Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.
[TA09-022A]
[APPLE-SA-2009-01-21]
[quicktime-rtspurl-bo(48154)]
[ADV-2009-0212]
[33385]
[http://support.apple.com/kb/HT3403]
[33632]
[oval:org.mitre.oval:def:6135]
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.
[TA09-022A]
[APPLE-SA-2009-01-21]
[http://www.zerodayinitiative.com/advisories/ZDI-09-005/]
[ADV-2009-0212]
[33384]
[http://support.apple.com/kb/HT3403]
[33632]
[oval:org.mitre.oval:def:5646]
[51525]
[20090121 ZDI-09-005: Apple QuickTime VR Track Header Atom Heap Corruption Vulnerability]
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure.
[TA09-022A]
[APPLE-SA-2009-01-21]
[http://www.zerodayinitiative.com/advisories/ZDI-09-006/]
[ADV-2009-0212]
[33387]
[http://support.apple.com/kb/HT3403]
[33632]
[oval:org.mitre.oval:def:6218]
[51526]
Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file.
[TA09-022A]
[http://support.apple.com/kb/HT3403]
[APPLE-SA-2009-01-21]
[quicktime-mpeg2-bo(48157)]
[ADV-2009-0212]
[33632]
[oval:org.mitre.oval:def:6211]
Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption.
[TA09-022A]
[APPLE-SA-2009-01-21]
[quicktime-h263-movie-code-execution(48158)]
[ADV-2009-0212]
[33386]
[http://support.apple.com/kb/HT3403]
[33632]
[oval:org.mitre.oval:def:6187]
Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow.
[TA09-022A]
[APPLE-SA-2009-01-21]
[http://www.zerodayinitiative.com/advisories/ZDI-09-007/]
[ADV-2009-0212]
[33388]
[20090124 Re: ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability]
[http://support.apple.com/kb/HT3403]
[33632]
[oval:org.mitre.oval:def:6153]
[51529]
[20090121 ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability]
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms.
[TA09-022A]
[APPLE-SA-2009-01-21]
[http://www.zerodayinitiative.com/advisories/ZDI-09-008/]
[ADV-2009-0212]
[33390]
[http://support.apple.com/kb/HT3403]
[33632]
[oval:org.mitre.oval:def:6132]
[51530]
Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie.
per http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html
"This issue does not
affect systems running Mac OS X."
[quicktime-mpeg2playback-code-execution(48162)]
[ADV-2009-0211]
[1021621]
[33393]
[http://support.apple.com/kb/HT3404]
[33642]
[oval:org.mitre.oval:def:5974]
[APPLE-SA-2009-01-21]
Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption.
[macosx-pixlet-codec-code-execution(48713)]
[ADV-2009-0422]
[33759]
[http://support.apple.com/kb/HT3438]
[1021718]
[33937]
[51980]
[APPLE-SA-2009-02-12]
Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[http://www.zerodayinitiative.com/advisories/ZDI-09-021/]
[http://www.zerodayinitiative.com/advisories/ZDI-09-021]
[http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php]
[ADV-2009-1407]
[ADV-2009-1297]
[1022209]
[34938]
[34926]
[20090527 ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability]
[http://support.apple.com/kb/HT3591]
[35091]
[35074]
[APPLE-SA-2009-06-01-1]
Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file.
[33759]
[APPLE-SA-2009-02-12]
[macosx-certificate-asst-file-overwrite(48715)]
[ADV-2009-0422]
[http://support.apple.com/kb/HT3438]
[1021720]
[33937]
[51979]
Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted Unicode string.
[APPLE-SA-2009-02-12]
[ADV-2009-0422]
[33809]
[33759]
[http://support.apple.com/kb/HT3438]
[33937]
[51977]
dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.
[APPLE-SA-2009-02-12]
[macosx-dstools-information-disclosure(48717)]
[ADV-2009-0422]
[33815]
[33759]
[http://support.apple.com/kb/HT3438]
[1021722]
[33937]
Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder.
[APPLE-SA-2009-02-12]
[ADV-2009-0422]
[33820]
[33759]
[http://support.apple.com/kb/HT3438]
[33937]
Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management."
[APPLE-SA-2009-02-12]
[ADV-2009-0422]
[33821]
[33759]
[http://support.apple.com/kb/HT3438]
[33937]
Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.
[http://support.apple.com/kb/HT3487]
[APPLE-SA-2009-03-11]
[itunes-daap-dos(49200)]
[ADV-2009-0702]
[34094]
[20090313 Apple iTunes DAAP Messages Handling Denial of Service Vulnerability]
[http://www.fortiguardcenter.com/advisory/FGA-2009-11.html]
[1021842]
[34254]
[oval:org.mitre.oval:def:6001]
[52578]
[20090312 Apple iTunes DAAP Messages Handling Denial of Service Vulnerability]
csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow.
[APPLE-SA-2009-02-12]
[ADV-2009-0422]
[33811]
[33759]
[http://support.apple.com/kb/HT3438]
[33937]
The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory.
[ADV-2009-0422]
[33816]
[33759]
[http://support.apple.com/kb/HT3438]
[33937]
[APPLE-SA-2009-02-12]
Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access.
[ADV-2009-0422]
[33814]
[33759]
[http://support.apple.com/kb/HT3438]
[APPLE-SA-2009-02-12]
Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption.
[APPLE-SA-2009-02-12]
[ADV-2009-0422]
[33759]
[http://support.apple.com/kb/HT3438]
[33937]
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
Note that versions 4.2.5 before 4.2.5p150 are development versions and not production versions. Development versions are not included in the CPE configuration for CVEs.
[TA09-133A]
[[announce] 20090108 NTP 4.2.4p6 Released]
[ADV-2009-1297]
[ADV-2009-0042]
[1021533]
[RHSA-2009:0046]
[http://www.ocert.org/advisories/ocert-2008-016.html]
[http://support.apple.com/kb/HT3549]
[SSA:2009-014-03]
[35074]
[34642]
[33648]
[33558]
[33406]
[oval:org.mitre.oval:def:10035]
[SUSE-SR:2009:008]
[SUSE-SR:2009:005]
[APPLE-SA-2009-05-12]
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.
Patch Information - http://www.samba.org/samba/history/security.html
[FEDORA-2009-0268]
[samba-file-system-security-bypass(47733)]
[ADV-2009-0017]
[USN-702-1]
[1021513]
[33118]
[http://www.samba.org/samba/security/CVE-2009-0022.html]
[MDVSA-2009:042]
[33431]
[33392]
[33379]
[51152]
[http://master.samba.org/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch]
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
[https://bugzilla.redhat.com/show_bug.cgi?id=503928]
[DSA-1812]
[FEDORA-2009-5969]
[FEDORA-2009-6261]
[FEDORA-2009-6014]
[apache-aprstrmatchprecompile-dos(50964)]
[ADV-2009-3184]
[ADV-2009-1907]
[USN-787-1]
[USN-786-1]
[35221]
[20091112 rPSA-2009-0144-1 apr-util]
[RHSA-2009:1108]
[RHSA-2009:1107]
[MDVSA-2009:131]
[http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3]
[http://www-01.ibm.com/support/docview.wss?uid=swg27014463]
[PK99478]
[PK91241]
[PK88341]
[http://wiki.rpath.com/Advisories:rPSA-2009-0144]
[http://svn.apache.org/viewvc?view=rev&revision=779880]
[http://support.apple.com/kb/HT3937]
[SSA:2009-167-02]
[GLSA-200907-03]
[37221]
[35843]
[35797]
[35710]
[35565]
[35487]
[35444]
[35395]
[35360]
[35284]
[34724]
[oval:org.mitre.oval:def:12321]
[oval:org.mitre.oval:def:10968]
[HPSBUX02612]
[HPSBUX02612]
[APPLE-SA-2009-11-09-1]
The sys_remap_file_pages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm_file structure member, and the mmap_region and do_munmap functions.
[33211]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1]
[[oss-security] 20090112 CVE-2009-0024 kernel: local privilege escalation in sys_remap_file_pages]
[http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.24.y.git;a=commit;h=8a459e44ad837018ea5c34a9efe8eb4ad27ded26]
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
[TA09-133A]
[FEDORA-2009-0350]
[https://www.isc.org/software/bind/advisories/cve-2009-0025]
[https://issues.rpath.com/browse/RPL-2938]
[ADV-2009-1297]
[ADV-2009-0904]
[ADV-2009-0366]
[ADV-2009-0043]
[http://www.vmware.com/security/advisories/VMSA-2009-0004.html]
[20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim]
[20090120 rPSA-2009-0009-1 bind bind-utils]
[http://www.openbsd.org/errata44.html#008_bind]
[http://www.ocert.org/advisories/ocert-2008-016.html]
[http://wiki.rpath.com/Advisories:rPSA-2009-0009]
[http://support.avaya.com/elmodocs2/security/ASA-2009-045.htm]
[http://support.apple.com/kb/HT3549]
[250846]
[SSA:2009-014-02]
[FreeBSD-SA-09:04]
[35074]
[33882]
[33683]
[33559]
[33551]
[33546]
[33494]
[oval:org.mitre.oval:def:5569]
[oval:org.mitre.oval:def:10879]
[APPLE-SA-2009-05-12]
[http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33]
Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
[https://issues.apache.org/jira/browse/JCR-1925]
[jackrabbit-search-swr-xss(48110)]
[ADV-2009-0177]
[33360]
[20090120 [ANNOUNCE] Apache Jackrabbit 1.5.2 released]
[http://www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2.txt]
[4942]
[33576]
The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request.
[RHSA-2009:0349]
[RHSA-2009:0347]
[RHSA-2009:0346]
[https://jira.jboss.org/jira/browse/JBPAPP-1548]
[https://bugzilla.redhat.com/show_bug.cgi?id=479668]
[1021817]
[34023]
[34112]
[RHSA-2009:0348]
The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit.
[https://bugzilla.redhat.com/show_bug.cgi?id=479932]
[ADV-2009-3316]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-751-1]
[33906]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[20090516 rPSA-2009-0084-1 kernel]
[RHSA-2009:0451]
[RHSA-2009:0326]
[MDVSA-2009:118]
[DSA-1800]
[DSA-1794]
[DSA-1787]
[http://wiki.rpath.com/Advisories:rPSA-2009-0084]
[37471]
[35394]
[35390]
[35121]
[35120]
[35011]
[34981]
[34962]
[34917]
[34680]
[34033]
[33758]
[http://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-signal-vulnerability.html]
[http://scary.beasts.org/security/CESA-2009-002.html]
[RHSA-2009:0459]
[oval:org.mitre.oval:def:7947]
[oval:org.mitre.oval:def:11187]
[52204]
[SUSE-SA:2009:031]
[SUSE-SA:2009:030]
[SUSE-SA:2009:010]
The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call.
[FEDORA-2009-0816]
[https://bugzilla.redhat.com/show_bug.cgi?id=479969]
[33275]
[MDVSA-2009:135]
[DSA-1794]
[DSA-1787]
[DSA-1749]
[35011]
[34981]
[34394]
[33674]
[33477]
[[linux-kernel] 20090110 Re: [PATCH -v7][RFC]: mutex: implement adaptive spinning]
[SUSE-SA:2009:010]
A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.
[RHSA-2009:0057]
[https://bugzilla.redhat.com/show_bug.cgi?id=480488]
[https://bugzilla.redhat.com/show_bug.cgi?id=480224]
[squirrelmail-sessionid-session-hijacking(48115)]
[33354]
[1021611]
[33611]
[oval:org.mitre.oval:def:10366]
[SUSE-SR:2009:004]
Memory leak in the keyctl_join_session_keyring function (security/keys/keyctl.c) in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service (kernel memory consumption) via unknown vectors related to a "missing kfree."
[USN-751-1]
[RHSA-2009:0360]
[RHSA-2009:0331]
[[oss-security] 20090119 CVE-2009-0031 kernel: local denial of service in keyctl_join_session_keyring]
[DSA-1794]
[DSA-1787]
[DSA-1749]
[http://support.avaya.com/elmodocs2/security/ASA-2009-114.htm]
[35011]
[34981]
[34762]
[34502]
[34394]
[34252]
[33858]
[RHSA-2009:0264]
[oval:org.mitre.oval:def:11386]
[51501]
[SUSE-SA:2009:010]
[http://git2.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d54ee1c7850a954026deec4cd4885f331da35cc]
CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.
[cups-pdflog-symlink(48210)]
[33418]
[MDVSA-2009:029]
[MDVSA-2009:028]
[MDVSA-2009:027]
[1021637]
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
[ADV-2009-1496]
[35193]
[http://tomcat.apache.org/security-6.html]
[http://tomcat.apache.org/security-5.html]
[http://tomcat.apache.org/security-4.html]
[http://svn.apache.org/viewvc?rev=781362&view=rev]
[http://svn.apache.org/viewvc?rev=742915&view=rev]
[FEDORA-2009-11356]
[FEDORA-2009-11352]
[FEDORA-2009-11374]
[tomcat-ajp-dos(50928)]
[ADV-2010-3056]
[ADV-2009-3316]
[ADV-2009-1856]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[20090603 [SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector]
[MDVSA-2010:176]
[MDVSA-2009:138]
[MDVSA-2009:136]
[DSA-2207]
[http://support.apple.com/kb/HT4077]
[263529]
[1022331]
[42368]
[37460]
[35788]
[35685]
[35344]
[35326]
[oval:org.mitre.oval:def:5739]
[oval:org.mitre.oval:def:10231]
[SSRT100203]
[SSRT100203]
[SUSE-SR:2009:012]
[APPLE-SA-2010-03-29-1]
[JVN#87272440]
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.
[https://issues.rpath.com/browse/RPL-2954]
[https://bugzilla.novell.com/show_bug.cgi?id=468923]
[ADV-2009-1865]
[http://www.vmware.com/security/advisories/VMSA-2009-0009.html]
[http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&f=h]
[1021688]
[33517]
[20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl]
[20090129 rPSA-2009-0021-1 sudo]
[RHSA-2009:0267]
[MDVSA-2009:033]
[http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327]
[http://wiki.rpath.com/Advisories:rPSA-2009-0021]
[35766]
[33885]
[33840]
[33753]
[oval:org.mitre.oval:def:6462]
[oval:org.mitre.oval:def:10856]
[51736]
[[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl]
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
[[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory]
[[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory]
[[libvir-list] 20090127 [libvirt] [PATCH] proxy: Fix use of uninitalized memory]
[https://bugzilla.redhat.com/show_bug.cgi?id=484947]
[33724]
[RHSA-2009:0382]
[34397]
[oval:org.mitre.oval:def:10127]
[[oss-security] 20090210 libvirt_proxy heads up]
[http://git.et.redhat.com/?p=libvirt.git;a=commitdiff;h=2bb0657e28]
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.
[ADV-2009-0581]
[33962]
[http://curl.haxx.se/lxr/source/CHANGES]
[http://curl.haxx.se/docs/adv_20090303.html]
[curl-location-security-bypass(49030)]
[http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf]
[http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/]
[ADV-2009-1865]
[http://www.vmware.com/security/advisories/VMSA-2009-0009.html]
[USN-726-1]
[1021783]
[20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl]
[20090312 rPSA-2009-0042-1 curl]
[RHSA-2009:0341]
[DSA-1738]
[http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042]
[http://support.apple.com/kb/HT4077]
[SSA:2009-069-01]
[GLSA-200903-21]
[35766]
[34399]
[34259]
[34255]
[34251]
[34237]
[34202]
[34138]
[oval:org.mitre.oval:def:6074]
[oval:org.mitre.oval:def:11054]
[[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl]
[SUSE-SR:2009:006]
[APPLE-SA-2010-03-29-1]
Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/.
[http://issues.apache.org/jira/browse/GERONIMO-4597]
[http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214]
[ADV-2009-1089]
[34562]
[20090416 [DSECRG-09-019] Apache Geronimo - XSS vulnerabilities.txt]
[34715]
[http://dsecrg.com/pages/vul/show.php?id=119]
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
[ADV-2009-1089]
[34562]
[20090416 [DSECRG-09-020] Apache Geronimo - XSRF vulnerabilities]
[34715]
[http://issues.apache.org/jira/browse/GERONIMO-4597]
[http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214]
[http://dsecrg.com/pages/vul/show.php?id=120]
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
[TA09-218A]
[TA09-133A]
[VU#649212]
[FEDORA-2009-2884]
[FEDORA-2009-2882]
[FEDORA-2009-1976]
[FEDORA-2009-2045]
[libpng-pointer-arrays-code-execution(48819)]
[ADV-2009-2172]
[ADV-2009-1621]
[ADV-2009-1560]
[ADV-2009-1522]
[ADV-2009-1462]
[ADV-2009-1451]
[ADV-2009-1297]
[ADV-2009-0632]
[ADV-2009-0473]
[ADV-2009-0469]
[http://www.vmware.com/security/advisories/VMSA-2009-0007.html]
[33990]
[33827]
[20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server]
[20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues]
[20090312 rPSA-2009-0046-1 libpng]
[RHSA-2009:0340]
[RHSA-2009:0333]
[RHSA-2009:0325]
[RHSA-2009:0315]
[MDVSA-2009:083]
[MDVSA-2009:075]
[MDVSA-2009:051]
[DSA-1830]
[DSA-1750]
[http://wiki.rpath.com/Advisories:rPSA-2009-0046]
[http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document]
[http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm]
[http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm]
[http://support.apple.com/kb/HT3757]
[http://support.apple.com/kb/HT3639]
[http://support.apple.com/kb/HT3613]
[http://support.apple.com/kb/HT3549]
[1020521]
[259989]
[http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441]
[[png-mng-implement] 20090219 libpng-1.2.35 and libpng-1.0.43 fix security vulnerability]
[SSA:2009-083-03]
[SSA:2009-083-02]
[GLSA-200903-28]
[36096]
[35386]
[35379]
[35302]
[35258]
[35074]
[34464]
[34462]
[34388]
[34324]
[34320]
[34272]
[34265]
[34210]
[34152]
[34145]
[34143]
[34140]
[34137]
[33976]
[33970]
[oval:org.mitre.oval:def:6458]
[oval:org.mitre.oval:def:10316]
[[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server]
[SUSE-SA:2009:023]
[SUSE-SA:2009:012]
[SUSE-SR:2009:005]
[APPLE-SA-2009-05-12]
[APPLE-SA-2009-06-17-1]
[APPLE-SA-2009-06-08-1]
[APPLE-SA-2009-08-05-1]
[http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt]
[ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt]
IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Vendor Advisory: http://downloads.digium.com/pub/security/AST-2009-001.html
[33174]
[ADV-2009-0063]
[1021549]
[20090108 AST-2009-001: Information leak in IAX2 authentication]
[DSA-1952]
[4910]
[GLSA-200905-01]
[37677]
[34982]
[33453]
[http://downloads.digium.com/pub/security/AST-2009-001.html]
Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file.
[ca-antivirus-engine-security-bypass(48261)]
[ADV-2009-0270]
[1021639]
[33464]
[20090127 CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities]
[http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601]
[http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx]
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.
[https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=196148]
[33161]
[ADV-2009-0053]
[20090107 CA20090107-01: CA Service Metric Analysis and CA Service Level Management smmsnmpd Arbitrary Command Execution Vulnerability]
[4887]
[http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/07.aspx]
Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
[ADV-2009-0045]
[http://www.ocert.org/advisories/ocert-2008-016.html]
Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
[ADV-2009-0046]
[http://www.ocert.org/advisories/ocert-2008-016.html]
OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
[ADV-2009-0047]
[http://www.ocert.org/advisories/ocert-2008-016.html]
Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
[http://www.ocert.org/advisories/ocert-2008-016.html]
[34029]
[SUSE-SR:2009:005]
Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
[openssl-dsa-verify-security-bypass(47837)]
[http://www.ocert.org/advisories/ocert-2008-016.html]
ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
[openssl-dsa-verify-security-bypass(47837)]
[http://www.ocert.org/advisories/ocert-2008-016.html]
The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame.
