack the authentication of other users for unspecified requests via unknown vectors, as demonstrated using administrator privileges and actions.
Wed, 17 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2072
Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server.
Wed, 17 Jun 09
chrome
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2071
Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
Wed, 17 Jun 09
opera
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2070
Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
Wed, 17 Jun 09
internet_explorer, pocket_internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2069
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
Wed, 17 Jun 09
opera
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2068
Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
Wed, 17 Jun 09
opera_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2067
Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
Wed, 17 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2066
Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
Wed, 17 Jun 09
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2065
Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
Wed, 17 Jun 09
internet_explorer, pocket_internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2064
Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
Wed, 17 Jun 09
opera
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2063
Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.
Wed, 17 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2062
Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.
Wed, 17 Jun 09
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2061
Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.
Wed, 17 Jun 09
chrome
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2060
src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Wed, 17 Jun 09
opera_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2059
Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Wed, 17 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2058
Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Wed, 17 Jun 09
internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2057
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Tue, 16 Jun 09
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2044
Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.
Tue, 16 Jun 09
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2043
nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to interaction with TinyMCE.
Tue, 16 Jun 09
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1841
js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.
Tue, 16 Jun 09
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1840
Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.
Tue, 16 Jun 09
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1839
Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.
Tue, 16 Jun 09
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1838
The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.
Tue, 16 Jun 09
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1837
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.
Tue, 16 Jun 09
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1836
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Tue, 16 Jun 09
firefox, seamonkey
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1835
Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.
Tue, 16 Jun 09
firefox, seamonkey
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1834
Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters.
Tue, 16 Jun 09
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1833
The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.
Tue, 16 Jun 09
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1832
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction."
Tue, 16 Jun 09
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1392
The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBod...
Tue, 16 Jun 09
libpng
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2042
libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.
Tue, 16 Jun 09
activecollab
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2041
Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab 0.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1772.
Tue, 16 Jun 09
grestul
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2040
admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request.
Tue, 16 Jun 09
luottokunta
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2039
Unspecified vulnerability in the Luottokunta module before 1.3 for osCommerce has unknown impact and attack vectors related to orders.
Tue, 16 Jun 09
finnish_bank_payment
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2038
Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact and attack vectors related to bank charges.
Tue, 16 Jun 09
online_grades
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2037
Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) GLOBALS[SKIN] parameter to index.php and the (2) skin parameter to admin/admin.php.
Tue, 16 Jun 09
open_biller
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2036
SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Tue, 16 Jun 09
services_module_for_drupal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2035
Unspecified vulnerability in Services 6.x before 6.x-0.14, a module for Drupal, when key-based access is enabled, allows remote attackers to read or add keys and access unauthorized services via unspecified vectors.
Tue, 16 Jun 09
yogurt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2034
SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter.
Tue, 16 Jun 09
yogurt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2033
Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
Tue, 16 Jun 09
pdshoppro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2032
Cross-site scripting (XSS) vulnerability in search.asp in PDshopPro, when downloaded before 20070308, allows remote attackers to inject arbitrary web script or HTML via the search parameter.
Sat, 13 Jun 09
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2031
smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount permissions are used, allows local users to read arbitrary files, and list arbitrary directories, on CIFS volumes.
Sat, 13 Jun 09
CVE-2009-2030 (jdk, os/400)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2030
Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors.
Sat, 13 Jun 09
ruby
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1904
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.
Sat, 13 Jun 09
libtorrent
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1760
Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file.
Sat, 13 Jun 09
office_powerpoint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0202
Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
Sat, 13 Jun 09
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2029
Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.
Sat, 13 Jun 09
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2028
Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 have unknown impact and attack vectors, related to "Adobe internally discovered issues."
Sat, 13 Jun 09
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1861
Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file with a JPX (aka JPEG2000) stream that triggers heap memory corruption.
Sat, 13 Jun 09
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1859
Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
Sat, 13 Jun 09
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1858
The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
Sat, 13 Jun 09
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1857
Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
Sat, 13 Jun 09
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1856
Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
Sat, 13 Jun 09
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1855
Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via unspecified vectors.
Fri, 12 Jun 09
openview_network_node_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1420
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when used with SNMP (aka HPOvNNM.HPOVSNMP) before 1.30.009 and MIB (aka HPOvNNM.HPOVMIB) before 1.30.009, allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.
Fri, 12 Jun 09
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0889
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0888.
Fri, 12 Jun 09
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0888
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0889.
Fri, 12 Jun 09
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0512
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0888, and CVE-2009-0889.
Fri, 12 Jun 09
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0511
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889.
Fri, 12 Jun 09
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0510
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889.
Fri, 12 Jun 09
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0509
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to execute arbitrary code via a crafted file that triggers memory corruption.
Fri, 12 Jun 09
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0198
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF file that contains JBIG2 text region segments with Huffman encoding.
Fri, 12 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2027
The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method.
Fri, 12 Jun 09
ie
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1532
Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Objects Memory Corruption Vulnerability" or "HTML Object Memory Corruption Vulnerability."
Fri, 12 Jun 09
ie
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1531
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
Fri, 12 Jun 09
internet_explorer, ie
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1530
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Objects Memory Corruption Vulnerability."
Fri, 12 Jun 09
ie
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1529
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
Fri, 12 Jun 09
ie
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1528
Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
Fri, 12 Jun 09
ie
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1141
Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 does not properly handle unspecified method calls to HTML objects or DHTML objects, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "DHTML Object Memory Corruption Vulnerability."
Fri, 12 Jun 09
ie
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1140
Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability."
Fri, 12 Jun 09
CVE-2009-1134 (office, office_compatibility_pack_for_word_excel_ppt_2007, office_excel, office_e...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1134
Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Record Pointer Corruption Vulnerability."
Fri, 12 Jun 09
windows_2000, windows_server_2003, windows_server_2008, windows_vista, windows_xp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1126
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
Fri, 12 Jun 09
windows_2000, windows_server_2003, windows_server_2008, windows_vista, windows_xp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1125
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
Fri, 12 Jun 09
windows_2000, windows_server_2003, windows_server_2008, windows_vista, windows_xp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1124
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
Fri, 12 Jun 09
windows_2000, windows_server_2003, windows_server_2008, windows_vista, windows_xp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1123
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
Fri, 12 Jun 09
iis
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1122
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability."
Fri, 12 Jun 09
CVE-2009-0561 (office, office_compatibility_pack_for_word_excel_ppt_2007, office_excel, office_e...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0561
Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a cr...
Fri, 12 Jun 09
CVE-2009-0560 (office, office_compatibility_pack_for_word_excel_ppt_2007, office_excel, office_e...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0560
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Field Sanitization M...
Fri, 12 Jun 09
CVE-2009-0559 (office, office_compatibility_pack_for_word_excel_ppt_2007, office_excel, office_e...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0559
Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
Fri, 12 Jun 09
CVE-2009-0558 (office, office_compatibility_pack_for_word_excel_ppt_2007, office_excel, office_e...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0558
Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
Fri, 12 Jun 09
CVE-2009-0557 (office, office_compatibility_pack_for_word_excel_ppt_2007, office_excel, office_e...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0557
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corrup...
Fri, 12 Jun 09
CVE-2009-0549 (office, office_compatibility_pack_for_word_excel_ppt_2007, office_excel, office_e...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0549
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Record Pointer Corruption Vulnerability."
Fri, 12 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1718
WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.
Fri, 12 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1716
CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.
Fri, 12 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1715
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges.
Fri, 12 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1714
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes.
Fri, 12 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1713
The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.
Fri, 12 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1712
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.
Fri, 12 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1711
WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
Fri, 12 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1710
WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.
Fri, 12 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1709
Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."
Fri, 12 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1708
Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.
Fri, 12 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1707
Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.
Fri, 12 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1706
The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie.
Fri, 12 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1705
CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1704
CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1703
WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document.
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1702
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1701
Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1700
The XSLT implementation in WebKit in Apple Safari before 4.0 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1699
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1698
WebKit in Apple Safari before 4.0 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1697
CRLF injection vulnerability in WebKit in Apple Safari before 4.0 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header.
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1696
WebKit in Apple Safari before 4.0 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1695
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition.