[netgear-wndap330-frame-dos(54216)]
[ADV-2009-3212]
[36991]
[20091110 Atheros Driver Reserved Frame Vulnerability]
[59880]
[37344]
PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error."
[ADV-2009-0140]
[33268]
[20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities]
[1021593]
[33479]
[51395]
PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message.
[ADV-2009-0140]
[33268]
[20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities]
[1021593]
[33479]
[51396]
Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors.
[ADV-2009-0140]
[33268]
[20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities]
[1021594]
[33479]
[51397]
Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action.
[ADV-2009-0140]
[33268]
[20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities]
[1021594]
[33479]
[51398]
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely."
[cucm-capf-dos-var1(48139)]
[ADV-2009-0213]
[1021620]
[33379]
[20090121 Cisco Unified Communications Manager CAPF Denial of Service Vulnerability]
[33588]
The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial of service (web authentication outage or device reload) via unspecified network traffic, as demonstrated by a vulnerability scanner.
[1021679]
[33608]
[20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers]
[33749]
The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service (device reload) via a web authentication (aka WebAuth) session that includes a malformed POST request to login.html.
[1021679]
[33608]
[20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers]
[33749]
Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC driver in the Cisco 4400 WLC, Cisco Catalyst 6500 and 7600 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.1 allows remote attackers to cause a denial of service (device crash or hang) via unknown IP packets.
[1021679]
[33608]
[20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers]
[33749]
Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels.
[1021678]
[33608]
[20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers]
[33749]
Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
[ADV-2009-1155]
[http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01]
[1022116]
[brightmail-controlcenter-xss(50074)]
[34641]
[34885]
[53944]
Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allow remote authenticated users to gain privileges, and possibly obtain sensitive information or hijack sessions of arbitrary users, via vectors involving (1) administrative scripts or (2) console functions.
[ADV-2009-1155]
[http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01]
[1022117]
[brightmail-consolescripts-priv-escalation(50075)]
[34639]
[34885]
[53945]
Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.
[FEDORA-2009-0816]
[https://bugzilla.redhat.com/show_bug.cgi?id=478800]
[ADV-2009-2193]
[ADV-2009-0029]
[USN-751-1]
[1022698]
[33113]
[RHSA-2009:1055]
[RHSA-2009:0331]
[RHSA-2009:0053]
[[oss-security] 20090105 CVE request: kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID]
[DSA-1794]
[DSA-1787]
[DSA-1749]
[http://support.avaya.com/elmodocs2/security/ASA-2009-114.htm]
[36191]
[35394]
[35390]
[35174]
[35011]
[34981]
[34762]
[34680]
[34394]
[34252]
[33858]
[33854]
[33674]
[RHSA-2009:0264]
[http://patchwork.ozlabs.org/patch/15024/]
[oval:org.mitre.oval:def:10872]
[SUSE-SA:2009:031]
[SUSE-SA:2009:030]
[SUSE-SA:2009:010]
[SSSRT090149]
[SSSRT090149]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9fcb95a105758b81ef0131cd18e2db5149f13e95]
Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot. NOTE: as of 20090107, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
[33119]
[http://theinvisiblethings.blogspot.com/2009/01/attacking-intel-trusted-execution.html]
[http://invisiblethingslab.com/press/itl-press-2009-01.pdf]
[http://blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Wojtczuk]
Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file.
[https://bugs.freedesktop.org/show_bug.cgi?id=19377]
[33137]
[[oss-security] 20090106 Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included)]
Unspecified vulnerability in the nfs4rename_persistent_fh function in the NFS 4 (aka NFSv4) client in the kernel in Sun Solaris 10 and OpenSolaris before snv_102 allows local users to cause a denial of service (recursive mutex_enter and panic) via unspecified vectors.
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-139466-02-1]
[solaris-nfs4client-dos(47750)]
[ADV-2009-0030]
[1021519]
[33128]
[248566]
[33361]
[[onnv-notify] 20081021 6300710 recursive mutex_enter in nfs4rename_persistent_fh()]
Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307.
[safari-array-memory-disclosure(48214)]
[7673]
Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected.
[https://bugzilla.mozilla.org/show_bug.cgi?id=472507]
[https://bugzilla.mozilla.org/show_bug.cgi?id=456727]
[https://bugzilla.mozilla.org/show_bug.cgi?id=448329]
[33154]
[8219]
[8091]
[20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState]
[20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState]
[20090107 Firefox 3.0.5 remote vulnerability via queryCommandState]
Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element.
[ie-javascript-screen-dos(47788)]
[33149]
[http://skypher.com/index.php/2009/01/07/msie-screen-null-ptr-dos-details/]
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
[TA09-041A]
[MS09-002]
[http://www.zerodayinitiative.com/advisories/ZDI-09-011/]
[ADV-2009-0389]
[33627]
[8082]
[8080]
[8079]
[8077]
[oval:org.mitre.oval:def:6000]
[51839]
Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."
[TA09-041A]
[MS09-002]
[http://www.zerodayinitiative.com/advisories/ZDI-09-012/]
[ADV-2009-0389]
[oval:org.mitre.oval:def:6081]
The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability."
[TA09-104A]
[MS09-016]
[ADV-2009-1030]
[1022045]
[34687]
[oval:org.mitre.oval:def:6068]
[53636]
The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
[TA09-104A]
[MS09-012]
[ADV-2009-1026]
[1022044]
[oval:org.mitre.oval:def:6193]
[53666]
The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
[TA09-104A]
[MS09-012]
[ADV-2009-1026]
[1022044]
[oval:org.mitre.oval:def:6147]
[53667]
The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability."
[TA09-104A]
[MS09-012]
[ADV-2009-1026]
[1022044]
[oval:org.mitre.oval:def:6177]
[53668]
The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
[TA09-069A]
[MS09-006]
[ADV-2009-0659]
[1021826]
[34012]
[http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid=]
[http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm]
[34117]
[oval:org.mitre.oval:def:6202]
[52522]
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
[TA09-069A]
[ADV-2009-0659]
[1021827]
[34027]
[MS09-006]
[http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid=]
[http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm]
[34117]
[oval:org.mitre.oval:def:6036]
[52523]
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
[TA09-069A]
[MS09-006]
[ADV-2009-0659]
[1021827]
[34025]
[http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid=]
[http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm]
[34117]
[oval:org.mitre.oval:def:5440]
[52524]
Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability."
[TA09-104A]
[MS09-011]
[ADV-2009-1025]
[1022040]
[34460]
[http://www.piotrbania.com/all/adv/ms-directx-mjpeg-adv.txt]
[http://support.avaya.com/elmodocs2/security/ASA-2009-132.htm]
[34665]
[oval:org.mitre.oval:def:5618]
[53632]
The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
[TA09-069A]
[MS09-007]
[ADV-2009-0660]
[1021828]
[34215]
[oval:org.mitre.oval:def:6011]
[52521]
Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
[TA09-104A]
[MS09-013]
[ADV-2009-1027]
[1022041]
[34435]
[34677]
[oval:org.mitre.oval:def:6149]
[53620]
Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability."
[TA09-104A]
[MS09-010]
[ADV-2009-1024]
[1022043]
[oval:org.mitre.oval:def:5799]
[53662]
The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
[TA09-104A]
[MS09-010]
[ADV-2009-1024]
[1022043]
[oval:org.mitre.oval:def:5736]
[53663]
[20090414 Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability]
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
[TA09-104A]
[MS09-013]
[ADV-2009-1027]
[1022041]
[34437]
[34677]
[oval:org.mitre.oval:def:6027]
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
[TA09-286A]
[MS09-061]
[oval:org.mitre.oval:def:5716]
Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
[TA09-286A]
[MS09-061]
[oval:org.mitre.oval:def:6451]
Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
[TA09-069A]
[MS09-008]
[ADV-2009-0661]
[1021830]
[33989]
[http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm]
[34217]
[oval:org.mitre.oval:def:6138]
[52519]
[http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx]
[http://blog.ncircle.com/blogs/vert/archives/2009/03/successful_exploit_renders_mic.html]
The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
Per: http://www.microsoft.com/technet/security/Bulletin/MS09-008.mspx
Mitigating Factors for WPAD WINS Server Registration Vulnerability - CVE-2009-0094
Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation.
If WINS server already has WPAD and ISATAP registered than an attacker will not be able to register these as well.
[TA09-069A]
[MS09-008]
[ADV-2009-0661]
[1021829]
[34013]
[http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm]
[34217]
[oval:org.mitre.oval:def:6117]
[52520]
[http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx]
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
[TA09-041A]
[MS09-005]
[ADV-2009-0391]
[oval:org.mitre.oval:def:6179]
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
[TA09-041A]
[ADV-2009-0391]
[MS09-005]
[oval:org.mitre.oval:def:6172]
Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
[TA09-041A]
[MS09-005]
[ADV-2009-0391]
[oval:org.mitre.oval:def:6188]
Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
[TA09-041A]
[MS09-003]
[33838]
[oval:org.mitre.oval:def:6114]
[51837]
The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
[TA09-041A]
[MS09-003]
[33838]
[oval:org.mitre.oval:def:6159]
[51838]
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability."
[TA09-104A]
[MS09-009]
[ADV-2009-1023]
[1022039]
[20090415 Microsoft Office Excel Remote Memory Corruption Vulnerability]
[http://www.fortiguardcenter.com/advisory/FGA-2009-16.html]
[oval:org.mitre.oval:def:6043]
[53665]
Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
[TA09-342A]
[MS09-074]
[oval:org.mitre.oval:def:6298]
Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and the (3) apps_path[libs] parameter to lib/function.php.
[33138]
[7687]
[4888]
[33386]
SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrary SQL commands via the qType parameter in a webboard prog action.
[33131]
[7680]
[4890]
Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inject arbitrary web script or HTML via the mdfd parameter in a prog action.
[33131]
[7680]
[4890]
SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
[phpauctions-profile-sql-injection(43264)]
[33115]
[33331]
[51144]
[7672]
Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.
[33115]
[33331]
[51145]
[7672]
PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies.
[33120]
[7674]
[4891]
[33331]
[51146]
SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
[33132]
[7682]
[4892]
[33395]
SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
[33129]
[7679]
[4893]
[33395]
SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
[33135]
[7683]
[4894]
[33393]
Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters.
[pollpro-unspecified-csrf(47754)]
[4895]
[33319]
[20090103 PollPro 3.0 XSRF VuLn]
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header.
[33143]
[7691]
[4896]
[33377]
Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant."
[TA09-133A]
[ADV-2009-0513]
[http://www.adobe.com/support/security/bulletins/apsb09-01.html]
[flash-settings-manager-click-hijacking(48902)]
[ADV-2009-1297]
[ADV-2009-0743]
[http://support.apple.com/kb/HT3549]
[254909]
[1021751]
[GLSA-200903-23]
[35074]
[34293]
[34226]
[oval:org.mitre.oval:def:6662]
[APPLE-SA-2009-05-12]
[http://isc.sans.org/diary.html?storyid=5929]
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
[FEDORA-2009-3453]
[FEDORA-2009-3449]
[ADV-2010-0528]
[DSA-1767]
[http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm]
[38794]
[34759]
[34710]
[34694]
[34642]
[34418]
[oval:org.mitre.oval:def:9214]
[[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates]
[SUSE-SR:2009:008]
[SUSE-SR:2009:007]
[http://launchpad.net/bugs/cve/2009-0115]
[http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml]
Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file.
[33204]
[7720]
[4912]
The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data.
[ADV-2009-0111]
[1021547]
[33169]
[20090108 [IBM Datapower XS40] Denial of Service]
[4911]
SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[33393]
hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to correct the ownership of its configuration files within home directories.
[33249]
[https://launchpad.net/bugs/191299]
[USN-708-1]
[33539]
Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
[safari-rss-feed-info-disclosure(47917)]
[1021581]
[33234]
[33458]
[http://isc.sans.org/diary.html?storyid=5689]
[http://brian.mastenbrook.net/display/27]
The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
[FEDORA-2009-0543]
[https://bugzilla.redhat.com/show_bug.cgi?id=479650]
[33543]
[[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509]
** DISPUTED ** NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has absolutely no security ramification."
[https://bugzilla.redhat.com/show_bug.cgi?id=479655]
[20090120 CVE-2009-0125 (fwd)]
[[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto]
[SUSE-SR:2009:003]
[http://cvs.fedoraproject.org/viewvc/rpms/libnasl/F-10/libnasl.spec?r1=1.16&r2=1.17]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511517]
The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
[FEDORA-2009-0578]
[https://bugzilla.redhat.com/show_bug.cgi?id=479664]
[33828]
[33806]
[[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto]
[SUSE-SR:2009:003]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521]
[http://boinc.berkeley.edu/trac/ticket/823]
[http://boinc.berkeley.edu/trac/changeset/16883]
** DISPUTED ** M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a Linux vendor disputes the relevance of this report to the M2Crypto product because "these functions are not used anywhere in m2crypto."
[https://bugzilla.redhat.com/show_bug.cgi?id=479676]
[[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515]
plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Resource Management (aka SLURM or slurm-llnl) does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
[[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511511]
libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
[[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519]
** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid."
[[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511520]
The UFS implementation in the kernel in Sun OpenSolaris snv_29 through snv_90 allows local users to cause a denial of service (panic) via the single posix_fallocate test in the SUSv3 POSIX test suite, related to an F_ALLOCSP fcntl call.
[1021600]
[33267]
[239188]
[http://bugs.opensolaris.org/view_bug.do?bug_id=6711995]
Integer overflow in the aio_suspend function in Sun Solaris 8 through 10 and OpenSolaris, when 32-bit mode is enabled, allows local users to cause a denial of service (panic) via a large integer value in the second argument (aka nent argument).
[33188]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-59-1]
[ADV-2009-0099]
[http://www.trapkit.de/advisories/TKADV2009-001.txt]
[1021553]
[247986]
[33516]
Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue to CVE-2006-0564.
[7727]
[4914]
Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1) DoSaveFile or (2) DoSaveHtmlFile method. NOTE: vector 1 could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
[easygrid-activex-dosavefile-file-overwrite(47946)]
[33272]
[7779]
[4913]
[33537]
Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to execute arbitrary code via an Audible Audio (.aa) file with a large (1) nlen or (2) vlen Tag value, each of which triggers a heap-based buffer overflow.
[FEDORA-2009-0715]
[https://bugzilla.redhat.com/show_bug.cgi?id=479946]
[https://bugzilla.redhat.com/show_bug.cgi?id=479560]
[ADV-2009-0100]
[USN-739-1]
[1021558]
[33210]
[20090111 [TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities]
[MDVSA-2009:030]
[DSA-1706]
[http://websvn.kde.org/?view=rev&revision=908415]
[http://websvn.kde.org/?view=rev&revision=908401]
[http://websvn.kde.org/?view=rev&revision=908391]
[http://trapkit.de/advisories/TKADV2009-002.txt]
[4915]
[GLSA-200903-34]
[34407]
[34315]
[33819]
[33640]
[33522]
[33505]
[[oss-security] 20090114 CVE Request -- amarok]
[SUSE-SR:2009:003]
[http://bugs.gentoo.org/show_bug.cgi?id=254896]
[http://amarok.kde.org/en/releases/2.0.1.1]
Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure.
[FEDORA-2009-0715]
[https://bugzilla.redhat.com/show_bug.cgi?id=479946]
[https://bugzilla.redhat.com/show_bug.cgi?id=479560]
[ADV-2009-0100]
[USN-739-1]
[1021558]
[33210]
[20090111 [TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities]
[MDVSA-2009:030]
[DSA-1706]
[http://websvn.kde.org/?view=rev&revision=908415]
[http://websvn.kde.org/?view=rev&revision=908401]
[http://websvn.kde.org/?view=rev&revision=908391]
[http://trapkit.de/advisories/TKADV2009-002.txt]
[4915]
[GLSA-200903-34]
[34407]
[34315]
[33819]
[33640]
[33522]
[33505]
[[oss-security] 20090114 CVE Request -- amarok]
[SUSE-SR:2009:003]
[http://bugs.gentoo.org/show_bug.cgi?id=254896]
[http://amarok.kde.org/en/releases/2.0.1.1]
Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues."
[APPLE-SA-2009-02-12]
[APPLE-SA-2009-02-12]
[http://support.apple.com/kb/HT3438]
servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration.
[APPLE-SA-2009-02-12]
[ADV-2009-0422]
[33813]
[33759]
[http://support.apple.com/kb/HT3438]
[33937]
Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow.
[APPLE-SA-2009-02-12]
[ADV-2009-0422]
[http://support.apple.com/kb/HT3438]
[33937]
Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system name.
[APPLE-SA-2009-02-12]
[ADV-2009-0422]
[http://support.apple.com/kb/HT3438]
[33937]
XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user.
[macosx-xterm-information-disclosure(48727)]
[ADV-2009-0422]
[33798]
[http://support.apple.com/kb/HT3438]
[1021729]
[33937]
[APPLE-SA-2009-02-12]
Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic."
[ADV-2009-0422]
[33812]
[33759]
[http://support.apple.com/kb/HT3438]
[33937]
[APPLE-SA-2009-02-12]
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.
[http://support.apple.com/kb/HT3487]
[APPLE-SA-2009-03-11]
[itunes-podcast-information-disclosure(49201)]
[ADV-2009-0702]
[34094]
[1021843]
[34254]
[oval:org.mitre.oval:def:5336]
[52579]
CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[macos-cfnetwork-info-disclosure(50479)]
[ADV-2009-1297]
[1022214]
[34926]
[35074]
CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[macos-coregraphics-pdf-code-execution(50481)]
[ADV-2009-1621]
[ADV-2009-1522]
[ADV-2009-1297]
[1022209]
[34926]
[http://support.apple.com/kb/HT3639]
[http://support.apple.com/kb/HT3613]
[35379]
[35074]
[APPLE-SA-2009-06-17-1]
[APPLE-SA-2009-06-08-1]
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.