Thu, 11 Jun 09
office, office_system_2007, office_xp, works
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1533
Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
Thu, 11 Jun 09
adam, windows_server_2003, windows_xp, windows_2000
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1139
Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
Thu, 11 Jun 09
windows_2000
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1138
The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request packet, aka "Active Directory Invalid Free Vulnerability."
Thu, 11 Jun 09
CVE-2009-0568 (windows_2000, windows_2003_server, windows_server, windows_server_2008, windows_v...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0568
The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling E...
Thu, 11 Jun 09
CVE-2009-0565 (office, office_compatibility_pack_for_word_excel_ppt_2007, office_word, office_wo...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0565
Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability."
Thu, 11 Jun 09
CVE-2009-0563 (office, office_compatibility_pack_for_word_excel_ppt_2007, office_word, office_wo...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0563
Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerabil...
Thu, 11 Jun 09
windows_search, windows_server_2003, windows_xp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0239
Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
Thu, 11 Jun 09
CVE-2009-0230 (windows_2000, windows_2003_server, windows_server, windows_server_2008, windows_v...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0230
The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
Thu, 11 Jun 09
windows_2000, windows_2003_server, windows_server_2008, windows_vista, windows_xp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0229
The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
Thu, 11 Jun 09
windows_2000
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0228
Buffer overflow in the Windows Print Spooler in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted RPC request in conjunction with availability of a print server with a crafted ShareName, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1694
WebKit in Apple Safari before 4.0 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue."
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1693
WebKit in Apple Safari before 4.0 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1691
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript prototypes in other domains.
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1690
WebKit in Apple Safari before 4.0 does not properly manage memory for recursion in unspecified DOM event handlers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1689
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement.
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1688
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method."
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1687
The JavaScript garbage collector in WebKit in Apple Safari before 4.0 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1686
WebKit in Apple Safari before 4.0 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1685
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document.
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1684
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document.
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1682
Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.
Thu, 11 Jun 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1681
WebKit in Apple Safari before 4.0 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.
Thu, 11 Jun 09
iis
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1535
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability."
Thu, 11 Jun 09
73-oubuntu
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1296
The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root.
Thu, 11 Jun 09
enhanced_picture_uploader_activex_control
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2475
eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property.
Thu, 11 Jun 09
dm_filemanager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2025
admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values.
Thu, 11 Jun 09
asp_vt_auth
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2024
Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt.
Thu, 11 Jun 09
shop-script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2023
SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter.
Wed, 10 Jun 09
fipscms_light
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2022
fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for _fipsdb/db.mdb.
Wed, 10 Jun 09
virtue_classifieds
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2021
SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter.
Wed, 10 Jun 09
virtue_news_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2020
Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue News Manager allows remote attackers to inject arbitrary web script or HTML via the nid parameter.
Wed, 10 Jun 09
virtue_news_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2019
SQL injection vulnerability in news_detail.php in Virtue News Manager allows remote attackers to execute arbitrary SQL commands via the nid parameter.
Wed, 10 Jun 09
mycars
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2018
SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authuserid parameter.
Wed, 10 Jun 09
virtue_book_store
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2017
SQL injection vulnerability in products.php in Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Wed, 10 Jun 09
virtue_shopping_mall
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2016
SQL injection vulnerability in products.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Wed, 10 Jun 09
com_moofaq
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2015
Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter .
Wed, 10 Jun 09
com_school
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2014
SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php.
Wed, 10 Jun 09
frontis
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2013
SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3.9.01.24 allows remote attackers to execute arbitrary SQL commands via the source_class parameter in a browse_classes action.
Wed, 10 Jun 09
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2012
Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through snv_110, when a CIFS server is enabled, allows local users to cause a denial of service (idpmapd daemon crash and idmapd outage) via unknown vectors.
Wed, 10 Jun 09
cups
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1196
The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw."
Wed, 10 Jun 09
cups
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0949
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.
Wed, 10 Jun 09
cups
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0791
Multiple integer overflows in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179.
Wed, 10 Jun 09
family_connections_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2010
Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter.
Wed, 10 Jun 09
dokeos
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2009
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to main/exercice/testheaderpage.php.
Wed, 10 Jun 09
dokeos
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2008
Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2.
Wed, 10 Jun 09
dokeos
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2007
Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. (dot dot) and a ..\ (dot dot backslash) in the lang parameter to main/exercice/hotspot_lang_conversion.php and (2) read arbitrary files via a .. (dot dot) in the doc_url parameter to main/exercice/Hpdownload.php.
Wed, 10 Jun 09
dokeos
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2006
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content parameters in a new personal agenda item action; the (4) title and (5) tutor_name parameters in a new course action; and the (6) student and (7) course parameters to main/mySpace/myStudents.php. NOTE: vectors 2 and 3 might only be exploitable vi...
Wed, 10 Jun 09
dokeos
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2005
Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.
Wed, 10 Jun 09
dokeos
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2004
Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902.
Wed, 10 Jun 09
password_protector_sd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2003
Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin."
Wed, 10 Jun 09
jira
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6832
Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 10 Jun 09
jira
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6831
Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated using secure/AddComment!default.jspa (aka "Add Comment").
Wed, 10 Jun 09
web_interface
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6830
The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the attacker must also have valid credentials to the Web Interface.
Wed, 10 Jun 09
vicftps
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6829
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash). NOTE: this might be the same issue as CVE-2008-2031.
Wed, 10 Jun 09
altiris_deployment_solution
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6828
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.
Wed, 10 Jun 09
altiris_deployment_solution, altiris_notification_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6827
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
Wed, 10 Jun 09
ads_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6826
dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages.
Tue, 9 Jun 09
debian_linux, xfig
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1962
Xfig in Debian GNU/Linux, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID.
Tue, 9 Jun 09
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1961
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.
Tue, 9 Jun 09
dokuwiki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1960
inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.
Tue, 9 Jun 09
irssi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1959
Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.
Tue, 9 Jun 09
strongswan
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1958
charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector.
Tue, 9 Jun 09
strongswan
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1957
charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA request.
Tue, 9 Jun 09
apr-util
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1956
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
Tue, 9 Jun 09
apr-util
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1955
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
Tue, 9 Jun 09
aix
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1954
Unspecified vulnerability in portmapper (aka portmap) in IBM AIX 5.3 allows attackers to cause a denial of service (daemon hang) via unknown vectors, related to libtli.
Tue, 9 Jun 09
filenet_content_manager, weblogic_application_server, websphere_application_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1953
IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors.
Tue, 9 Jun 09
discovery&dependency_mapping_inventory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1419
Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.0.0 through 2.52, 7.50, and 7.51 on Windows allows remote attackers to access DDMI agents via unknown vectors.
Tue, 9 Jun 09
apr-util
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0023
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, related to an "underflow flaw."
Tue, 9 Jun 09
propertymax_pro_free
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1952
Multiple SQL injection vulnerabilities in the administrative login feature in PropertyMax Pro FREE 0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Tue, 9 Jun 09
propertymax_pro_free
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1951
Cross-site scripting (XSS) vulnerability in index.php in PropertyMax Pro FREE 0.3 allows remote attackers to inject arbitrary web script or HTML via the pl parameter in a mi action.
Tue, 9 Jun 09
guest_book
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1950
SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid parameter.
Tue, 9 Jun 09
unclassified_newsboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1949
import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
Tue, 9 Jun 09
unclassified_newsboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1948
Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard (UNB) 1.6.4, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to (1) read arbitrary recently-modified files via a .. (dot dot) in the GLOBALS[filename] parameter or (2) include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[UTE][__tplCollection][a][file] parameter.
Tue, 9 Jun 09
unclassified_newsboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1947
SQL injection vulnerability in the UnbDbEncode function in unb_lib/database.lib.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to execute arbitrary SQL commands via the Query parameter in a search action to forum.php, a different vector than CVE-2005-3686.
Tue, 9 Jun 09
adaptbb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1946
PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter.
Tue, 9 Jun 09
webcal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1945
SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
Tue, 9 Jun 09
aimp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1944
Stack-based buffer overflow in AIMP 2.51 build 330 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag.
Tue, 9 Jun 09
CVE-2009-1943 (softremote, softremote1.4)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1943
Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet SoftRemote before 10.8.6 allows remote attackers to execute arbitrary code via a long request to UDP port 62514.
Tue, 9 Jun 09
trixbox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6825
Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.
Tue, 9 Jun 09
quiz
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1942
Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors.