[TA09-133A]
[RHSA-2009:0430]
[FEDORA-2009-6982]
[FEDORA-2009-6973]
[FEDORA-2009-6972]
[https://bugzilla.redhat.com/show_bug.cgi?id=490612]
[ADV-2010-1040]
[ADV-2009-1621]
[ADV-2009-1297]
[ADV-2009-1077]
[ADV-2009-1066]
[ADV-2009-1065]
[1022073]
[34568]
[20090417 rPSA-2009-0059-1 poppler]
[20090417 rPSA-2009-0061-1 cups]
[RHSA-2009:0480]
[RHSA-2009:0431]
[RHSA-2009:0429]
[MDVSA-2010:087]
[MDVSA-2009:101]
[DSA-1793]
[DSA-1790]
[http://wiki.rpath.com/Advisories:rPSA-2009-0061]
[http://wiki.rpath.com/Advisories:rPSA-2009-0059]
[http://support.apple.com/kb/HT3639]
[http://support.apple.com/kb/HT3549]
[SSA:2009-129-01]
[GLSA-200904-20]
[35685]
[35618]
[35074]
[35065]
[35064]
[35037]
[34991]
[34963]
[34959]
[34852]
[34756]
[34755]
[34481]
[34291]
[RHSA-2009:0458]
[oval:org.mitre.oval:def:9632]
[SUSE-SR:2009:012]
[SUSE-SR:2009:010]
[SUSE-SA:2009:024]
[APPLE-SA-2009-05-12]
[APPLE-SA-2009-06-17-1]
[http://bugs.gentoo.org/show_bug.cgi?id=263028]
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
[TA09-133A]
[RHSA-2009:0430]
[FEDORA-2009-6982]
[FEDORA-2009-6973]
[FEDORA-2009-6972]
[https://bugzilla.redhat.com/show_bug.cgi?id=490614]
[ADV-2010-1040]
[ADV-2009-1621]
[ADV-2009-1297]
[ADV-2009-1077]
[ADV-2009-1066]
[ADV-2009-1065]
[1022073]
[34568]
[20090417 rPSA-2009-0059-1 poppler]
[20090417 rPSA-2009-0061-1 cups]
[RHSA-2009:0480]
[RHSA-2009:0431]
[RHSA-2009:0429]
[MDVSA-2010:087]
[MDVSA-2009:101]
[DSA-1793]
[DSA-1790]
[http://wiki.rpath.com/Advisories:rPSA-2009-0061]
[http://wiki.rpath.com/Advisories:rPSA-2009-0059]
[http://support.apple.com/kb/HT3639]
[http://support.apple.com/kb/HT3549]
[SSA:2009-129-01]
[GLSA-200904-20]
[35685]
[35618]
[35074]
[35065]
[35064]
[35037]
[34991]
[34963]
[34959]
[34852]
[34756]
[34755]
[34481]
[34291]
[RHSA-2009:0458]
[oval:org.mitre.oval:def:9941]
[SUSE-SR:2009:012]
[SUSE-SR:2009:010]
[SUSE-SA:2009:024]
[APPLE-SA-2009-05-12]
[APPLE-SA-2009-06-17-1]
[http://bugs.gentoo.org/show_bug.cgi?id=263028]
Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541.
[TA09-133A]
[http://sourceforge.net/project/shownotes.php?group_id=4664&release_id=679527]
[http://sourceforge.net/forum/forum.php?forum_id=947983]
[https://bugzilla.redhat.com/show_bug.cgi?id=490667]
[ADV-2009-1297]
[ADV-2009-1238]
[1022218]
[34805]
[RHSA-2009:1102]
[RHSA-2009:1101]
[[oss-security] 20090506 Re: Old cscope buffer overflow]
[DSA-1806]
[http://support.apple.com/kb/HT3549]
[[cscope-cvs] 20090410 CVS: cscope/src snprintf.c, NONE, 1.1 build.c, 1.14, 1.15 command.c, 1.32, 1.33 dir.c, 1.30, 1.31 display.c, 1.29, 1.30 edit.c, 1.6, 1.7 exec.c, 1.11, 1.12 find.c, 1.20, 1.21 global.h, 1.36, 1.37 main.c, 1.45, 1.46 Makefile.am, 1.12, 1.13 Makefile.in, 1.15, 1.16 vpaccess.c, 1.2, 1.3 vpfopen.c, 1.3, 1.4 vpopen.c, 1.4, 1.5]
[GLSA-200905-02]
[35462]
[35214]
[35213]
[35074]
[34978]
[oval:org.mitre.oval:def:9633]
[APPLE-SA-2009-05-12]
Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[macos-diskimages-code-execution-var1(50484)]
[ADV-2009-1297]
[1022217]
[34942]
[34926]
[35074]
Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[macos-diskimages-bo(50483)]
[ADV-2009-1297]
[1022217]
[34926]
[35074]
The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.
[TA09-218A]
[ADV-2009-2172]
[35954]
[http://support.apple.com/kb/HT3757]
[APPLE-SA-2009-08-05-1]
[macosx-dock-security-bypass(52421)]
[36096]
[56847]
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[macos-ichat-ssl-weak-security(50487)]
[ADV-2009-1297]
[1022212]
[34926]
[35074]
International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[FEDORA-2009-6273]
[FEDORA-2009-6121]
[https://bugzilla.redhat.com/show_bug.cgi?id=503071]
[macos-icu-security-bypass(50488)]
[ADV-2009-1621]
[ADV-2009-1522]
[ADV-2009-1297]
[34974]
[34926]
[RHSA-2009:1122]
[http://support.apple.com/kb/HT3639]
[http://support.apple.com/kb/HT3613]
[35584]
[35498]
[35436]
[35379]
[35074]
[oval:org.mitre.oval:def:11366]
[APPLE-SA-2009-06-17-1]
[APPLE-SA-2009-06-08-1]
[http://bugs.icu-project.org/trac/ticket/5691]
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[macos-ats-cff-bo(50478)]
[http://www.zerodayinitiative.com/advisories/ZDI-09-023]
[ADV-2009-1297]
[1022218]
[34926]
[20090519 ZDI-09-023: Apple OS X ATSServer Compact Font Format Parsing Memory Corruption Vulnerability]
[35074]
Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based buffer overflow.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[macos-coregraphics-pdf-bo(50482)]
[ADV-2009-1621]
[ADV-2009-1297]
[1022209]
[34926]
[http://support.apple.com/kb/HT3639]
[35074]
[APPLE-SA-2009-06-17-1]
Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[macos-launchservices-dos(50490)]
[ADV-2009-1297]
[1022215]
[34932]
[34926]
[35074]
Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[macos-cfnetwork-bo(50480)]
[ADV-2009-1297]
[1022211]
[34926]
[35074]
Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[ADV-2009-1297]
[34926]
[35074]
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
[TA09-133A]
[https://support.ntp.org/bugs/show_bug.cgi?id=1144]
[34481]
[FEDORA-2009-5275]
[FEDORA-2009-5273]
[RHSA-2009:1651]
[https://bugzilla.redhat.com/show_bug.cgi?id=490617]
[ntp-cookedprint-bo(49838)]
[ADV-2009-3316]
[ADV-2009-1297]
[ADV-2009-0999]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-777-1]
[1022033]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[MDVSA-2009:092]
[GLSA-200905-08]
[DSA-1801]
[http://support.apple.com/kb/HT3549]
[SSA:2009-154-01]
[37471]
[35630]
[35416]
[35336]
[35308]
[35253]
[35169]
[35166]
[35138]
[35137]
[35074]
[34608]
[RHSA-2009:1040]
[RHSA-2009:1039]
[oval:org.mitre.oval:def:9634]
[oval:org.mitre.oval:def:8665]
[oval:org.mitre.oval:def:8386]
[oval:org.mitre.oval:def:5411]
[53593]
[http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565]
[SUSE-SR:2009:011]
[APPLE-SA-2009-05-12]
[http://bugs.pardus.org.tr/show_bug.cgi?id=9532]
[NetBSD-SA2009-006]
QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[ADV-2009-1297]
[1022209]
[34937]
[34926]
[35074]
The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[macos-opensslocsp-weak-security(50592)]
[ADV-2009-1297]
[34926]
[35074]
Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[APPLE-SA-2009-05-12]
[APPLE-SA-2009-05-12]
[safari-feedurl-code-execution(50476)]
[ADV-2009-1298]
[ADV-2009-1297]
[1022206]
[34925]
[http://support.apple.com/kb/HT3550]
[35074]
[35056]
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.
[https://bugzilla.redhat.com/show_bug.cgi?id=490596]
[USN-760-1]
[1022070]
[34571]
[20090417 rPSA-2009-0061-1 cups]
[RHSA-2009:0429]
[RHSA-2009:0428]
[DSA-1773]
[http://www.cups.org/str.php?L3031]
[http://www.cups.org/articles.php?L582]
[http://wiki.rpath.com/Advisories:rPSA-2009-0061]
[GLSA-200904-20]
[34852]
[34756]
[34747]
[34722]
[34481]
[oval:org.mitre.oval:def:11546]
[SUSE-SA:2009:024]
The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.
[TA09-133A]
[https://bugzilla.redhat.com/show_bug.cgi?id=490597]
[http://www.cups.org/str.php?L3118]
[http://www.cups.org/articles.php?L582]
[ADV-2009-1297]
[34665]
[20090417 rPSA-2009-0061-1 cups]
[http://wiki.rpath.com/Advisories:rPSA-2009-0061]
[http://support.apple.com/kb/HT3549]
[GLSA-200904-20]
[35074]
[APPLE-SA-2009-05-12]
[http://bugs.gentoo.org/show_bug.cgi?id=263070]
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."
[TA09-133A]
[http://bugs.gentoo.org/show_bug.cgi?id=263028]
[multiple-jbig2-unspecified(50377)]
[ADV-2009-1621]
[ADV-2009-1297]
[34568]
[MDVSA-2009:101]
[DSA-1793]
[DSA-1790]
[http://support.apple.com/kb/HT3639]
[http://support.apple.com/kb/HT3549]
[SSA:2009-129-01]
[35685]
[35074]
[35065]
[35037]
[34991]
[34959]
[34852]
[SUSE-SR:2009:012]
[SUSE-SR:2009:010]
[SUSE-SA:2009:024]
[APPLE-SA-2009-05-12]
[APPLE-SA-2009-06-17-1]
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.
[ADV-2009-1066]
[34568]
[RHSA-2009:0480]
[RHSA-2009:0431]
[RHSA-2009:0430]
[RHSA-2009:0429]
[DSA-1793]
[DSA-1790]
[RHSA-2009:0458]
[FEDORA-2009-6982]
[FEDORA-2009-6973]
[FEDORA-2009-6972]
[https://bugzilla.redhat.com/show_bug.cgi?id=490625]
[ADV-2010-1040]
[ADV-2009-1077]
[ADV-2009-1065]
[1022073]
[20090417 rPSA-2009-0061-1 cups]
[MDVSA-2010:087]
[MDVSA-2009:101]
[http://wiki.rpath.com/Advisories:rPSA-2009-0061]
[SSA:2009-129-01]
[GLSA-200904-20]
[35685]
[35618]
[35065]
[35064]
[35037]
[34991]
[34963]
[34959]
[34852]
[34756]
[34755]
[34481]
[34291]
[oval:org.mitre.oval:def:9778]
[SUSE-SR:2009:012]
[SUSE-SR:2009:010]
[SUSE-SA:2009:024]
Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to enumeration of "wrong printers," aka a "Temporary file vulnerability."
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-139390-01-1]
[ADV-2009-0155]
[1021601]
[33269]
[http://support.avaya.com/elmodocs2/security/ASA-2009-026.htm]
[249306]
[33705]
[33488]
[oval:org.mitre.oval:def:6175]
[http://opensolaris.org/os/bug_reports/request_sponsor/]
Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to a failure to "include all cache files," and improper handling of temporary files.
[249306]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-139390-01-1]
[solaris-ppdmgr-dos(48143)]
[ADV-2009-0155]
[1021601]
[33269]
[http://support.avaya.com/elmodocs2/security/ASA-2009-026.htm]
[33705]
[33488]
[oval:org.mitre.oval:def:5503]
[http://opensolaris.org/os/bug_reports/request_sponsor/]
Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm.
[33266]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1]
[sun-jsam-subrealm-privilege-escalation(47944)]
[ADV-2009-0157]
[1021604]
[249106]
Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console.
[33265]
[242166]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1]
[sun-jsam-password-info-disclosure(47942)]
[ADV-2009-0156]
[1021605]
The Sun SPARC Enterprise M4000 and M5000 Server, within a certain range of serial numbers, allows remote attackers to use the manufacturing root password, perform a root login to the eXtended System Control Facility Unit (aka XSCFU or Service Processor), and have unspecified other impact.
[ADV-2009-0207]
[1021602]
[33280]
[249126]
Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream.
[33258]
[http://www-01.ibm.com/support/docview.wss?uid=swg21363936]
[ibm-db2-connect-stream-dos(47931)]
[ADV-2009-0137]
[IZ37696]
[1021591]
[33529]
[ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT]
[ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT]
[ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT]
Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users to cause a denial of service (trap) via a crafted data stream.
[http://www-01.ibm.com/support/docview.wss?uid=swg21363936]
[ibm-db2-datastream-dos(47934)]
[ADV-2009-0137]
[33258]
[IZ39652]
[1021591]
[33529]
[ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT]
[ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT]
[ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT]
Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers to execute arbitrary code via a long .asf URI in the HREF attribute of a REF element in a .asx file.
[vuplayer-asx-bo(47851)]
[33185]
[7715]
[7714]
[7713]
[7709]
[4918]
Heap-based buffer overflow in Heathco Software MP3 TrackMaker 1.5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an invalid .mp3 file.
[mp3trackmaker-mp3-bo(47852)]
[33183]
[7708]
[4920]
Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to "symWidths"; or (2) a crafted data stream in a .pdf file, related to "bitmaps."
[33224]
[http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119]
[http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118]
[33534]
[20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller 'bitmaps' Heap Overflow Vulnerability]
[20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller 'symWidths' Heap Overflow Vulnerability]
vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.
[http://www.vmware.com/security/advisories/VMSA-2009-0005.html]
[20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues]
[[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues]
[ADV-2009-0944]
[ADV-2009-0024]
[1021512]
[34373]
[34601]
[33372]
[oval:org.mitre.oval:def:6433]
[51180]
[7647]
Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 has unknown impact and attack vectors.
[ibm-hmc-unspecified(48010)]
[http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4521]
[ADV-2009-0158]
[33293]
[33518]
[51432]
libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file.
[FEDORA-2009-9112]
[FEDORA-2009-9095]
[https://bugzilla.redhat.com/show_bug.cgi?id=479833]
[33240]
[34259]
[[oss-security] 20090113 CVE Request -- libmikmod]
[SUSE-SR:2009:006]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476339]
Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376.
[FEDORA-2009-0297]
[FEDORA-2009-0266]
[https://bugzilla.redhat.com/show_bug.cgi?id=477864]
[nfsutils-tcpwrapper-security-bypass(48058)]
[33294]
[33545]
Buffer overflow in VUPlayer allows user-assisted attackers to have an unknown impact via a long file, as demonstrated by a file composed entirely of 'A' characters.
[vuplayer-file-bo(48169)]
[20090106 VUPLAYER BufferOver flow POC]
[4921]
Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line.
[vuplayer-fileline-bo(48170)]
[7695]
[4923]
Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request.
[ADV-2009-0302]
[33554]
[20090202 Secunia Research: Free Download Manager Remote Control Server Buffer Overflow]
[7986]
[http://secunia.com/secunia_research/2009-3/]
[33524]
[51745]
Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file.
[ADV-2009-0302]
[33555]
[20090202 Secunia Research: Free Download Manager Torrent Parsing Buffer Overflows]
[http://secunia.com/secunia_research/2009-5/]
[33524]
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file.
[ADV-2009-1469]
[http://support.apple.com/kb/HT3591]
[APPLE-SA-2009-06-01-1]
[quicktime-msadpcm-bo(50894)]
[1022314]
[35163]
[20090602 Secunia Research: Apple QuickTime MS ADPCM Encoding Buffer Overflow]
[http://secunia.com/secunia_research/2009-6/]
[35091]
[54879]
Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.
[libsndfile-caf-bo(49038)]
[ADV-2009-0585]
[ADV-2009-0584]
[USN-749-1]
[1021784]
[33963]
[20090303 Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability]
[20090303 Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability]
[http://www.mega-nerd.com/libsndfile/NEWS]
[DSA-1742]
[GLSA-200904-16]
[http://secunia.com/secunia_research/2009-8/]
[http://secunia.com/secunia_research/2009-7/]
[34791]
[34642]
[34526]
[34316]
[33981]
[33980]
[SUSE-SR:2009:008]
Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message.
[ADV-2009-0521]
[33894]
[orbitdownloader-connecting-bo(48932)]
[20090225 Secunia Research: Orbit Downloader Long URL Parsing Buffer Overflow]
[http://secunia.com/secunia_research/2009-9/]
[33843]
[52294]
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file.
[ADV-2009-1469]
[http://support.apple.com/kb/HT3591]
[APPLE-SA-2009-06-01-1]
[quicktime-sorensonvideo-code-execution(50886)]
[1022314]
[35159]
[20090602 Secunia Research: QuickTime Sorenson Video 3 Content Parsing Vulnerability]
[http://secunia.com/secunia_research/2009-10/]
[35091]
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1012. Reason: This candidate is a reservation duplicate of CVE-2009-1012. Notes: All CVE users should reference CVE-2009-1012 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1016. Reason: This candidate is a reservation duplicate of CVE-2009-1016. Notes: All CVE users should reference CVE-2009-1016 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of an uninitialized memory location.
[ADV-2009-0634]
[http://www.foxitsoftware.com/pdf/reader/security.htm#Processing]
[foxitreader-jbig2-code-execution(49135)]
[1021822]
[34035]
[20090309 Secunia Research: Foxit Reader JBIG2 Symbol Dictionary Processing Vulnerability]
[http://secunia.com/secunia_research/2009-11/]
[34036]
Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow.
[edirectory-imonitor-acceptlanguage-bo(51703)]
[ADV-2009-1883]
[35666]
[20090714 Secunia Research: Novell eDirectory iMonitor "Accept-Language" Buffer Overflow]
[http://www.novell.com/support/viewContent.do?externalId=3426981]
[http://secunia.com/secunia_research/2009-13/]
[34160]
[55847]
Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.
[34229]
[http://www.adobe.com/support/security/bulletins/apsb09-04.html]
[ADV-2009-1019]
[1021892]
[20090325 Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow]
[RHSA-2009:0376]
[256788]
[GLSA-200904-17]
[http://secunia.com/secunia_research/2009-14/]
[34790]
[34706]
[34490]
[34392]
[SUSE-SR:2009:009]
[SUSE-SA:2009:014]
The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the user, which allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a "synchronisation error."
[communicator-domain-security-bypass(50360)]
[34858]
[20090507 Secunia Research: Garmin Communicator Plug-In Domain Locking Security Bypass]
[1022173]
[http://secunia.com/secunia_research/2009-16/]
[34326]
[54258]
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.
[ADV-2010-1040]
[34791]
[20090417 Secunia Research: Xpdf JBIG2 Symbol Dictionary Buffer Overflow Vulnerability]
[20090417 Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow]
[RHSA-2009:0480]
[MDVSA-2010:087]
[http://secunia.com/secunia_research/2009-18/]
[http://secunia.com/secunia_research/2009-17/]
[35064]
[34963]
[34756]
[34481]
[34291]
[RHSA-2009:0458]
[oval:org.mitre.oval:def:10076]
Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
[34445]
[FEDORA-2009-3710]
[FEDORA-2009-3709]
[https://bugzilla.redhat.com/attachment.cgi?id=337747]
[ADV-2009-1708]
[ADV-2009-0983]
[USN-757-1]
[1022029]
[20090417 rPSA-2009-0060-1 ghostscript]
[20090409 Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow]
[RHSA-2009:0421]
[MDVSA-2009:095]
[http://wiki.rpath.com/Advisories:rPSA-2009-0060]
[262288]
[http://secunia.com/secunia_research/2009-21/]
[35569]
[35559]
[35416]
[34732]
[34729]
[34667]
[34292]
[oval:org.mitre.oval:def:10533]
[53492]
[SUSE-SR:2009:011]
[SUSE-SR:2009:009]
Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large XPM file that triggers a heap-based buffer overflow.
[irfanview-formatsplugin-xpm-bo(49717)]
[ADV-2009-0953]
[http://www.irfanview.com/plugins.htm]
[34402]
[20090407 Secunia Research: IrfanView Formats Plug-in XPM Parsing Integer Overflow]
[53323]
[http://secunia.com/secunia_research/2009-20/]
[34525]
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF file that contains JBIG2 text region segments with Huffman encoding.
[TA09-161A]
[ADV-2009-1547]
[http://www.adobe.com/support/security/bulletins/apsb09-07.html]
[reader-acrobat-jbig2-code-exec(51015)]
[35302]
[35274]
[20090610 Secunia Research: Adobe Reader JBIG2 Text Region Segment Buffer Overflow]
[RHSA-2009:1109]
[1022361]
[GLSA-200907-06]
[http://secunia.com/secunia_research/2009-24/]
[35734]
[35685]
[35655]
[35496]
[34580]
[SUSE-SR:2009:012]
[SUSE-SA:2009:035]
Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters).
[ADV-2009-2553]
[http://www.vmware.com/security/advisories/VMSA-2009-0012.html]
[[security-announce] 20090904 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.]
[36290]
[20090905 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.]
[http://secunia.com/secunia_research/2009-25/]
[34938]
Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.
[ADV-2009-2490]
[36200]
[20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Integer Underflow]
[MDVSA-2010:105]
[MDVSA-2010:091]
[MDVSA-2010:035]
[DSA-1880]
[1020715]
[263508]
[http://secunia.com/secunia_research/2009-26/]
[36750]
[35036]
[oval:org.mitre.oval:def:10881]
[SUSE-SR:2009:015]
[http://development.openoffice.org/releases/3.1.1.html]
Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."
[ADV-2009-2490]
[1022798]
[36200]
[20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Buffer Overflow]
[MDVSA-2010:105]
[MDVSA-2010:091]
[MDVSA-2010:035]
[DSA-1880]
[1020715]
[263508]
[http://secunia.com/secunia_research/2009-27/]
[36750]
[35036]
[oval:org.mitre.oval:def:10726]
[SUSE-SR:2009:015]
[http://development.openoffice.org/releases/3.1.1.html]
Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
[ms-powerpoint-freelance-bo(51034)]
[35275]
[20090610 Secunia Research: Microsoft PowerPoint Freelance Layout Parsing Vulnerability]
[54961]
[1022369]
[http://secunia.com/secunia_research/2009-29/]
[35184]
Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[HPSBMA02403]
[selectaccess-unspecified-xss(48334)]
[ADV-2009-0296]
[33505]
[1021641]
[33713]
[HPSBMA02403]
Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier for HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
[SSRT080182]
[hpux-nfs-dos(48556)]
[ADV-2009-0350]
[33653]
[33860]
Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local users to gain root privileges via unknown vectors.
[34226]
[SSRT080171]
[SSRT080171]
[hpux-veritas-unspecified-priv-escalation(49403)]
[ADV-2009-0823]
[1021891]
[34419]
[oval:org.mitre.oval:def:6352]
Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors.
[HPSBGN02410]
[HPSBGN02410]
PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors.
[20090930 C4 SCADA Security Advisory - OSISoft PI Server Authentication Weakness]
Buffer overflow in the MLF application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service (system crash) via unspecified vectors, aka PD28578.
Per http://www.kb.cert.org/vuls/id/337569
"III. Solution
Apply Patch Users of e-terrahabitat version 5.5, 5.6, and 5.7 should apply the e-terrahabitat_560_P20081030_SEC patch immediately."
[VU#337569]
[33637]
[20090205 C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities]
[http://www.scada-security.com/vulnerabilities/areva1.html]
[33837]
Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32018.
[VU#337569]
[33637]
[20090205 C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities]
[http://www.scada-security.com/vulnerabilities/areva1.html]
[33837]
Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32020.
Per http://www.kb.cert.org/vuls/id/337569
"III. Solution
Apply Patch Users of e-terrahabitat version 5.5, 5.6, and 5.7 should apply the e-terrahabitat_560_P20081030_SEC patch immediately."
[VU#337569]
[33637]
[20090205 C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities]
[http://www.scada-security.com/vulnerabilities/areva1.html]
[33837]
Unspecified vulnerability in the NETIO application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32021.
Per http://www.kb.cert.org/vuls/id/337569
"III. Solution
Apply Patch
Users of e-terrahabitat version 5.5, 5.6, and 5.7 should apply the e-terrahabitat_560_P20081030_SEC patch immediately."
[VU#337569]
[33637]
[20090205 C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities]
[http://www.scada-security.com/vulnerabilities/areva1.html]
[33837]
Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote authenticated users to gain privileges via unknown vectors, aka PD32022.
Per http://www.kb.cert.org/vuls/id/337569
"III. Solution
Apply Patch Users of e-terrahabitat version 5.5, 5.6, and 5.7 should apply the e-terrahabitat_560_P20081030_SEC patch immediately."
[VU#337569]
[33637]
[20090205 C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities]
[http://www.scada-security.com/vulnerabilities/areva1.html]
[33837]
Stack-based buffer overflow in the GetXMLValue method in the IBM Access Support ActiveX control in IbmEgath.dll, as distributed on IBM and Lenovo computers, allows remote attackers to execute arbitrary code via unspecified vectors.
[VU#340420]
[ibm-access-activex-bo(49409)]
[ADV-2009-0824]
[34228]
[34470]
[52958]
GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module.
[VU#310355]
[gefanucifix-multiple-unauth-access(48691)]
[33739]
[http://www.mcgrewsecurity.com/2009/02/10/ge-fanuc-releases-info-on-ifix-vulnerabilities-vu-310355/]
[http://support.gefanuc.com/support/index?page=kbchannel&id=S:KB13253&actp=search]
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
[TA10-159B]
[TA09-294A]
[VU#466161]
[ADV-2009-1911]
[ADV-2009-1909]
[ADV-2009-1908]
[ADV-2009-1900]
[35671]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html]
[http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925]
[PK80627]
[PK80596]
[FEDORA-2009-8473]
[FEDORA-2009-8456]
[FEDORA-2009-8337]
[FEDORA-2009-8329]
[RHSA-2009:1650]
[RHSA-2009:1649]
[RHSA-2009:1637]
[RHSA-2009:1636]
[RHSA-2009:1428]
[RHSA-2009:1201]
[RHSA-2009:1200]
[https://issues.apache.org/bugzilla/show_bug.cgi?id=47527]
[https://issues.apache.org/bugzilla/show_bug.cgi?id=47526]
[https://bugzilla.redhat.com/show_bug.cgi?id=511915]
[http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html]
[http://www.w3.org/2008/06/xmldsigcore-errata.html#e03]
[ADV-2010-0635]
[ADV-2010-0366]
[ADV-2009-3122]
[ADV-2009-2543]
[USN-826-1]
[USN-903-1]
[1022661]
[1022567]
[1022561]
[RHSA-2009:1694]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html]
[http://www.openoffice.org/security/cves/CVE-2009-0217.html]
[http://www.mono-project.com/Vulnerabilities]
[MS10-041]
[MDVSA-2009:209]
[http://www.kb.cert.org/vuls/id/WDON-7TY529]
[http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ]
[DSA-1995]
[http://www.aleksey.com/xmlsec/]
[http://svn.apache.org/viewvc?revision=794013&view=revision]
[1020710]
[269208]
[263429]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1]
[38921]
[38695]
[38568]
[38567]
[37841]
[37671]
[37300]
[36494]
[36180]
[36176]
[36162]
[35858]
[35855]
[35854]
[35853]
[35852]
[35776]
[oval:org.mitre.oval:def:8717]
[oval:org.mitre.oval:def:7158]
[oval:org.mitre.oval:def:10186]
[55907]
[55895]
[HPSBUX02476]
[HPSBUX02476]
[SUSE-SA:2010:017]
[SUSE-SA:2009:053]
[APPLE-SA-2009-09-03-1]
[http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7]
[http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7]
[http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161]
Insecure method vulnerability in Particle Software IntraLaunch Application Launcher ActiveX control in IntraLaunch.ocx, as used in LDRA TBbrowse and possibly other products, allows remote attackers to execute arbitrary code via unknown vectors.
[http://www.kb.cert.org/vuls/id/WDON-7Q4RZN]
[http://www.kb.cert.org/vuls/id/MAPG-7PYRP4]
[VU#908801]
[intralaunch-activex-code-execution(49684)]
[34395]
The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.
[1021559]
[33250]
[http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119]
[http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118]
[33534]
[20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller Uninitialized Memory Vulnerability]
Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
[TA09-132A]
[MS09-017]
[ADV-2009-1290]
[1022205]
[34833]
[32428]
[oval:org.mitre.oval:def:5610]
[54386]
[20090512 Microsoft PowerPoint PPT 4.0 Importer Multiple Stack Buffer Overflow Vulnerabilities]
Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
[TA09-132A]
[MS09-017]
[ADV-2009-1290]
[1022205]
[34835]
[32428]
[oval:org.mitre.oval:def:6127]
[54394]
[20090512 Microsoft PowerPoint Integer Overflow Vulnerability]
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
[TA09-132A]
[MS09-017]
[http://www.vupen.com/exploits/Microsoft_PowerPoint_Pointer_Overwrite_Code_Execution_Exploit_MS09_017_1290123.php]
[http://www.vupen.com/exploits/Microsoft_PowerPoint_Memory_Corruption_Code_Execution_Exploit_MS09_017_1290124.php]
[ADV-2009-1290]
[1022205]
[34831]
[32428]
[oval:org.mitre.oval:def:6143]
[54382]
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
[TA09-132A]
[MS09-017]
[ADV-2009-1290]
[1022205]
[34834]
[32428]
[oval:org.mitre.oval:def:6269]
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 2003 and 2007 SP1 and SP2; PowerPoint in Microsoft Office 2004 for Mac and 2008 for Mac; Open XML File Format Converter for Mac; Microsoft Works 8.5 and 9.0; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly validate PowerPoint files, which allows remote attackers to execute arbitrary code via multiple crafted BuildList records that include ChartBuild containers, which triggers memory corruption, aka "Memory Corruption Vulnerability."
[TA09-132A]
[MS09-017]
[ADV-2009-1290]
[1022205]
[34879]
[32428]
[oval:org.mitre.oval:def:6023]
[20090512 Microsoft PowerPoint Build List Memory Corruption Vulnerability]
Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
[TA09-132A]
[MS09-017]
[http://www.vupen.com/exploits/Microsoft_PowerPoint_Array_Indexing_Code_Execution_Exploit_MS09_017_1290125.php]
[ADV-2009-1290]
[1022205]
[34880]
[32428]
[oval:org.mitre.oval:def:5526]
[54388]
Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
[TA09-132A]
[MS09-017]
[ADV-2009-1290]
[1022205]
[34881]
[32428]
[oval:org.mitre.oval:def:6106]
[20090512 Microsoft PowerPoint 4.2 Conversion Filter Stack Overflow]
Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
[TA09-132A]
[MS09-017]
[ADV-2009-1290]
[1022205]
[34882]
[32428]
[oval:org.mitre.oval:def:6239]
[54384]
[20090512 Microsoft PowerPoint 4.2 Conversion Filter Stack Buffer Overflow Vulnerability]
Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
[TA09-160A]
[MS09-022]
[ADV-2009-1541]
[1022352]
[35206]
[http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm]
[35365]
[oval:org.mitre.oval:def:6317]
[54932]
[20090609 Microsoft Windows 2000 Print Spooler Remote Stack Buffer Overflow Vulnerability]
The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
[TA09-160A]
[MS09-022]
[ADV-2009-1541]
[1022352]
[35208]
[http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm]
[35365]
[oval:org.mitre.oval:def:5815]
[54933]
The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
[TA09-160A]
[MS09-022]
[ADV-2009-1541]
[1022352]
[35209]
[http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm]
[35365]
[oval:org.mitre.oval:def:6287]
[54934]
The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
[TA09-195A]
[MS09-029]
[ADV-2009-1887]
[1022543]
[oval:org.mitre.oval:def:5457]
[55842]
[20090714 Microsoft Embedded OpenType Font Engine (T2EMBED.DLL) Heap Buffer Overflow Vulnerability]
Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
[TA09-195A]
[MS09-029]
[ADV-2009-1887]
[1022543]
[oval:org.mitre.oval:def:5678]
The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
[TA09-069A]
[MS09-008]
[ADV-2009-0661]
[1021831]
[33982]
[http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm]
[34217]
[oval:org.mitre.oval:def:6228]
[52517]
[http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx]
The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
[TA09-069A]
[VU#319331]
[MS09-008]
[ADV-2009-0661]
[1021831]
[33988]
[http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm]
[34217]
[oval:org.mitre.oval:def:5715]
[52518]
[http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx]
Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
[TA09-104A]
[MS09-010]
[ADV-2009-1024]
[1022043]
[34470]
[oval:org.mitre.oval:def:5893]
[53664]
[20090414 Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability]
Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via "authentication input" to this component, aka "Cross-Site Scripting Vulnerability."
[TA09-104A]
[MS09-016]
[ADV-2009-1030]
[1022046]
[34687]
[oval:org.mitre.oval:def:5771]
[53637]
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.
[TA09-104A]
[ms-excel-unspecified-code-execution(48875)]
[ADV-2009-1023]
[http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99]
[33870]
[MS09-009]
[http://www.microsoft.com/technet/security/advisory/968272.mspx]
[1021744]
[oval:org.mitre.oval:def:5968]
[http://isc.sans.org/diary.html?storyid=5923]
[http://blogs.zdnet.com/security/?p=2658]
Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
[TA09-160A]
[MS09-023]
[ADV-2009-1542]
[1022353]
[35366]
[oval:org.mitre.oval:def:5428]
[54935]
listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.
[websvn-listing-information-disclosure(48171)]
[[oss-security] 20090118 CVE request: WebSVN]
[GLSA-200903-20]
[DSA-1725]
[34191]
[33945]
[32338]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512191]
Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname.
[33299]
[[Ganglia-developers] 20090113 patches for: [Sec] Gmetad server BoF and network overload + [Feature] multiple requests per conn on interactive port]
[GLSA-200903-22]
[35416]
[34228]
[33506]
[SUSE-SR:2009:011]
[http://bugzilla.ganglia.info/cgi-bin/bugzilla/show_bug.cgi?id=223]
** REJECT ** gmetad in Ganglia 3.1.1, when supporting multiple requests per connection on an interactive port, allows remote attackers to cause a denial of service via a request to the gmetad service with a path does not exist, which causes Ganglia to (1) perform excessive CPU computation and (2) send the entire tree, which consumes network bandwidth. NOTE: the vendor and original researcher have disputed this issue, since legitimate requests can generate the same amount of resource consumption. CVE concurs with the dispute, so this identifier should not be used.
Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device; (5) allows user-assisted remote attackers to execute arbitrary code by mapping a network drive; and allows user-assisted attackers to execute arbitrary code by clicking on (6) an icon under My Computer\Devices with Removable Storage and (7) an option in an AutoPlay dialog, related to the Autorun.inf file. NOTE: vectors 1 and 3 on Vista are already covered by CVE-2008-0951.
[TA09-020A]
[1021629]
[http://isc.sans.org/diary.html?storyid=5695]
Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.
per: http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html
"Non vulnerable products: Windows Mobile devices 5.0 and 6 not using Microsoft Bluetooth Stack (for example: ASUS P525, ASUS P535, ... using Widcomm/Broadcom Bluetooth Stack)"
[winmobile-obexftp-directory-traversal(48124)]
[http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html]
[33359]
[20090119 Microsoft Bluetooth Stack OBEX Directory Traversal]
[4938]
[33598]
Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4629.
[http://usagi-project.org/PRESS/archives/57]
[33145]
[33409]
[JVNDB-2009-000001]
[JVN#36802959]
Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Radiance RGBE (aka .hdr) file.
[easyhdrpro-hdr-bo(48119)]
[ADV-2009-0190]
[33363]
[20090120 Secunia Research: EasyHDR Pro Radiance RGBE Buffer Overflow]
[4941]
[http://secunia.com/secunia_research/2008-61/]
[33468]
[51609]
[http://easyhdr.com/version.php]
The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting (XSS), which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable.
[53kfwebim-msg-xss(48096)]
[33341]
[20090119 53KF Web IM 2009 Cross-Site Scripting Vulnerabilities]
Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter.
[rankem-siteid-xss(48072)]
[rankem-rankup-xss(48071)]
[33324]
[7805]
Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb.
[rankem-topsites-information-disclosure(48070)]
[7805]
Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password.
[phosheezy-configpassword-info-disclosure(48056)]
[7780]
[4935]
[33531]
[51411]
Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these details are obtained from third party information.
[7780]
[4935]
[33531]
[51412]
Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are obtained from third party information.
[ereservations-login-sql-injection(48062)]
[33321]
[7801]
[33578]
[51456]
Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack.
[firefox-onclickaction-click-hijacking(48212)]
[7842]
[4936]
Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Flexible Image Transport System (FITS) file. NOTE: some of these details are obtained from third party information.
[ADV-2009-0190]
[33363]
[33468]
[51608]
[http://easyhdr.com/version.php]
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
[typo3-installtool-weak-security(48132)]
[33376]
[DSA-1711]
[http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/]
[33679]
[33617]
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.
[typo3-library-session-hijacking(48133)]
[33376]
[DSA-1711]
[http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/]
[33679]
[33617]
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.
[typo3-adodb-xss(48137)]
[typo3-workspace-xss(48136)]
[typo3-indexedsearchengine-xss(48135)]
[typo3-library-session-hijacking(48133)]
[33376]
[DSA-1711]
[http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/]
[33679]
[33617]
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.
[typo3-indexedsearch-command-execution(48138)]
[33376]
[[oss-security] 20090123 Re: CVE id request: typo3 SA-2009-001]
[DSA-1711]
[http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/]
[33679]
[33617]
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.
[openoffice-wordprocessor-code-execution(48213)]
[33383]
[[oss-security] 20090121 CVE Request -- openoffice.org (CVE-2008-4841)]
[6560]
[http://milw0rm.com/sploits/2008-crash.doc.rar]
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).
[33365]
[moinmoin-attachfilepy-xss(48126)]
[ADV-2009-0195]
[USN-716-1]
[20090120 MoinMoin Wiki Engine XSS Vulnerability]
[33755]
[33716]
[33593]
[51485]
[http://moinmo.in/SecurityFixes#moin1.8.1]
[DSA-1715]
[http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1]
Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 allows user-assisted attackers to execute arbitrary code via a Skins\DefaultSkin\DefaultSkin.ini file with a large ColumnHeaderSpan value.
[totalvideoplayer-defaultskin-bo(48140)]
[33373]
[7839]
Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information.
[ADV-2009-0097]
[33221]
[33496]
[7737]
Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.
[ADV-2009-0113]
[33226]
[33478]
[7742]
Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier has unknown impact and attack vectors.
[http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html]
[systemcast-registrytool-bo(48315)]
[33644]
Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.
[https://www.isc.org/node/373]
[ADV-2009-0043]
[MDVSA-2009:037]
[SSA:2009-014-02]
[33559]
[http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33]
Stack-based buffer overflow in Triologic Media Player 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3l playlist file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[33496]
libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-2989.
[33407]
[247406]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-113451-15-1]
[sun-solaris-libike-dos(48178)]
[http://support.avaya.com/elmodocs2/security/ASA-2009-032.htm]
[33702]
[oval:org.mitre.oval:def:6116]
Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl.
[33406]
[249586]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-113685-07-1]
[solaris-pseudo-terminal-dos(48179)]
[1021640]
[http://support.avaya.com/elmodocs2/security/ASA-2009-034.htm]
[33708]
[oval:org.mitre.oval:def:6061]
fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index.
[33412]
[[ecryptfs-devel] 20081222 Re: [PATCH, v5] eCryptfs: check readlink result was not an error before using it]
[[ecryptfs-devel] 20081222 Re: [PATCH, v5] eCryptfs: check readlink result was not an error before using it]
[linux-kernel-readlink-bo(48188)]
[ADV-2009-3316]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-751-1]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:0360]
[RHSA-2009:0326]
[MDVSA-2009:118]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.1]
[DSA-1787]
[DSA-1749]
[37471]
[35394]
[35390]
[34981]
[34502]
[34394]
[33758]
[oval:org.mitre.oval:def:8944]
[oval:org.mitre.oval:def:8169]
[SUSE-SA:2009:031]
[SUSE-SA:2009:030]
[SUSE-SA:2009:010]
[http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=a17d5232de7b53d34229de79ec22f4bb04adb7e4]
Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet.