Tue, 9 Jun 09
pad_site_scripts
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1941
PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt.
Tue, 9 Jun 09
joomla
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1940
Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Tue, 9 Jun 09
ja_purity
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1939
Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Tue, 9 Jun 09
joomla
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1938
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel.
Tue, 9 Jun 09
lightneasy
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1937
Cross-site scripting (XSS) vulnerability in the comment posting feature in LightNEasy 2.2.1 "no database" (aka flat) and 2.2.2 SQLite allows remote attackers to inject arbitrary web script or HTML via the (1) commentname (aka Author), (2) commentemail (aka Email), and (3) commentmessage (aka Comment) parameters. NOTE: some of these details are obtained from third party information.
Tue, 9 Jun 09
cpcommerce
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1936
_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, ro execute arbitrary PHP code or read arbitrary files, via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500.
Tue, 9 Jun 09
java_system_web_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1934
Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.
Tue, 9 Jun 09
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1933
Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, does not properly manage credential caches, which allows local users to access Kerberized NFS mount points and Kerberized NFS shares via unspecified vectors.
Tue, 9 Jun 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1717
Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.
Tue, 9 Jun 09
ironport_asyncos
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1162
Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter.
Tue, 9 Jun 09
tomcat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0783
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Tue, 9 Jun 09
tomcat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0580
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
Tue, 9 Jun 09
tomcat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0033
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
Mon, 8 Jun 09
good_plug-ins
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1932
Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow.
Mon, 8 Jun 09
dns_tools
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1916
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter.
Mon, 8 Jun 09
icq
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1915
Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ICQ 6.5 allows remote attackers to cause a denial of service (persistent crash) and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash when browsing a folder that contains this file.
Mon, 8 Jun 09
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1914
The pci_register_iommu_region function in arch/sparc/kernel/pci_common.c in the Linux kernel before 2.6.29 on the sparc64 platform allows local users to cause a denial of service (system crash) by reading the /proc/iomem file, related to uninitialized pointers and the request_resource function.
Mon, 8 Jun 09
luxbum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1913
SQL injection vulnerability in manager.php in LuxBum 0.5.5, when magic_quotes_gpc is disabled and dotclear authentication is used, allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
Mon, 8 Jun 09
webspell
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1912
Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php.
Mon, 8 Jun 09
tinywebgallery, quixplorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1911
Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php.
Mon, 8 Jun 09
rtwebalbum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1910
SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote attackers to execute arbitrary SQL commands via the AlbumId parameter.
Mon, 8 Jun 09
skip
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1909
SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Mon, 8 Jun 09
skip
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1908
Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Mon, 8 Jun 09
claroline
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1907
Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
Fri, 5 Jun 09
openssl
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1387
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Fri, 5 Jun 09
openssl
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1386
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
Fri, 5 Jun 09
e1000, kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1385
Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size.
Fri, 5 Jun 09
wl54ap2, wl54ap3
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6824
The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access.
Fri, 5 Jun 09
wl54ap2, wl54ap3
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6823
Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify the network configuration via certain parameters to goform/formWanTcpipSetup or (2) modify credentials via certain parameters to goform/formPasswordSetup.
Fri, 5 Jun 09
imguoload
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6822
Unrestricted file upload vulnerability in uploadp.php in New Earth Programming Team (NEPT) imgupload (aka Image Uploader) 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a modified content type, then accessing this file via a direct request, as demonstrated by an upload with an image/jpeg content type. NOTE: some of these details are obtained from third party information.
Fri, 5 Jun 09
db2
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1906
The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32.
Fri, 5 Jun 09
db2
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1905
The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.
Fri, 5 Jun 09
db2
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6821
Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853.
Fri, 5 Jun 09
db2
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6820
The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856.
Fri, 5 Jun 09
db2
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2154
IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls.
Thu, 4 Jun 09
modsecurity
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1903
The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
Thu, 4 Jun 09
modsecurity
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1902
The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.
Thu, 4 Jun 09
websphere_application_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1901
The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors.
Thu, 4 Jun 09
websphere_application_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1900
The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 allow attackers to obtain sensitive information via unspecified vectors.