[http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html]
[http://www.wintercore.com/advisories/advisory_W010109.html]
[ADV-2009-0176]
[33342]
[20090119 [Wintercore Research ] Fujitsu SystemcastWizard Lite PXEService Remote Buffer Overflow.]
[33594]
[51486]
Directory traversal vulnerability in the TFTP service in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors.
[33344]
[http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html]
[ADV-2009-0176]
[33594]
[51487]
Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors.
[20090130 PR08-21: Cross-site Request Forgery (CSRF) on Novell GroupWise WebAccess allows email theft and other attacks]
[http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21]
[http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002319]
[33744]
Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments.
[33541]
[33537]
[20090130 PR08-23: XSS on Novell GroupWise WebAccess]
[20090130 PR08-22: Persistent XSS on Novell GroupWise WebAccess]
[http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23]
[http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22]
[http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321]
[http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320]
[33744]
Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests.
[33559]
[http://www.novell.com/support/viewContent.do?externalId=7002322]
[33744]
Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[51412]
[33531]
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame.
[http://src.chromium.org/viewvc/chrome?view=rev&revision=8524]
[http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes]
[33754]
[http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html]
[http://codereview.chromium.org/18531]
Unspecified vulnerability in the kernel in OpenSolaris snv_100 through snv_102 on the Sun UltraSPARC T2 and T2+ sun4v platforms allows local users to cause a denial of service (panic) via unknown vectors.
[250066]
[solaris-ultrasparct2-dos(48164)]
[ADV-2009-0209]
[33398]
Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request.
[245446]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-119166-35-1]
[javasystem-webinf-metainf-info-disclosure(48161)]
[ADV-2009-0208]
[33397]
[33725]
[51604]
SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
[pardalcms-comentar-sql-injection(48175)]
[33404]
[7851]
Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1.
[aspproject-cookie-security-bypass(48172)]
[33401]
[20090122 Asp-project Cookie Handling]
[7850]
SQL injection vulnerability in login.aspx in WarHound Walking Club allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
[walkingclub-login-sql-injection(48061)]
[33317]
[7802]
Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error.
[33340]
[20090118 Ralinktech wireless cards drivers vulnerability]
[DSA-1714]
[DSA-1713]
[DSA-1712]
[GLSA-200907-08]
[35743]
[33699]
[33592]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512995]
Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter.
[33416]
[20090124 Re: Oblog XSS valnerability]
[20090123 Oblog XSS valnerability]
SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
[33422]
[7862]
[http://www.flaxweb.com/products/articles]
[33625]
Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.
[bbsxp-error-xss(48187)]
[33411]
[20090123 BBSxp Xss vulnerability]
Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter.
[33421]
[7863]
[51635]
SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password.
[33425]
[http://sourceforge.net/project/shownotes.php?release_id=655845&group_id=227492]
[33652]
[51623]
[http://keeptoolkit.svn.sourceforge.net/viewvc/keeptoolkit?view=rev&revision=56]
Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request.
[33287]
[http://sourceforge.net/forum/forum.php?forum_id=894598]
[tftputil-tftpget-directory-traversal(48019)]
[20090115 TFTPUtil GUI TFTP Directory Traversal]
[http://www.princeofnigeria.org/blogs/index.php/2009/01/14/tftputil-gui-tftp-directory-traversal]
[33561]
k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to cause a denial of service (service crash) via a long filename in a crafted request.
[33289]
[http://sourceforge.net/forum/forum.php?forum_id=894598]
[20090115 TFTPUtil GUI TFTP Server Denial of Service Vulnerability]
[http://www.princeofnigeria.org/blogs/index.php/2009/01/14/tftputil-gui-tftp-server-denial-of-servi?blog=1]
Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname.
[gnuboard-common-file-include(48015)]
[33304]
[7792]
[33564]
Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.
[33458]
[20090127 OpenX 2.6.3 - Local File Inclusion]
[7883]
SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter.
[7874]
[33660]
[51615]
SQL injection vulnerability in profile_view.php in Wazzum Dating Software, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the userid parameter.
[33461]
[7877]
[33654]
[51625]
Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) search.php, (2) archive.php, (3) comments.php, and (4) news.php; (5) News.php, (6) SendFriend.php, (7) Archive.php, and (8) Comments.php in base/; and possibly other components, different vectors than CVE-2007-1288.
[33434]
[20090125 WB News v2.0.X Remote File include ..]
[33691]
SQL injection vulnerability in index.php in Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
[33452]
[7867]
[33666]
[51616]
SQL injection vulnerability in shop_display_products.php in Script Toko Online 5.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
[7873]
[33661]
[51630]
SQL injection vulnerability in login_check.asp in ClickAuction allows remote attackers to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.
[7880]
[33647]
[51626]
Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control (Barcode.MW6Barcode.1, Barcode.dll) 3.0.0.1 allows remote attackers to execute arbitrary code via a long Supplement property.
[33451]
[7869]
[33663]
SQL injection vulnerability in index.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
[33460]
[9236]
[7878]
[33649]
[51628]
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2636. Reason: This candidate is a duplicate of CVE-2006-2636. Notes: All CVE users should reference CVE-2006-2636 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX control (FlexCell.ocx) in FlexCell Grid Control 5.6.9 allow remote attackers to create and overwrite arbitrary files via the (1) SaveFile and (2) ExportToXML methods.
[33453]
[7868]
[33664]
SQL injection vulnerability in the Downloads 8.0 module for PHP-Nuke, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.
[downloads-module-sql-injection(48186)]
[33410]
[20090123 PHP-Nuke 8.0 Downloads Blind Sql Injection]
[51633]
Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to "encoded JavaScript" and Helpdesk.woa.
[33429]
[http://updates.webhelpdesk.com/weblog/updates/StableReleases/2009/01/23/911812309.html]
[33651]
The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c.
[sun-solaris-ipv6packets-dos(48208)]
[ADV-2009-0232]
[33435]
[7865]
[251006]
[1021635]
[33605]
[20090126 Solaris Devs Are Smoking Pot]
Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method.
[VU#131100]
[http://blackberry.com/btsc/KB16248]
[33663]
[http://www.microsoft.com/technet/security/advisory/960715.mspx]
[33847]
[51833]
Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. NOTE: some of these details are obtained from third party information.
[ADV-2009-3133]
[http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB19701]
[36903]
Cross-site scripting (XSS) vulnerability in the "Customize Statistics Page" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters.
[ADV-2009-1090]
[1022081]
[34573]
[http://www.blackberry.com/btsc/dynamickc.do?externalId=KB17969&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB17969]
[34740]
[53772]
[20090417 ERNW Security Advisory 01-2009: XSS in Blackberries Mobile Data Service Connection Service]
Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to "incoming data and authentication-strings."
Following information confirms LOCAL Access Vector reported in Hyperlink Record 1058524:
http://xforce.iss.net/xforce/xfdb/48797
The SUSE blinux (sbl) package is vulnerable to a buffer overflow. By sending a specially-crafted request, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
[suse-blinux-bo(48797)]
[33794]
[SUSE-SR:2009:004]
The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer.
[http://zerodayinitiative.com/advisories/ZDI-09-009/]
[autostart-backbone-code-execution(48197)]
[1021636]
[33415]
[20090123 ZDI-09-009: EMC AutoStart Backbone Engine Trusted Pointer Code Execution Vulnerability]
[33667]
[51566]
Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.
[moinmoin-antispam-xss(48306)]
[USN-716-1]
[[oss-security] 20090127 CVE Request: MoinMoin]
[33755]
[33716]
[51632]
[http://moinmo.in/SecurityFixes#moin1.8.1]
[DSA-1715]
[http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad]
[http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad]
winetricks before 20081223 allows local users to overwrite arbitrary files via a symlink attack on the x_showmenu.txt temporary file.
[winetricks-xshowmenu-symlink(48320)]
[33474]
[51619]
[SUSE-SR:2009:004]
[http://code.google.com/p/winezeug/source/detail?r=253]
Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
[FEDORA-2009-1189]
[https://bugzilla.redhat.com/show_bug.cgi?id=481556]
[gedit-pysyssetargv-privilege-escalation(48271)]
[33445]
[[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)]
[MDVSA-2009:039]
[GLSA-200903-41]
[34522]
[33769]
[33759]
[http://bugzilla.gnome.org/show_bug.cgi?id=569214]
Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
[https://bugzilla.redhat.com/show_bug.cgi?id=481560]
[33444]
[[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)]
[MDVSA-2009:059]
Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.
[https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045]
[https://bugzilla.redhat.com/show_bug.cgi?id=481565]
[vim-pysyssetargv-privilege-escalation(48275)]
[33447]
[[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)]
[[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd]
[MDVSA-2009:047]
[http://support.apple.com/kb/HT4077]
[APPLE-SA-2010-03-29-1]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305]
Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
[https://bugzilla.redhat.com/show_bug.cgi?id=481570]
[33442]
[[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)]
Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
[FEDORA-2009-1295]
[https://bugzilla.redhat.com/show_bug.cgi?id=481572]
[33438]
[[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)]
[MDVSA-2009:043]
[GLSA-200904-03]
[33823]
[33707]
[http://bugzilla.gnome.org/show_bug.cgi?id=569648]
Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems."
[249966]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-128624-09-1]
[solaris-autofs-code-execution(48234)]
[ADV-2009-0363]
[ADV-2009-0256]
[1021644]
[33459]
[http://support.avaya.com/elmodocs2/security/ASA-2009-041.htm]
[33665]
[oval:org.mitre.oval:def:5977]
Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
[33440]
[20090124 Benchmarking attacks and major security weakness on all recent Windows versions up to Windows 200]
Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence.
[safari-httpuri-dos(48284)]
[33481]
[oval:org.mitre.oval:def:6091]
[http://lostmon.blogspot.com/2009/01/safari-for-windows-321-remote-http-uri.html]
drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/.
[33428]
[ADV-2009-3316]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-751-1]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:0360]
[RHSA-2009:0331]
[RHSA-2009:0326]
[DSA-1794]
[DSA-1787]
[DSA-1749]
[http://support.avaya.com/elmodocs2/security/ASA-2009-114.htm]
[37471]
[35394]
[35390]
[35011]
[34981]
[34762]
[34680]
[34502]
[34394]
[34252]
[33758]
[33656]
[oval:org.mitre.oval:def:7734]
[oval:org.mitre.oval:def:10163]
[SUSE-SA:2009:031]
[SUSE-SA:2009:030]
[SUSE-SA:2009:010]
[http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.2]
[http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.13]
[http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=81156928f8fe31621e467490b9d441c0285998c3]
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. NOTE: these are different vectors than CVE-2008-6005.
[amaya-html-tags-bo(48325)]
[20090128 CORE-2008-1211: Amaya web editor XML and HTML parser vulnerabilities]
[7902]
[http://www.coresecurity.com/content/amaya-buffer-overflows]
Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) idp parameter to reports/projects.php, the (2) idc parameter to reports/contacts.php, and the (3) idu parameter to reports/users.php.
[bibciter-projects-sql-injection(48080)]
[33329]
[7814]
[33555]
[http://bibciter.sourceforge.net/?p=35]
Directory traversal vulnerability in entries/index.php in Ninja Blog 4.8, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.
[https://www.push55.co.uk/poclibrary/ninjadesignscouk-1.txt]
[33351]
[http://www.push55.co.uk/index.php?s=ad&id=6]
[7831]
[33573]
SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[darkagecms-login-sql-injection(48095)]
[33271]
SQL injection vulnerability in readbible.php in Free Bible Search PHP Script 1.0 allows remote attackers to execute arbitrary SQL commands via the version parameter.
[http://www.seraphimtech.net/repository/Changes.txt]
[33301]
[7798]
[33595]
[http://freshmeat.net/projects/freebiblesearch/?branch_id=77256&release_id=292446]
ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for Database/Sales.mdb.
[digitalsales-sales-information-disclosure(48082)]
[7816]
[33602]
SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844.
[pccookbook-recipeid-sql-injection(48088)]
[33346]
[7824]
Directory traversal vulnerability in index.php in Simple Content Management System (SCMS) 1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
[scms-index-file-include(48081)]
[33330]
[7818]
[33608]
Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery (ESPG) 1.72 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this should not be treated as a vulnerability in ESPG.
[espg-comment-directory-traversal(48087)]
[33335]
[7819]
Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/edit.php, (2) admin/add.php, (3) lib/book_search.php, and possibly other components.
[avbook-edit-sql-injection(48084)]
[http://sourceforge.net/tracker/index.php?func=detail&aid=2219743&group_id=209711&atid=1010816]
[http://sourceforge.net/project/shownotes.php?release_id=654214]
[33583]
SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
[33353]
[33577]
[7833]
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive action.
[blogit-index-sql-injection(48074)]
[33325]
[7806]
[33572]
Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to inject arbitrary web script or HTML via the view parameter.
[blogit-index-xss(48073)]
[33325]
[7806]
[33572]
Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained from third party information.
[blogit-blog-information-disclosure(48075)]
[7806]
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[7806]
[33572]
Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to inject arbitrary web script or HTML via the CategoryID parameter in a refer action.
[blogmanager-incwebblogmanager-xss(48053)]
[33314]
[20090116 DMXReady Blog Manager (SQL/XSS)]
[33601]
[http://dmxready.helpserve.com/index.php?_m=news&_a=viewnews&newsid=12]
SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action.
[blogmanager-incwebblogmanager-sql-injection(48054)]
[33314]
[20090116 DMXReady Blog Manager (SQL/XSS)]
[33601]
[http://dmxready.helpserve.com/index.php?_m=news&_a=viewnews&newsid=12]
Multiple directory traversal vulnerabilities in Simple PHP Newsletter 1.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the olang parameter to (1) mail.php and (2) mailbar.php.
[simplephpnewsletter-mail-file-include(48089)]
[33327]
[7813]
The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.
[33494]
[20090128 Internet explorer 7.0 stack overflow]
Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall.
[33417]
[20090123 Problems with syscall filtering technologies on Linux]
[http://www.citi.umich.edu/u/provos/systrace/]
[http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html]
[http://scary.beasts.org/security/CESA-2009-001.html]
Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes.
[33417]
[20090123 Problems with syscall filtering technologies on Linux]
[http://www.citi.umich.edu/u/provos/systrace/]
[http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html]
[http://scary.beasts.org/security/CESA-2009-001.html]
Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6633175, a different vulnerability than CVE-2007-5717.
[239886]
[sunfire-elom-unauth-access(48329)]
[ADV-2009-0281]
[1021646]
[33506]
[33726]
Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6648082, a different vulnerability than CVE-2007-5717.
[239886]
[sunfire-elom-unauth-access(48329)]
[ADV-2009-0281]
[1021646]
[33506]
[33726]
The IP-in-IP packet processing implementation in the IPsec and IP stacks in the kernel in Sun Solaris 9 and 10, and OpenSolaris snv_01 though snv_85, allows local users to cause a denial of service (panic) via a self-encapsulated packet that lacks IPsec protection.
[240086]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-114344-38-1]
[solaris-ipinip-dos(48328)]
[ADV-2009-0365]
[33504]
[http://support.avaya.com/elmodocs2/security/ASA-2009-043.htm]
[33727]
[oval:org.mitre.oval:def:6088]
Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
[VU#202753]
[ultraseek-cs-phishing(48336)]
[http://www.ultraseek.com/forums/thread.jspa?messageID=9818]
[33500]
[http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html]
The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
[242026]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1]
[sun-jsam-username-info-disclosure(48283)]
[ADV-2009-0269]
[33489]
[33688]
Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (aka .key) file.
[7852]
[33597]
[51510]
Stack-based buffer overflow in Merak Media Player 3.2 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file, related to the status bar icon's tooltip. NOTE: some of these details are obtained from third party information.
[7857]
[33645]
[51565]
Stack-based buffer overflow in WFTPSRV.exe in WinFTP 2.3.0 allows remote authenticated users to execute arbitrary code via a long LIST argument beginning with an * (asterisk) character.
[winftp-list-bo(48263)]
[ADV-2009-0254]
[33454]
[7875]
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function.
[FEDORA-2009-3101]
[FEDORA-2009-2884]
[FEDORA-2009-2882]
[FEDORA-2009-1399]
[https://bugzilla.mozilla.org/show_bug.cgi?id=461027]
[https://bugzilla.mozilla.org/show_bug.cgi?id=449006]
[https://bugzilla.mozilla.org/show_bug.cgi?id=437142]
[https://bugzilla.mozilla.org/show_bug.cgi?id=431705]
[https://bugzilla.mozilla.org/show_bug.cgi?id=422301]
[https://bugzilla.mozilla.org/show_bug.cgi?id=422283]
[https://bugzilla.mozilla.org/show_bug.cgi?id=421839]
[https://bugzilla.mozilla.org/show_bug.cgi?id=420697]
[https://bugzilla.mozilla.org/show_bug.cgi?id=416461]
[https://bugzilla.mozilla.org/show_bug.cgi?id=401042]
[https://bugzilla.mozilla.org/show_bug.cgi?id=331088]
[ADV-2009-0313]
[USN-741-1]
[USN-717-1]
[1021663]
[33598]
[RHSA-2009:0258]
[RHSA-2009:0257]
[http://www.mozilla.org/security/announce/2009/mfsa2009-01.html]
[MDVSA-2009:083]
[MDVSA-2009:044]
[DSA-1830]
[http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm]
[SSA:2009-083-03]
[SSA:2009-083-02]
[34527]
[34464]
[34462]
[34417]
[34387]
[34324]
[33869]
[33846]
[33841]
[33831]
[33816]
[33809]
[33808]
[33802]
[33799]
[RHSA-2009:0256]
[oval:org.mitre.oval:def:10699]
[SUSE-SA:2009:023]
[SUSE-SA:2009:009]
Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine.
[FEDORA-2009-3101]
[FEDORA-2009-2884]
[FEDORA-2009-2882]
[FEDORA-2009-1399]
[https://bugzilla.mozilla.org/show_bug.cgi?id=452913]
[ADV-2009-0313]
[USN-717-1]
[1021663]
[33598]
[RHSA-2009:0258]
[RHSA-2009:0257]
[http://www.mozilla.org/security/announce/2009/mfsa2009-01.html]
[MDVSA-2009:083]
[MDVSA-2009:044]
[DSA-1830]
[http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm]
[SSA:2009-083-03]
[SSA:2009-083-02]
[34527]
[34464]
[34462]
[34417]
[34324]
[33869]
[33846]
[33841]
[33831]
[33816]
[33809]
[33808]
[33802]
[33799]
[RHSA-2009:0256]
[oval:org.mitre.oval:def:11193]
[SUSE-SA:2009:023]
[SUSE-SA:2009:009]
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.
[FEDORA-2009-1399]
[https://bugzilla.mozilla.org/show_bug.cgi?id=468581]
[ADV-2009-0313]
[USN-717-1]
[1021664]
[33598]
[http://www.mozilla.org/security/announce/2009/mfsa2009-02.html]
[MDVSA-2009:044]
[http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm]
[33869]
[33846]
[33841]
[33831]
[33809]
[33799]
[RHSA-2009:0256]
[oval:org.mitre.oval:def:9796]
[SUSE-SA:2009:009]
components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.
[33598]
[FEDORA-2009-2884]
[FEDORA-2009-2882]
[FEDORA-2009-1399]
[https://bugzilla.mozilla.org/show_bug.cgi?id=466937]
[ADV-2009-0313]
[USN-717-2]
[USN-717-1]
[1021665]
[RHSA-2009:0258]
[RHSA-2009:0257]
[http://www.mozilla.org/security/announce/2009/mfsa2009-03.html]
[MDVSA-2009:044]
[http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm]
[34417]
[34324]
[33869]
[33846]
[33841]
[33831]
[33816]
[33809]
[33808]
[33799]
[RHSA-2009:0256]
[oval:org.mitre.oval:def:9161]
[SUSE-SA:2009:009]
Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582.
[FEDORA-2009-1399]
[https://bugzilla.mozilla.org/show_bug.cgi?id=460425]
[ADV-2009-0313]
[1021666]
[33598]
[http://www.mozilla.org/security/announce/2009/mfsa2009-04.html]
[MDVSA-2009:044]
[http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm]
[33846]
[33841]
[33831]
[33809]
[33799]
[RHSA-2009:0256]
[oval:org.mitre.oval:def:9922]
[SUSE-SA:2009:009]
Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.
[FEDORA-2009-3101]
[FEDORA-2009-1399]
[https://bugzilla.mozilla.org/show_bug.cgi?id=380418]
[ADV-2009-0313]
[USN-717-2]
[USN-717-1]
[1021668]
[33598]
[RHSA-2009:0257]
[http://www.mozilla.org/security/announce/2009/mfsa2009-05.html]
[MDVSA-2009:044]
[http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm]
[SSA:2009-083-02]
[34527]
[34462]
[33869]
[33846]
[33841]
[33831]
[33816]
[33809]
[33808]
[33799]
[RHSA-2009:0256]
[oval:org.mitre.oval:def:9459]
[SUSE-SA:2009:009]
[http://ha.ckers.org/blog/20070511/bluehat-errata/]
Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.
[FEDORA-2009-1399]
[https://bugzilla.mozilla.org/show_bug.cgi?id=441751]
[ADV-2009-0313]
[USN-717-1]
[1021667]
[33598]
[http://www.mozilla.org/security/announce/2009/mfsa2009-06.html]
[MDVSA-2009:044]
[http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm]
[33869]
[33846]
[33841]
[33831]
[33809]
[33799]
[RHSA-2009:0256]
[oval:org.mitre.oval:def:10610]
[SUSE-SA:2009:009]
[http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx]
Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name.
[33768]
[http://www.nongnu.org/samizdat/release-notes/samizdat-0.6.2.html]
[20090213 Cross-site scripting in Samizdat 0.6.1]
[[debian-testing-security-announce] 20090211 Security update for Debian Testing - 2009-02-12]
[http://samizdat.nongnu.org/release-notes/samizdat-0.6.1-xss-escape-title.patch]
[52022]
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.
Per vendor advisory:
http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html
"This advisory is only for my pam-krb5 module, as distributed from my web site and packaged by Debian, Ubuntu, and Gentoo."
[ADV-2009-0979]
[ADV-2009-0426]
[ADV-2009-0410]
[USN-719-1]
[33740]
[20090211 pam-krb5 security advisory (3.12 and earlier)]
[http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html]
[DSA-1721]
[http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm]
[252767]
[1021711]
[GLSA-200903-39]
[34449]
[34260]
[33917]
[33914]
[oval:org.mitre.oval:def:5732]
[oval:org.mitre.oval:def:5669]
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.
[ADV-2009-0979]
[ADV-2009-0426]
[ADV-2009-0410]
[USN-719-1]
[33741]
[20090211 pam-krb5 security advisory (3.12 and earlier)]
[http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html]
[DSA-1722]
[DSA-1721]
[http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm]
[252767]
[1021711]
[GLSA-200903-39]
[34449]
[34260]
[33918]
[33917]
[33914]
[oval:org.mitre.oval:def:5521]
[oval:org.mitre.oval:def:5403]
filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321.
[33734]
[33890]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514163]
Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.
[https://bugs.launchpad.net/ubuntu/+source/owl/+bug/329165]
[barnowl-owl-zcrypt-bo(48824)]
[[debian-testing-security-announce] 20090213 Security update for Debian Testing - 2009-02-14]
[http://bugs.debian.org/515118]
[http://barnowl.mit.edu/wiki/barnowl-1.0.5-announce]
[http://barnowl.mit.edu/browser/ChangeLog]
Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors.
[34206]
[DSA-1752]
[http://www.citadel.org/doku.php/news:webcit.security.advisory.-.2009-march-23]
[34457]
[52915]
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.
[33966]
[https://bugzilla.redhat.com/show_bug.cgi?id=487752]
[https://bugzilla.redhat.com/show_bug.cgi?id=487722]
[networkmanager-dbus-info-disclosure(49062)]
[USN-727-2]
[USN-727-1]
[1021908]
[RHSA-2009:0362]
[RHSA-2009:0361]
[DSA-1955]
[http://svn.gnome.org/viewvc/network-manager-applet?view=revision&revision=1207]
[http://svn.gnome.org/viewvc/network-manager-applet/trunk/nm-applet.conf?r1=1133&r2=1207&pathrev=1207]
[1021911]
[1021910]
[34473]
[34177]
[34067]
[oval:org.mitre.oval:def:10828]
[SUSE-SR:2009:009]
[SUSE-SA:2009:013]
The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document.
[https://gna.org/bugs/index.php?13037]
[34085]
[DSA-1737]
[http://svn.gna.org/viewcvs/wesnoth/trunk/src/server/simple_wml.cpp?rev=33069&view=log]
[http://svn.gna.org/viewcvs/wesnoth/trunk/src/server/simple_wml.cpp?rev=33069&r1=32990&r2=33069]
[34253]
[34236]
[http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog]
[http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog]
[52672]
[http://launchpad.net/bugs/cve/2009-0366]
[http://launchpad.net/bugs/336396]
[http://launchpad.net/bugs/335089]
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
[http://www.wesnoth.org/forum/viewtopic.php?t=24340]
[http://www.wesnoth.org/forum/viewtopic.php?t=24247]
[ADV-2009-0595]
[https://gna.org/bugs/index.php?13048]
[wesnoth-pythonai-code-execution(49058)]
[DSA-1737]
[34236]
[34058]
[http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog]
[http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog]
[http://launchpad.net/bugs/cve/2009-0367]
[http://launchpad.net/bugs/336396]
[http://launchpad.net/bugs/335089]
OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.
[33922]
[[oss-security] 20090226 OpenSC Security Advisory]
[FEDORA-2009-2267]
[FEDORA-2009-2266]
[opensc-pkcs-unauth-access(48958)]
[[opensc-announce] 20090226 OpenSC Security Advisory]
[DSA-1734]
[GLSA-200908-01]
[36074]
[35065]
[34377]
[34362]
[34120]
[34052]
[SUSE-SR:2009:010]
Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability.
[ie-onclickaction-click-hijacking(48542)]
[7912]
Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files."
[33522]
[IZ42788]
[IZ42787]
[IZ42786]
[IZ42785]
[IZ41599]
[IZ41510]
[IZ40386]
[IZ41593]
[oval:org.mitre.oval:def:6028]
[http://aix.software.ibm.com/aix/efixes/security/rmsock_advisory.asc]
Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the type parameter.
[sitexs-type-file-include(48236)]
[ADV-2009-0247]
[33457]
[7879]
Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploaded/.
[33424]
[memht-avatar-file-upload(48199)]
[7859]
[33626]
SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php.
[flashmagazine-index-sql-injection(48226)]
[ADV-2009-0249]
[33455]
[7881]
[33646]
** DISPUTED ** Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue."
[20090128 Re: Advisory: Google Chrome 1.0.154.43 ClickJacking Vulnerability.]
[20090128 Advisory: Google Chrome 1.0.154.43 ClickJacking Vulnerability.]
[http://www.secniche.org/gcr_clkj/]
[7903]
Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a filename length field containing a large integer, which triggers overwrite of an arbitrary memory location with a 0x00 byte value, related to use of RealPlayer through a Windows Explorer plugin.
Per http://www.fortiguardcenter.com/advisory/FGA-2009-04.html:
"It should be noted that the victim does not necessarily have to open the malicious file for exploitation to occur: the vulnerabilities lie in a DLL that is also used as a plugin for the Windows Explorer shell. A successful attack could take place by merely previewing the IVR file through Windows Explorer. "
[realplayer-ivr-bo(48567)]
[ADV-2010-0178]
[33652]
[20090206 RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities]
[http://www.fortiguardcenter.com/advisory/FGA-2009-04.html]
[http://service.real.com/realplayer/security/01192010_player/en/]
[38218]
[33810]
Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a modified field that controls an unspecified structure length and triggers heap corruption, related to use of RealPlayer through a Windows Explorer plugin.
[realplayer-ivr-code-execution(48568)]
[http://www.zerodayinitiative.com/advisories/ZDI-10-009/]
[ADV-2010-0178]
[33652]
[20100121 ZDI-10-009: RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability]
[20090206 RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities]
[http://www.fortiguardcenter.com/advisory/FGA-2009-04.html]
[http://service.real.com/realplayer/security/01192010_player/en/]
[38218]
[33810]
SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132.
[33391]
[20090121 Joomla component beamospetition 1.0.12 Sql Injection]
[7847]
Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action.
[33391]
[20090121 Joomla component beamospetition 1.0.12 Sql Injection]
[7847]
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761.
[joomla-pcchess-gameid-sql-injection(48144)]
[33394]
[7846]
** DISPUTED ** SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2.
[sobi2-bid-sql-injection(48131)]
[33378]
[7841]
[20090130 SOBI2 showbiz SQL injection - false, or site-specific]
SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping Cart (com_prod) 5.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a products action to index.php.
[bazaarbuilder-index-sql-injection(48141)]
[33380]
[7840]
[33612]
Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors.
[http://drupal.org/node/358958]
[33283]
[33549]
delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request.
[http://www.mzbservices.com/show_post.php?id=72]
[33590]
[maxblog-delete-security-bypass(48125)]
[33368]
[7835]
[51482]
SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
[7849]
Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.
[FEDORA-2009-3433]
[FEDORA-2009-3428]
[ffmpeg-fourxmreadheader-code-execution(48330)]
[ADV-2009-0277]
[USN-734-1]
[http://www.trapkit.de/advisories/TKADV2009-004.txt]
[33502]
[20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability]
[MDVSA-2009:297]
[DSA-1782]
[DSA-1781]
[http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=16846]
[http://svn.mplayerhq.hu/ffmpeg/trunk/libavformat/4xm.c?r1=16838&r2=16846&pathrev=16846]
[GLSA-200903-33]
[34905]
[34845]
[34712]
[34385]
[34296]
[33711]
[51643]
[http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17]
Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file.
[33405]
[http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html]
[https://bugzilla.redhat.com/show_bug.cgi?id=481267]
[ADV-2009-0225]
[USN-736-1]
[20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities]
[RHSA-2009:0271]
[[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version)]
[MDVSA-2009:035]
[http://trapkit.de/advisories/TKADV2009-003.txt]
[GLSA-200907-11]
[35777]
[34336]
[33815]
[33650]
[oval:org.mitre.oval:def:10306]
[SUSE-SR:2009:005]
[http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53]
Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted Sync Sample (aka stss) atom data in a malformed QuickTime media .mov file, related to "mark keyframes."
[http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html]
[https://bugzilla.redhat.com/show_bug.cgi?id=481267]
[ADV-2009-0225]
[USN-736-1]
[33405]
[20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities]
[RHSA-2009:0271]
[[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version)]
[MDVSA-2009:035]
[http://trapkit.de/advisories/TKADV2009-003.txt]
[GLSA-200907-11]
[35777]
[34336]
[33815]
[33650]
[oval:org.mitre.oval:def:10611]
[SUSE-SR:2009:005]
[http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53]
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.
[33568]
[ADV-2009-0322]
[ADV-2009-0321]
[20090203 CORE-2008-1009 - VNC Multiple Integer Overflows]
[8024]
[7990]
[http://www.coresecurity.com/content/vnc-integer-overflows]
[http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564]
[33807]
[http://forum.ultravnc.info/viewtopic.php?t=14654]
Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code.
[wow-writeinifilestring-code-execution(48337)]
[33515]
[7910]
Argument injection vulnerability in Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to send signals to arbitrary processes by populating the /tmp/enomalism2.pid file with command-line arguments for the kill program.
[20090130 CVE-2008-4990 Enomaly ECP/Enomalism: Insecure temporary file creation vulnerabilities]
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors.
[ADV-2009-0423]
[1021658]
[33533]
[PK79232]
[33729]
[51663]
Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter.
[33519]
[20090129 Motorola Wimax Modem CPEi300 Multiple Vulnerabilities]
[7915]
Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter.
[33519]
[20090129 Motorola Wimax Modem CPEi300 Multiple Vulnerabilities]
[7915]
SQL injection vulnerability in login.php in Pre Lecture Exercises (PLEs) CMS 1.0 beta 4.2 allows remote attackers to execute arbitrary SQL commands via the school parameter.
[33524]
[7917]
SQL injection vulnerability in the login feature in NetArt Media Car Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
[33521]
[7916]
The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, W880i, and K530i phones allow remote attackers to cause a denial of service (device reboot or hang-up) via a malformed WAP Push packet to (1) SMS or (2) UDP port 2948.
[1021634]
[33433]
[20090126 SonyEricsson WAP Push Denial of Service]
[http://www.mseclab.com/index.php?page_id=123]
[33616]
Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file.
[33405]
[https://bugzilla.redhat.com/show_bug.cgi?id=481267]
[gstreamer-qtdemuxparse-bo(48555)]
[ADV-2009-0225]
[USN-736-1]
[20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities]
[RHSA-2009:0271]
[RHSA-2009:0270]
[[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version)]
[MDVSA-2009:035]
[http://trapkit.de/advisories/TKADV2009-003.txt]
[http://support.avaya.com/elmodocs2/security/ASA-2009-052.htm]
[GLSA-200907-11]
[35777]
[34336]
[33830]
[33815]
[33650]
[oval:org.mitre.oval:def:9942]
[SUSE-SR:2009:005]
[http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html]
[http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53]
Array index error in the gst_qtp_trak_handler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins) 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file.
[RHSA-2009:0269]
[[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version)]
[33830]
[oval:org.mitre.oval:def:9886]
Chipmunk Blogger Script allows remote attackers to gain administrator privileges via a direct request to admin/reguser.php. NOTE: this is only a vulnerability when the administrator does not properly follow installation directions.
[7894]
SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
[socialengine-blog-sql-injection(48316)]
[33495]
[7900]
[33701]
[51644]
SQL injection vulnerability in browsecats.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the cid parameter.
[ephpcms-browsecats-sql-injection(48297)]
[33470]
[31923]
[http://packetstormsecurity.org/0901-exploits/ephpcmscid-sql.txt]
SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters.
[domaintechnologie-newaccount-sql-injection(48292)]
[33496]
[33698]
[51631]
[http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=056e1d1849ff3aa183a410e2aab1c1c3e969247d]
[http://freshmeat.net/projects/dtc/?branch_id=22759&release_id=292973]
SQL injection vulnerability in admin/authenticate.php in Chipmunk Blogger Script allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
[chipmunkblog-authenticate-sql-injection(48313)]
[ADV-2009-0267]
[7894]
Multiple cross-site scripting (XSS) vulnerabilities in Bioinformatics htmLawed 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via invalid Cascading Style Sheets (CSS) expressions in the style attribute, which is processed by Internet Explorer 7.
[htmlawed-unspecified-xss(48333)]
[33507]
[http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s4.3]
[http://www.bioinformatics.org/phplabware/forum/viewtopic.php?id=85]
[33655]
[51650]
[http://freshmeat.net/projects/htmlawed/?branch_id=74760&release_id=293090]
[http://freshmeat.net/projects/htmlawed/?branch_id=74760&release_id=293026]
SQL injection vulnerability in articles.php in smartSite CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the var parameter.
[smartsitecms-articles-sql-injection(48321)]
[33497]
[7901]
SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
[communitycms-index-sql-injection(48304)]
[ADV-2009-0265]
[33484]
[7892]
SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
[phpcms-login-sql-injection(48267)]
[ADV-2009-0244]
[33473]
[7876]
Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC 2a allows remote attackers to hijack the authentication of administrators.
[oscommerce-unspecified-csrf(48289)]
[33446]
[51605]
SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
[33493]
[20090127 Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass]
[7899]
[33658]
[51645]
Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow.
[http://www.zerodayinitiative.com/advisories/ZDI-09-010/]
[http://download.novell.com/Download?buildid=GjZRRdqCFW0]
[33560]
[20090202 ZDI-09-010: Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability]
[http://www.novell.com/support/viewContent.do?externalId=7002502]
[33744]
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.
[googlechrome-xmlhttprequest-info-disclosure(48554)]
[http://src.chromium.org/viewvc/chrome?view=rev&revision=8529]
[http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes]
[http://codereview.chromium.org/18533]
[http://codereview.chromium.org/11264]
The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.
[interspire-classauth-security-bypass(47899)]
[1021557]
[33212]
[20090112 [BMSA-2009-01] Authentication bypass in Interspire Shopping Cart v4.0.1 and below]
Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.
[FEDORA-2009-1256]
[roundcube-html-xss(48129)]
[ADV-2009-0192]
[33372]
[http://trac.roundcube.net/changeset/2245]
[33827]
[33622]
Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption.
[33399]
[http://blog.torproject.org/blog/tor-0.2.0.33-stable-released]
[FEDORA-2009-0897]
[ADV-2009-0210]
[1021633]
[GLSA-200904-11]
[34583]
[33677]
[33635]
[[or-announce] 20090122 Tor 0.2.0.33 is released]
Untrusted search path vulnerability in trickle 1.07 allows local users to execute arbitrary code via a Trojan horse trickle-overload.so in the current working directory, which is referenced in the LD_PRELOAD path.
[33516]
[[oss-security] 20090129 CVE Request (trickle)]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513456]
The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files.
[33583]
[http://sourceforge.net/tracker/index.php?func=detail&aid=2561165&group_id=128809&atid=712784]
[[oss-security] 20090203 CVE Request: sblim-sfcb genSslCert.sh temp race]
[33795]
[51783]
[SUSE-SR:2009:004]
Cross-site scripting (XSS) vulnerability in the AgaviWebRouting::gen(null) method in Agavi 0.11 before 0.11.6 and 1.0 before 1.0.0 beta 8 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with certain characters that are not properly handled by web browsers that do not strictly follow RFC 3986, such as Internet Explorer 6 and 7.
[http://blog.agavi.org/post/75830918/agavi-1-0-0-beta-8-released-fixes-vulnerability]
[http://blog.agavi.org/post/75829956/agavi-0-11-6-released-fixes-vulnerability]
[33826]
[http://trac.agavi.org/ticket/1019]
The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.
[ADV-2009-0312]
[1021660]
[33787]
[oval:org.mitre.oval:def:5943]
[SSRT080107]
Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033.
[https://bugzilla.mozilla.org/show_bug.cgi?id=380418]
[msxml-httponly-cookie-information-disclosure(48815)]
SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
[33297]
[7795]
[33562]
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
[eventing-index-sql-injection(48016)]
[33296]
[7793]
[33563]
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php.
Register Globals are disabled by default, so this will not increase access complexity.
[phplist-indexphp-file-include(47945)]
[20090114 phpList <= 2.10.8 Local File inclusion]
[7778]
[http://www.bugreport.ir/index_60.htm]
[33533]
Directory traversal vulnerability in index.php in Php Photo Album (PHPPA) 0.8 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the preview parameter.
[phpphotoalbum-index-file-include(48017)]
[33277]
[7786]
Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook (ANG) before 0.7.7 allows remote attackers to inject arbitrary web script or HTML via the country parameter, which is not properly handled in (1) administrator/manage.php or (2) administrator/trash.php. NOTE: some of these details are obtained from third party information.