Thu, 4 Jun 09
websphere_application_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1899
Unspecified vulnerability in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 has unknown impact and attack vectors, related to a "security exposure in wsadmin."
Thu, 4 Jun 09
websphere_application_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1898
The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network.
Thu, 4 Jun 09
intregrated_solutions_console, websphere_application_server, websphere_portal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0899
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors.
Thu, 4 Jun 09
websphere_mq
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0896
Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 allows remote attackers to execute arbitrary code via a crafted request.
Thu, 4 Jun 09
quicktime
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0957
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.
Thu, 4 Jun 09
quicktime
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0956
Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie containing a user data atom of size zero.
Thu, 4 Jun 09
quicktime
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0955
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue."
Thu, 4 Jun 09
quicktime
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0954
Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types.
Thu, 4 Jun 09
quicktime
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0953
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
Thu, 4 Jun 09
quicktime
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0952
Buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted compressed PSD image.
Thu, 4 Jun 09
quicktime
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0951
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file.
Thu, 4 Jun 09
itunes
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0950
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itms: URL.
Thu, 4 Jun 09
xvid
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0894
Heap-based buffer overflow in the decoder_create function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the DirectShow (aka DShow) frontend and improper handling of the XVID_ERR_MEMORY return code during processing of a crafted movie file. NOTE: some of these details are obtained from third party information.
Thu, 4 Jun 09
xvid
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0893
Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the xvidcore library in Xvid before 1.2.2, as used by Windows Media Player and other applications, allow remote attackers to execute arbitrary code by providing a crafted macroblock (aka MBlock) number in a video stream in a crafted movie file that triggers heap memory corruption, related to a "missing resync marker range check" and the (1) decoder_iframe, (2) decoder_pframe, and (3) decoder_bframe functions.
Thu, 4 Jun 09
quicktime
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0188
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file.
Thu, 4 Jun 09
quicktime
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0185
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file.
Wed, 3 Jun 09
imagemagick
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1882
Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
Wed, 3 Jun 09
img-bbs
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1881
Cross-site scripting (XSS) vulnerability in MT312 IMG-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to model.php with a timestamp before 20090521.
Wed, 3 Jun 09
rep-bbs
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1880
Cross-site scripting (XSS) vulnerability in MT312 REP-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) model.php and (2) config.php with timestamps before 20090521.
Wed, 3 Jun 09
jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2764
Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing."
Wed, 3 Jun 09
iplanet_web_server, one_web_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2763
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
Wed, 3 Jun 09
j2ee
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1573
The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
Wed, 3 Jun 09
jmf
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1572
Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields.
Wed, 3 Jun 09
million_dollar_text_links
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1854
Million Dollar Text Links 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the userid cookie to 1.
Wed, 3 Jun 09
kensei_board
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1853
Multiple SQL injection vulnerabilities in index.php in Kensei Board 2.0 BETA (aka 2.0.0b) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) f and (2) t parameters in a showforum action.
Wed, 3 Jun 09
myforum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1852
Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
Wed, 3 Jun 09
phpbugtracker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1851
SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 3 Jun 09
phpbugtracker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1850
SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows remote attackers to execute arbitrary SQL commands via the password parameter.
Wed, 3 Jun 09
CVE-2009-1849 (prtg_traffic_grapher, prtg_traffic_grapher6.0.5.416)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1849
Cross-site scripting (XSS) vulnerability in the Monitor_Bandwidth function in PRTG Traffic Grapher 6.2.2.977 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Wed, 3 Jun 09
com_agoragroup
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1848
SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php.
Wed, 3 Jun 09
easy_px_41_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1847
Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 B1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fiche parameter.
Wed, 3 Jun 09
sitex
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1846
Multiple directory traversal vulnerabilities in SiteX 0.7.4 Build 418 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the THEME_FOLDER parameter to (1) Corporate/homepage.php, (2) Fusion/homepage.php, (3) Joombo/homepage.php, (4) Streamline/homepage.php, and (5) Structure/homepage.php in themes/.
Wed, 3 Jun 09
vanilla
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1845
Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter.
Wed, 3 Jun 09
ace, esx, esxi, fusion, player, server, workstation
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1805
Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vect...