[33292]
[anguestbook-sign1-xss(48018)]
[http://sourceforge.net/project/shownotes.php?release_id=653720]
[http://sourceforge.net/forum/forum.php?forum_id=907703]
[33490]
SQL injection vulnerability in index.php in Blue Eye CMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the clanek parameter.
[33303]
[7797]
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Classified Listings Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
[classifieds-uploadimage-sql-injection(47959)]
[33253]
[33482]
[7767]
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Member Directory Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
[memberdirectory-uploadimage-sql-injection(47960)]
[33253]
[33482]
[7773]
[http://dmxready.helpserve.com/index.php?_m=news&_a=viewnews&newsid=12]
[http://dmxready.helpserve.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=93]
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Secure Document Library 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
[securedocumentlibrary-uploadimage-sql-inj(48013)]
[33253]
[33482]
[7787]
[http://dmxready.helpserve.com/index.php?_m=news&_a=viewnews&newsid=12]
[http://dmxready.helpserve.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=93]
Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp, (2) SortDir parameter to auctionsended.asp, and the (3) catid parameter to wishlist.php.
[33306]
[20090116 Active Bids]
Multiple cross-site scripting (XSS) vulnerabilities in Active Bids allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to search.asp and the (2) URL parameter to tellafriend.asp.
[33306]
[20090116 Active Bids]
SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter.
[33305]
[http://packetstormsecurity.org/0901-exploits/linkspro-sql.txt]
The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors.
[http://www-01.ibm.com/support/docview.wss?uid=swg27007951]
[websphere-file-transfer-info-disclosure(48522)]
[33700]
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash) via unknown vectors, related to a mishandling of client read failures in which clients receive many 500 HTTP error responses and backend servers are incorrectly labeled as down.
[33700]
[PK63499]
[http://www-01.ibm.com/support/docview.wss?uid=swg27007951]
[http://www-01.ibm.com/support/docview.wss?uid=swg27007033]
[http://www-01.ibm.com/support/docview.wss?uid=swg27006879]
[websphere-server-plugin-dos(48523)]
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413.
[websphere-pmi-information-disclosure(48524)]
[ADV-2009-0423]
[33700]
[PK79230]
[http://www-01.ibm.com/support/docview.wss?uid=swg27014463]
[http://www-01.ibm.com/support/docview.wss?uid=swg27007951]
[http://www-01.ibm.com/support/docview.wss?uid=swg27006876]
Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libibmaio) library in the Java Message Service (JMS) component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.17 on AIX 5.3 allows attackers to cause a denial of service (daemon crash) via vectors related to the aio_getioev2 and getEvent methods.
[http://www-01.ibm.com/support/docview.wss?uid=swg27007951]
[PK64529]
[websphere-libibmaio-dos(48525)]
[33700]
The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors.
[http://www-01.ibm.com/support/docview.wss?uid=swg27008517]
[http://www-01.ibm.com/support/docview.wss?uid=swg27007951]
[http://www-01.ibm.com/support/docview.wss?uid=swg27007033]
[http://www-01.ibm.com/support/docview.wss?uid=swg27006876]
[websphere-http-afunix-incorrect-permissions(48526)]
[33700]
The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file.
[websphere-install-log-info-disclosure(48527)]
[33849]
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412.
[http://www-01.ibm.com/support/docview.wss?uid=swg27014463]
[websphere-jsp-win-information-disclosure(48528)]
[33700]
Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands.
[websphere-mq-privilege-escalation(48529)]
[http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037]
[33857]
[34034]
[52297]
IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print."
[http://www-01.ibm.com/support/docview.wss?uid=swg21330341]
[websphere-pgateway-rnif-signatures(48530)]
[33839]
[JR31231]
[33994]
PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default.php in Technote 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter, a different vector than CVE-2008-4138.
[33592]
[7965]
[33732]
[51740]
Directory traversal vulnerability in bbcode.php in PHPbbBook 1.3 and 1.3h allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter.
[ADV-2009-0317]
[33603]
[7980]
[33811]
[51737]
Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows remote attackers to execute arbitrary code via an M3U file containing a long string in a URL.
[33089]
[7942]
[33742]
[51717]
Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) theme parameter to (a) 179_squarebox_pds_list/view.php, (b) 179_squarebox_minishop_expand/view.php, (c) 179_squarebox_gallery_list_pds/view.php, (d) 179_squarebox_gallery_list/view.php, (e) 179_squarebox_gallery/view.php, (f) 179_squarebox_board_swfupload/view.php, (g) 179_squarebox_board_expand/view.php, (h) 179_squarebox_board_basic_with_grcode/view.php, (i) 179_squarebox_board_basic/view.php, (j) 179_simplebar_pds_list/view.php, (k) 179_simplebar_notice/view.php, (l) 179_simplebar_gallery_list_pds/view.php, (m) 179_simplebar_gallery/view.php, and (n) 179_simplebar_basic/view.php in theme/; the (2) path parameter to (o) latest/sirini_gallery_latest/list.php; and the (3) grboard parameter to (p) include.php and (q) form_mail.php.
[33602]
[7979]
[33812]
SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action.
[dreampics-exhibitionid-sql-injection(48468)]
[33596]
[9451]
[7968]
[33730]
[51741]
SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id parameter.
[33590]
[7961]
Multiple SQL injection vulnerabilities in default.asp in MyDesign Sayac 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the user parameter (aka UserName field) or (2) the pass parameter (aka Pass field) to (a) admin/admin.asp or (b) the default URI under admin/. NOTE: some of these details are obtained from third party information.
[33593]
[7963]
[33771]
[51754]
Directory traversal vulnerability in admin/modules/aa/preview.php in Syntax Desktop 2.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the synTarget parameter.
[syntax-desktop-preview-file-include(48496)]
[ADV-2009-0319]
[33601]
[7977]
Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call.
[http://www.wintercore.com/advisories/advisory_W020209.html]
[1021661]
[33561]
[20090202 [Wintercore Research WS02-0209] Kaspersky Products Klim5.sys local privilege escalation]
[http://www.reversemode.com/index.php?option=com_content&task=view&id=60&Itemid=1]
[33788]
[http://kartoffel.reversemode.com/downloads/kaspersky_klim5_plugin.zip]
Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier allows remote attackers to execute arbitrary code via a long string in a playlist (aka .plf) file.
[blazevideo-hdtv-plf-bo(48498)]
[33588]
[7975]
SQL injection vulnerability in Skalfa SkaLinks 1.5 allows remote attackers to execute arbitrary SQL commands via the Admin name field to the default URI under admin/.
[33546]
[7932]
Multiple SQL injection vulnerabilities in parents/login.php in Online Grades 3.2.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameter.
[33576]
[7956]
[33767]
[51712]
Online Grades 3.2.4 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
[7956]
[33767]
[51713]
Multiple SQL injection vulnerabilities in DMXReady Online Notebook Manager 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. NOTE: some third parties report inability to verify this issue.
[onm-login-sql-injection(48503)]
[33600]
[7970]
Cross-site scripting (XSS) vulnerability in the anonymous comments feature in lib-comment.php in glFusion 1.1.0, 1.1.1, and earlier versions allows remote attackers to inject arbitrary web script or HTML via the username parameter to comment.php.
[33683]
[glfusion-libcomment-xss(48603)]
[http://www.glfusion.org/article.php/xsscomments]
[http://www.fortconsult.net/images/pdf/advisories/glFusion-xss-advisory.pdf]
[33878]
PHP remote file inclusion vulnerability in examples/example_clientside_javascript.php in patForms, as used in Sourdough 0.3.5, allows remote attackers to execute arbitrary PHP code via a URL in the neededFiles[patForms] parameter.
[33569]
[7946]
Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the (1) Contact_Plus and (2) Reviews modules, and (3) the module_name parameter to admin/includes/FANCYNLOptions.php in the Fancy_NewsLetter module.
[33565]
[7939]
[33735]
[51709]
[51708]
Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Ware Support 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information.
[33564]
[33777]
[51733]
[7940]
Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information.
[33564]
[33777]
[51733]
[7941]
Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
[33577]
[33777]
[51734]
[7951]
Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
[33577]
[33777]
[51734]
[7952]
Multiple SQL injection vulnerabilities in customer_login_check.asp in ClickTech ClickCart 6.0 allow remote attackers to execute arbitrary SQL commands via (1) the txtEmail parameter (aka E-MAIL field) or (2) the txtPassword parameter (aka password field) to customer_login.asp. NOTE: some of these details are obtained from third party information.
[33575]
[7953]
[33774]
[51718]
PHP remote file inclusion vulnerability in includes/header.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
[33578]
[7954]
[33649]
PHP remote file inclusion vulnerability in includes/header.php in Groone GBook 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
[33578]
[7955]
[33768]
[51716]
The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\boot.ini\0 argument.
[ADV-2009-0298]
[33535]
[7928]
[http://www.dsecrg.com/pages/vul/show.php?id=62]
[33728]
[51693]
Cross-site scripting (XSS) vulnerability in Vivvo CMS before 4.1.1 allows remote attackers to inject arbitrary web script or HTML via a URI that triggers a 404 Page Not Found response.
[http://www.vivvo.net/changelog.php]
[33582]
[33368]
Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action.
[33523]
[7919]
[33739]
[51659]
Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network services, (4) configure a proxy server, and (5) modify other settings via parameters in the query string.
[33523]
[7919]
[33739]
[51660]
Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1.2 allows remote attackers to gain administrative privileges via unknown vectors.
[33409]
[http://www.futomi.com/library/info/2009/20090123.html]
[JVNDB-2009-000008]
[JVN#80771386]
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821.
[33625]
[20090204 Cisco IOS XSS/CSRF Vulnerability]
[33844]
Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request.
[20090204 Cisco IOS XSS/CSRF Vulnerability]
[33844]
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[VU#882619]
[ADV-2009-0347]
[33638]
[33783]
[http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729]
Open redirect vulnerability in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
[VU#619499]
[ADV-2009-0347]
[33636]
[33783]
[http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729]
The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to obtain "internal web page information" and "internal information about the module" via unspecified vectors. NOTE: this may overlap CVE-2002-1603.
[VU#124059]
[ADV-2009-0347]
[http://www.kb.cert.org/vuls/id/RGII-7MWKZ3]
[33783]
[http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729]
Integer underflow in the Huffman decoding functionality (pvmp3_huffman_parsing.cpp) in OpenCORE 2.0 and earlier allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a crafted MP3 file that triggers heap corruption.
[33673]
[20090207 [oCERT-2009-002] OpenCORE insufficient bounds checking during MP3 decoding]
[http://www.ocert.org/advisories/ocert-2009-002.html]
[http://review.source.android.com/Gerrit#change,8815]
[http://android.git.kernel.org/?p=platform/external/opencore.git;a=commit;h=7b466cd0ecfdba72c4cbd0f3a8c2001141376b0f]
Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, as originally reported for Euphonics Audio Player 1.0. NOTE: some of these details are obtained from third party information.
[ADV-2009-0316]
[33589]
[20090203 Euphonics Audio Player v1.0 (.pls) Local BOF POC]
[7974]
[7973]
[7958]
[33817]
[33791]
Unspecified vulnerability in the process (aka proc) filesystem in Sun OpenSolaris snv_85 through snv_100 allows local users to gain privileges via vectors related to the contract filesystem.
[ADV-2009-0352]
[33654]
[http://www.ioactive.com/pdfs/OpenSolarisUPtrDeref.pdf]
[244026]
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
[33604]
[https://bugzilla.redhat.com/show_bug.cgi?id=484246]
[http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch]
[http://www.squid-cache.org/Advisories/SQUID-2009_1.txt]
[1021684]
[20090204 Squid Proxy Cache Denial of Service in request handling]
[8021]
[MDVSA-2009:034]
[GLSA-200903-38]
[34467]
[33731]
[SUSE-SR:2009:005]
Multiple SQL injection vulnerabilities in admin/admin_login.php in Online Grades 3.2.4 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[33767]
[51711]
The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets.
[248026]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-116965-34-1]
[ADV-2009-0364]
[33550]
[http://support.avaya.com/elmodocs2/security/ASA-2009-042.htm]
[1021653]
[33751]
[oval:org.mitre.oval:def:6038]
Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers.
[FEDORA-2009-2417]
[FEDORA-2009-2418]
[33580]
[http://www.bugzilla.org/security/2.22.6/]
[34361]
Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi.
[FEDORA-2009-2417]
[FEDORA-2009-2418]
[33580]
[http://www.bugzilla.org/security/2.22.6/]
[34361]
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi.
[FEDORA-2009-2417]
[FEDORA-2009-2418]
[https://bugzilla.mozilla.org/show_bug.cgi?id=472362]
[https://bugzilla.mozilla.org/show_bug.cgi?id=466692]
[33580]
[http://www.bugzilla.org/security/2.22.6/]
[34361]
Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete shared or saved searches via a link or IMG tag to buglist.cgi.
[FEDORA-2009-2417]
[FEDORA-2009-2418]
[https://bugzilla.mozilla.org/show_bug.cgi?id=466748]
[33580]
[http://www.bugzilla.org/security/2.22.6/]
[34361]
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi.
[FEDORA-2009-2417]
[FEDORA-2009-2418]
[https://bugzilla.mozilla.org/show_bug.cgi?id=466692]
[33580]
[http://www.bugzilla.org/security/2.22.6/]
[34361]
Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
[FEDORA-2009-2417]
[FEDORA-2009-2418]
[33581]
[http://www.bugzilla.org/security/3.0.7/]
[34361]
Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post.
[mahara-unspecified-xss(48518)]
[33619]
[33813]
[http://mahara.org/interaction/forum/topic.php?id=198]
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[33657]
[http://www.phorum.org/phorum5/read.php?64,136129]
The DBus configuration file for Wicd before 1.5.9 allows arbitrary users to own org.wicd.daemon, which allows local users to receive messages that were intended for the Wicd daemon, possibly including credentials.
[[oss-security] 20090206 CVE Request - Wicd <= 1.5.8]
[http://sourceforge.net/project/shownotes.php?group_id=194573&release_id=659059]
[GLSA-200904-12]
[34685]
[33870]
[http://bazaar.launchpad.net/~wicd-devel/wicd/trunk/revision/222]
Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string.
[ADV-2009-0008]
[33090]
[7634]
[33356]
[51070]
[[audacity-devel] 20090110 Audacity "String_parse::get_nonspace_quoted()" Buffer Overflow]
[SUSE-SR:2009:004]
[http://bugs.gentoo.org/show_bug.cgi?id=253493]
Stack-based buffer overflow in Elecard MPEG Player 5.5 build 15884.081218 allows remote attackers to execute arbitrary code via a M3U file containing a long URL.
[ADV-2009-0007]
[7637]
[33355]
[51075]
Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerability."
[33127]
[http://sourceforge.net/project/shownotes.php?group_id=249202&release_id=650796]
[ADV-2009-0020]
SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier allows remote attackers to execute arbitrary SQL commands via the Username.
[itcms-login-sql-injection(47791)]
[33139]
[7686]
SQL injection vulnerability in the Portfol (com_portfol) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the vcatid parameter in a viewcategory action to index.php.
[33218]
[7734]
PHP remote file inclusion vulnerability in include/define.php in REALTOR 747 4.11 allows remote attackers to execute arbitrary PHP code via a URL in the INC_DIR parameter.
[33227]
[7743]
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) log parameter to (a) logviewer.jsp and (b) log.jsp; (2) search parameter to (c) group-summary.jsp; (3) username parameter to (d) user-properties.jsp; (4) logDir, (5) maxTotalSize, (6) maxFileSize, (7) maxDays, and (8) logTimeout parameters to (e) audit-policy.jsp; (9) propName parameter to (f) server-properties.jsp; and the (10) roomconfig_roomname and (11) roomconfig_roomdesc parameters to (g) muc-room-edit-form.jsp. NOTE: this can be leveraged for arbitrary code execution by using XSS to upload a malicious plugin.
[https://bugs.gentoo.org/show_bug.cgi?id=254309]
[openfire-mucroomeditform-xss(47845)]
[openfire-serverproperties-xss(47835)]
[openfire-multiple-scripts-xss(47834)]
[32944]
[32943]
[32940]
[32939]
[32938]
[32937]
[32935]
[20090108 CORE-2008-1128: Openfire multiple vulnerabilities]
[http://www.igniterealtime.org/issues/browse/JM-1506]
[http://www.coresecurity.com/content/openfire-multiple-vulnerabilities]
[33452]
Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.
[https://bugs.gentoo.org/show_bug.cgi?id=257585]
[openfire-log-directory-traversal(47806)]
[32945]
[20090108 CORE-2008-1128: Openfire multiple vulnerabilities]
[http://www.coresecurity.com/content/openfire-multiple-vulnerabilities]
[http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp]
[33452]
Virtual GuestBook (vgbook) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to guestbook.mdb.
[7744]
Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php.
[[oss-security] 20090204 CVS request - Moodle]
[34418]
[http://moodle.org/security/]
[SUSE-SR:2009:007]
[http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15]
Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.
[[oss-security] 20090204 CVS request - Moodle]
[DSA-1724]
[34418]
[33955]
[http://moodle.org/security/]
[SUSE-SR:2009:007]
Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors.
[[oss-security] 20090204 CVS request - Moodle]
[34418]
[http://moodle.org/security/]
[SUSE-SR:2009:007]
Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page.
[[oss-security] 20090204 CVS request - Moodle]
[DSA-1724]
[34418]
[33955]
[http://moodle.org/security/]
[SUSE-SR:2009:007]
IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs.
[http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27011431]
[websphere-msgbroker-info-disclosure(48642)]
[ADV-2009-0460]
[1021735]
[33819]
[IC55298]
WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.
[http://www-01.ibm.com/support/docview.wss?uid=swg27014463]
[websphere-wspolicy-information-disclosure(48700)]
[PK73573]
The CICS listener in IBM TXSeries for Multiplatforms 6.2 GA waits for a forcepurge acknowledgement from the CICS Application Server (CICSAS) after an eci response timeout, which might allow remote authenticated users to cause a denial of service (forcepurge handling delay), or have unspecified other impact, via vectors involving slow or nonexistent acknowledgement.
[http://www-01.ibm.com/support/docview.wss?uid=swg24019725]
[txseries-forcepurge-wait-unspecified(48885)]
[ADV-2009-0911]
[33883]
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks.
Per http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60223:
"Note: WebSphere Application Server V6.0.2 Fix Pack 2 (6.0.2.2), Fix Pack 4 (6.0.2.4), Fix Pack 6 (6.0.2.6), Fix Pack 8 (6.0.2.8), Fix Pack 10 (6.0.2.10), Fix Pack 12 (6.0.2.12), Fix Pack 14 (6.0.2.14), Fix Pack 16 (6.0.2.16), Fix Pack 18 (6.0.2.18), Fix Pack 20 (6.0.2.20), Fix Pack 22 (6.0.2.22) and Fix Pack 24 (6.0.2.24) were only published for the z/OS® platform."
[websphere-zos-csiv2-unspecified(48886)]
[http://www-01.ibm.com/support/docview.wss?uid=swg27006876]
[33884]
IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member.
[websphere-process-server-info-disclosure(48892)]
[ADV-2009-0670]
[JR30088]
[http://www-01.ibm.com/support/docview.wss?uid=swg27015580]
[34249]
The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console.
Per: http://xforce.iss.net/xforce/xfdb/49085
CVSS score based on information provided by ISS.
[ADV-2009-1464]
[ADV-2009-1188]
[ADV-2009-0704]
[http://www-01.ibm.com/support/docview.wss?uid=swg27006876]
[http://www-01.ibm.com/support/docview.wss?uid=swg21380376]
[http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456]
[websphere-web-app-information-disclosure(49085)]
[34104]
[http://www-01.ibm.com/support/docview.wss?uid=swg21380233]
[34876]
[34283]
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to execute arbitrary code via a crafted file that triggers memory corruption.