Wed, 3 Jun 09
windows_server, windows_vista
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6819
win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
Tue, 2 Jun 09
drupal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1844
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not properly handled in the "HTML exports of books" feature; and (2) allow remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via the help text of an arbitrary vocabulary. ...
Tue, 2 Jun 09
flash_quiz
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1843
Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) quiz parameter to (a) num_questions.php, (b) answers.php, (c) high_score.php, (d) high_score_web.php, (e) results_table_web.php, and (f) question.php; and the (2) order_number parameter to (g) answers.php and (h) question.php.
Tue, 2 Jun 09
php-nuke
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1842
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.
Tue, 2 Jun 09
real_estate_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6818
Mole Group Real Estate Script 1.1 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 2 Jun 09
lastminute_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6817
Mole Group Lastminute Script 4.0 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 2 Jun 09
winamp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1831
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, and integer overflow, and a stack-based buffer overflow.
Tue, 2 Jun 09
soulseek
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1830
Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote attackers to execute arbitrary code via a long search query.
Tue, 2 Jun 09
wireshark
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1829
Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets.
Tue, 2 Jun 09
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1828
Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element.
Tue, 2 Jun 09
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1827
The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to cause a denial of service (application hang) via a large value in the r (aka Radius) attribute of a circle element, related to an "unclamped loop."
Tue, 2 Jun 09
mygesuad
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1826
modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
Tue, 2 Jun 09
mycolex
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1825
modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
Tue, 2 Jun 09
CVE-2009-1824 (arcavir_2009_antivirus_protection, arcavir_2009_home_protection, arcavir_2009_int...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1824
The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and earlier, and ArcaBit 2009 Home Protection 9.4.3204.9 and earlier, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\ps_drv containing arbitrary kernel addresses, as demonstrated using the (1) 0x2A7B802B and possibly (2) 0x2A7B8004 and (3) 0x2A7B802F IOCTLs.
Tue, 2 Jun 09
s3dplayer_standalone, s3dplayer_web
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1792
The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument).
Tue, 2 Jun 09
directx
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1537
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009.
Tue, 2 Jun 09
print
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1823
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.7 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML by modifying a document head, before the Content-Type META element, to contain crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, a related issue to CVE-2009-1575.
Tue, 2 Jun 09
com_artforms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1822
Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) imgcaptcha.php or (2) mp3captcha.php in assets/captcha/includes/captchaform/, or (3) assets/captcha/includes/captchatalk/swfmovie.php.
Tue, 2 Jun 09
registration_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1821
DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb.
Tue, 2 Jun 09
custom_t-shirt_design_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1820
Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Tue, 2 Jun 09
custom_t-shirt_design_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1819
SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Tue, 2 Jun 09
maxcms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1818
SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via an m_username cookie in an add action.
Tue, 2 Jun 09
maya
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1817
Multiple buffer overflows in DigiMode Maya 1.0.2 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .m3u or (2) .m3l playlist file.
Tue, 2 Jun 09
my_game_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1816
SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the username field). NOTE: some of these details are obtained from third party information.
Tue, 2 Jun 09
audioactive_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1815
Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b allows remote attackers to execute arbitrary code via a long string in a playlist file, as demonstrated by a long .mp3 URL in a .m3u file.
Tue, 2 Jun 09
phpenpals
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1814
SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074.
Tue, 2 Jun 09
submitterscript
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1813
Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field).
Tue, 2 Jun 09
mygesuad
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1812
Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php.
Tue, 2 Jun 09
mygesuad
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1811
Multiple cross-site scripting (XSS) vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to inject arbitrary web script or HTML via (1) the Page parameter in a List action to modules/ereignis.php, (2) the Kontext parameter in a Search action to modules/kategorie.php, (3) the image parameter to modules/image.php, or (4) the ID parameter in a Detail action to modules/sitzung.php.
Tue, 2 Jun 09
mycolex
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1810
Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) medium.php, (4) person.php, or (5) schlagwort.php in modules/, related to classes/class.perform.php.
Tue, 2 Jun 09
mycolex
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1809
Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the year parameter to modules/kalender.php, (2) the Page parameter in a List action to modules/ereignis.php, (3) the Kontext parameter in a Search action to modules/kategorie.php, or (4) the image parameter to modules/image.php.