[TA09-161A]
[ADV-2009-1547]
[http://www.adobe.com/support/security/bulletins/apsb09-07.html]
[reader-text-bo(49239)]
[35274]
[RHSA-2009:1109]
[1022361]
[GLSA-200907-06]
[35734]
[35685]
[35655]
[35496]
[34580]
[SUSE-SR:2009:012]
[SUSE-SA:2009:035]
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889.
[TA09-161A]
[ADV-2009-1547]
[http://www.adobe.com/support/security/bulletins/apsb09-07.html]
[35274]
[RHSA-2009:1109]
[1022361]
[GLSA-200907-06]
[35734]
[35685]
[35655]
[35496]
[34580]
[SUSE-SR:2009:012]
[SUSE-SA:2009:035]
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889.
[TA09-161A]
[ADV-2009-1547]
[http://www.adobe.com/support/security/bulletins/apsb09-07.html]
[35274]
[RHSA-2009:1109]
[1022361]
[GLSA-200907-06]
[35734]
[35685]
[35655]
[35496]
[34580]
[SUSE-SR:2009:012]
[SUSE-SA:2009:035]
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0888, and CVE-2009-0889.
[TA09-161A]
[ADV-2009-1547]
[http://www.adobe.com/support/security/bulletins/apsb09-07.html]
[35293]
[35274]
[RHSA-2009:1109]
[1022361]
[GLSA-200907-06]
[35734]
[35685]
[35655]
[35496]
[34580]
[SUSE-SR:2009:012]
[SUSE-SA:2009:035]
Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 allow remote attackers to execute arbitrary PHP code via a URL in the classFiles parameter to (1) admin/doc/index.php, (2) index.php, and (3) base/menu.php in mod/.
[33701]
[8025]
Multiple directory traversal vulnerabilities in WebFrame 0.76 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) currentmod and (2) LANG parameters to mod/index.php.
[33701]
[8025]
Directory traversal vulnerability in check_lang.php in Yet Another NOCC (YANOCC) 0.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
[yanocc-checklang-file-include(48608)]
[ADV-2009-0383]
[33704]
[8020]
[33862]
SQL injection vulnerability in the classified page (classified.php) in BusinessSpace 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
[businessspace-index-sql-injection(48606)]
[33692]
[20090209 [ECHO_ADV_102$2009] BusinessSpace <= 1.2 (id) Remote SQL Injection Vulnerability]
[8011]
[33875]
Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information.
[phpslash-generic-code-execution(48441)]
[33572]
[20090201 phpslash <= 0.8.1.1 Remote Code Execution Exploit]
[7948]
[33717]
[51727]
VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password.
[[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues]
[ADV-2009-0944]
[http://www.vmware.com/security/advisories/VMSA-2009-0005.html]
[34373]
[34585]
[20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues]
[oval:org.mitre.oval:def:6376]
Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.
[TA09-133A]
[33890]
[http://www.adobe.com/support/security/bulletins/apsb09-01.html]
[https://bugzilla.redhat.com/show_bug.cgi?id=487141]
[flash-swf-unspecified-dos(48900)]
[ADV-2009-1297]
[ADV-2009-0743]
[ADV-2009-0513]
[http://support.apple.com/kb/HT3549]
[254909]
[GLSA-200903-23]
[35074]
[34293]
[34226]
[34012]
[RHSA-2009:0334]
[RHSA-2009:0332]
[oval:org.mitre.oval:def:6470]
[APPLE-SA-2009-05-12]
[http://isc.sans.org/diary.html?storyid=5929]
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."
[TA09-133A]
[ADV-2009-0513]
[33880]
[http://www.adobe.com/support/security/bulletins/apsb09-01.html]
[http://isc.sans.org/diary.html?storyid=5929]
[https://bugzilla.redhat.com/show_bug.cgi?id=487142]
[flash-invalid-object-bo(48887)]
[ADV-2009-1297]
[ADV-2009-0743]
[http://support.apple.com/kb/HT3549]
[254909]
[1021750]
[GLSA-200903-23]
[35074]
[34293]
[34226]
[34012]
[RHSA-2009:0334]
[RHSA-2009:0332]
[oval:org.mitre.oval:def:6593]
[APPLE-SA-2009-05-12]
[20090224 Adobe Flash Player Invalid Object Reference Vulnerability]
Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.
http://www.adobe.com/support/security/bulletins/apsb09-01.html
"This update prevents a potential Linux-only information disclosure issue in the Flash Player binary that could lead to privilege escalation. (CVE-2009-0521)"
[ADV-2009-0513]
[http://www.adobe.com/support/security/bulletins/apsb09-01.html]
[https://bugzilla.redhat.com/show_bug.cgi?id=487144]
[flash-unspecified-information-disclosure(48904)]
[GLSA-200903-23]
[34226]
[34012]
[RHSA-2009:0332]
[oval:org.mitre.oval:def:6160]
[http://isc.sans.org/diary.html?storyid=5929]
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack."
Per: http://www.adobe.com/support/security/bulletins/apsb09-01.html
"This update resolves a Windows-only issue with mouse pointer display that could potentially contribute to a Clickjacking attack. (CVE-2009-0522)"
[http://www.adobe.com/support/security/bulletins/apsb09-01.html]
[flash-unspecified-click-hijacking(48903)]
[ADV-2009-0513]
[1021752]
[34012]
[oval:org.mitre.oval:def:6674]
[http://isc.sans.org/diary.html?storyid=5929]
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log.
[ADV-2009-0512]
[33887]
[http://www.adobe.com/support/security/bulletins/apsb09-02.html]
[robohelp-errors-log-xss(48890)]
[1021755]
[34048]
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp.
[33888]
[http://www.adobe.com/support/security/bulletins/apsb09-02.html]
[robohelp-generated-files-xss(48889)]
[ADV-2009-0512]
[1021755]
[34048]
[34032]
Cross-site scripting (XSS) vulnerability in the sajax_get_common_js function in php/Sajax.php in Sajax 0.12 allows remote attackers to inject arbitrary web script or HTML via the URL parameter, which is not properly handled when using browsers that do not URL-encode requests, such as Internet Explorer 6. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[33711]
[33894]
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdaptCMS Lite 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) url and (2) acuparam parameters, and (3) the URI.
[adaptcms-index-xss(48611)]
[33698]
[8016]
[33866]
PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.
[adaptcms-sitepath-file-include(48610)]
[33698]
[8016]
[33866]
SQL injection vulnerability in frame.php in Rhadrix If-CMS 2.07 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
[33697]
[8007]
[33883]
Cross-site scripting (XSS) vulnerability in index.php in SnippetMaster Webpage Editor 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the language parameter.
[33705]
[8017]
[33865]
Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2.2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SCRIPT_PATH] parameter to includes/vars.inc.php and the (2) g_pcltar_lib_dir parameter to includes/tar_lib/pcltar.lib.php.
[33705]
[8017]
[33865]
SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter.
Version 1.2 released which fixed the SQL injection bug. It also properly deletes thumbnails for invalid filetypes (invalid files were removed but the thumbnails remained).
http://www.ontarioabandonedplaces.com/ipguardian/
[bettermember-view-sql-injection(48612)]
[33693]
[http://www.ontarioabandonedplaces.com/ipguardian/gallery/readme.txt]
[8012]
[33874]
Cross-site scripting (XSS) vulnerability in password.php in Scripts For Sites (SFS) EZ Baby allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[ezbaby-password-xss(48547)]
[33635]
[33989]
Cross-site scripting (XSS) vulnerability in password.php in Scripts for Sites EZ Reminder allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[ezreminder-password-xss(48548)]
[33641]
[33989]
SQL injection vulnerability in FlexCMS allows remote attackers to execute arbitrary SQL commands via the catId parameter.
[flexcms-catid-sql-injection(48609)]
[33696]
[8018]
Directory traversal vulnerability in export.php in Thyme 1.3 and earlier, when register_globals is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the export_to parameter.
[8029]
at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.
[33730]
[http://aix.software.ibm.com/aix/efixes/security/at_advisory.asc]
[ibm-aix-at-information-disclosure(48660)]
[http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4558]
[ADV-2009-0405]
[1021704]
[IZ43459]
[IZ43458]
[IZ43457]
[IZ43456]
[IZ43455]
[IZ43454]
[IZ43453]
[IZ43452]
[33915]
[oval:org.mitre.oval:def:6155]
[51952]
Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.
[1021818]
[34008]
[20090305 libc:fts_*():multiple vendors, Denial-of-service]
[http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c.diff?r1=1.41;r2=1.42;f=h]
[http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c]
[8163]
[20090304 libc:fts_*():multiple vendors, Denial-of-service]
Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file).
[http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17.html]
[symantec-pcanywhere-unspecified-dos(49291)]
[ADV-2009-0755]
[33845]
[20090318 Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5]
[http://www.layereddefense.com/pcanywhere17mar.html]
[1021855]
[34305]
[52797]
Cross-site scripting (XSS) vulnerability in Libero 5.3 SP5, and possibly other versions before 5.5 SP1, allows remote attackers to inject arbitrary web script or HTML via the search term field.
[libero-searchterm-xss(48870)]
[ADV-2009-0493]
[33856]
[52263]
[20090222 Libero Cross-Site Scripting Vulnerability - Security Advisory - SOS-09-001]
Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username field in an admin/ request to index.php, possibly related to the login[username] parameter and the app/code/core/Mage/Admin/Model/Session.php login function; (2) the email address field in an admin/index/forgotpassword/ request to index.php, possibly related to the email parameter and the app/code/core/Mage/Adminhtml/controllers/IndexController.php forgotpasswordAction function; or (3) the return parameter to the default URI under downloader/.
[magneto-downloader-xss(48878)]
[magento-forgotpasswordaction-xss(48877)]
[magento-login-xss(48876)]
[33872]
[1021746]
[34000]
[20090223 Magento Multiple Cross-Site Scripting Vulnerabilities - Security Advisory - SOS-09-002]
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
[20090211 Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)]
[20090210 ProFTPd with mod_mysql Authentication Bypass Exploit]
[20090210 Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)]
[20090210 Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)]
[[oss-security] 20090211 Re: CVE request for proftpd]
[[oss-security] 20090211 Re: CVE request for proftpd]
[[oss-security] 20090211 CVE request for proftpd]
[8037]
[MDVSA-2009:061]
[DSA-1730]
[GLSA-200903-27]
[34268]
[http://bugs.proftpd.org/show_bug.cgi?id=3180]
ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
[[oss-security] 20090211 Re: CVE request for proftpd]
[[oss-security] 20090211 CVE request for proftpd]
[MDVSA-2009:061]
[DSA-1730]
[GLSA-200903-27]
[34268]
[http://bugs.proftpd.org/show_bug.cgi?id=3173]
Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length.
[pycrypto-arc2module-bo(48617)]
[33674]
[[oss-security] 20090212 Re: CVE Request: pycrypto]
[[oss-security] 20090207 CVE Request: pycrypto]
[MDVSA-2009:050]
[MDVSA-2009:049]
[GLSA-200903-11]
[35065]
[34199]
[SUSE-SR:2009:010]
[http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d]
[http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b]
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
[http://www.zeroshell.net/eng/patch-details/#C100]
[http://www.zeroshell.net/eng/announcements/]
[ADV-2009-0385]
[20090209 ZeroShell <= 1.0beta11 Remote Code Execution]
[8023]
[http://www.ikkisoft.com/stuff/LC-2009-01.txt]
Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbitrary code via a long text attribute in an outline element in a .opml file.
[33630]
[20090205 [SVRT-02-09] FeedDemon (ver<=2.7) Buffer Overflow Vulnerability]
[8010]
[7995]
[http://security.bkis.vn/?p=329]
[33718]
[51753]
Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077.
[FEDORA-2009-2792]
[FEDORA-2009-2784]
[https://bugzilla.redhat.com/show_bug.cgi?id=484925]
[ADV-2010-1107]
[33720]
[RHSA-2009:0355]
[RHSA-2009:0354]
[MDVSA-2009:078]
[DSA-1813]
[38915]
[35357]
[34363]
[34339]
[34338]
[33848]
[oval:org.mitre.oval:def:9619]
[[oss-security] 20090210 CVE Request -- evolution]
[SUSE-SR:2010:012]
[SUSE-SR:2010:011]
[SUSE-SR:2010:006]
[http://bugzilla.gnome.org/show_bug.cgi?id=564465]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508479]
Cross-site scripting (XSS) vulnerability in the Additional Report Settings interface in ESET Remote Administrator before 3.0.105 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
[ADV-2009-0339]
[http://www.eset.eu/support/changelog-eset-remote-administrator-3]
[33805]
[51804]
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Record Pointer Corruption Vulnerability."
[TA09-160A]
[MS09-021]
[ADV-2009-1540]
[1022351]
[35215]
[oval:org.mitre.oval:def:5830]
[54952]
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."
[TA09-104A]
[MS09-014]
[MS09-013]
[ADV-2009-1028]
[ADV-2009-1027]
[1022041]
[34439]
[http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138]
[http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm]
[34678]
[34677]
[oval:org.mitre.oval:def:7569]
[oval:org.mitre.oval:def:6233]
[oval:org.mitre.oval:def:5320]
[53619]
[http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx]
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
[TA09-104A]
[MS09-014]
[ADV-2009-1028]
[1022042]
[http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138]
[http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm]
[34678]
[oval:org.mitre.oval:def:6164]
[53624]
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
[TA09-104A]
[MS09-014]
[ADV-2009-1028]
[1022042]
[http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm]
[34678]
[oval:org.mitre.oval:def:5551]
[53625]
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
[TA09-104A]
[MS09-014]
[ADV-2009-1028]
[1022042]
[34424]
[http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm]
[http://skypher.com/index.php/2009/04/19/ms09-014-embed-element-memory-corruption/]
[34678]
[oval:org.mitre.oval:def:6069]
[53626]
Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
[TA09-104A]
[MS09-014]
[ADV-2009-1028]
[1022042]
[http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm]
[34678]
[oval:org.mitre.oval:def:5723]
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability."
[TA09-286A]
[MS09-051]
[oval:org.mitre.oval:def:6407]
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
[TA09-132A]
[VU#627331]
[MS09-017]
[http://www.microsoft.com/technet/security/advisory/969136.mspx]
[powerpoint-unspecified-code-execution(49632)]
[http://www.zerodayinitiative.com/advisories/ZDI-09-019]
[ADV-2009-1290]
[ADV-2009-0915]
[1021967]
[34351]
[20090512 ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability]
[34572]
[oval:org.mitre.oval:def:6279]
[oval:org.mitre.oval:def:6204]
[53182]
[http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx]
[http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx]
[http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx]
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability."
[TA09-160A]
[MS09-021]
[ADV-2009-1540]
[1022351]
[35241]
[oval:org.mitre.oval:def:5564]
[54953]
Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
[TA09-160A]
[MS09-021]
[ADV-2009-1540]
[1022351]
[35242]
[20090609 Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability]
[http://secunia.com/secunia_research/2009-1/]
[oval:org.mitre.oval:def:11525]
[54954]
Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
[TA09-160A]
[MS09-021]
[ADV-2009-1540]
[1022351]
[35243]
[oval:org.mitre.oval:def:6273]
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Field Sanitization Memory Corruption Vulnerability."
[TA09-160A]
[MS09-021]
[ADV-2009-1540]
[1022351]
[35244]
[oval:org.mitre.oval:def:6178]
[54956]
Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka "Record Integer Overflow Vulnerability."
[TA09-160A]
[MS09-021]
[ADV-2009-1540]
[1022351]
[35245]
[20090609 Secunia Research: Microsoft Excel String Parsing Integer Overflow Vulnerability]
[http://secunia.com/secunia_research/2009-12/]
[oval:org.mitre.oval:def:5925]
[54957]
[20090609 Microsoft Excel SST Record Integer Overflow Vulnerability]
The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
[TA09-223A]
[MS09-043]
[1022708]
[oval:org.mitre.oval:def:6337]
Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability."
[TA09-160A]
[MS09-027]
[http://www.zerodayinitiative.com/advisories/ZDI-09-035]
[ADV-2009-1546]
[1022356]
[35188]
[20090610 ZDI-09-035: Microsoft Word Document Stack Based Buffer Overflow Vulnerability]
[oval:org.mitre.oval:def:6133]
[54959]
Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability."
[TA09-160A]
[MS09-027]
[ADV-2009-1546]
[1022356]
[35190]
[8206]
[oval:org.mitre.oval:def:6334]
[54960]
Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
[TA09-195A]
[MS09-030]
[ADV-2009-1888]
[1022546]
[35599]
[oval:org.mitre.oval:def:6285]
[55838]
The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
[TA09-160A]
[MS09-026]
[ADV-2009-1545]
[1022357]
[35219]
[oval:org.mitre.oval:def:6227]
[54936]
[http://blogs.technet.com/srd/archive/2009/06/09/ms09-026-how-a-developer-can-know-if-their-rpc-interface-is-affected.aspx]
Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows remote attackers to execute arbitrary code via a mail message with a crafted return receipt request.
[becky-readreceipt-bo(48684)]
[33756]
[http://www.rimarts.jp/downloads/B2/Readme-e.txt]
[33892]
[JVNDB-2009-000011]
[JVN#29641290]
Directory traversal vulnerability in send.php in Ninja Designs Mailist 3.0, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter. NOTE: some of these details are obtained from third party information.
[33648]
[8001]
[33682]
admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory.
[8001]
[33682]
PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when register_globals is enabled and magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the _FNROOTPATH parameter to (1) index.php and (2) filemanager.php.
[flatnuxcms-fnrootpath-file-include(48491)]
[33599]
[20090202 flatnux Flatnux-2009-01-27 Remote File Include]
[7969]
[33721]
[51729]
[51728]
Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx.
[33677]
[http://www.fortconsult.net/images/pdf/advisories/FotoWebXSS_final.pdf]
[33879]
SQL injection vulnerability in index.php in Easy CafeEngine allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-4604.
[ADV-2009-0359]
[33655]
[8002]
Cross-site scripting (XSS) vulnerability in the theme_views_bulk_operations_confirmation function in views_bulk_operations.module in Views Bulk Operations 5.x before 5.x-1.3 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to node titles. NOTE: some of these details are obtained from third party information.
[33622]
[http://drupal.org/node/369223]
[viewsbulk-themeviewsbulk-xss(48516)]
[33836]
[51751]
Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests.
[250086]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-116837-04-1]
[sun-java-sds-ldap-dos(48662)]
[ADV-2009-0409]
[33732]
[33850]
Integer overflow in the WriteProlog function in texttops in CUPS 1.1.17 on Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2008-3640.
[RHSA-2009:0308]
[https://bugzilla.redhat.com/show_bug.cgi?id=486052]
[cups-texttops-writeprolog-bo(48977)]
[cups-texttops-writeprolog-bo(48977)]
[http://support.avaya.com/elmodocs2/security/ASA-2009-064.htm]
[33995]
[oval:org.mitre.oval:def:9968]
GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console.
[https://bugzilla.redhat.com/show_bug.cgi?id=487752]
[networkmanager-dbus-security-bypass(49063)]
[USN-727-1]
[1021909]
[33966]
[RHSA-2009:0361]
[34473]
[34067]
[oval:org.mitre.oval:def:8931]
[SUSE-SR:2009:009]
[SUSE-SA:2009:013]
Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified.
[FEDORA-2009-3231]
[https://bugzilla.redhat.com/show_bug.cgi?id=487216]
[[pam-list] 20090309 Linux-PAM 1.0.4 released]
[FEDORA-2009-3204]
[34733]
[34728]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514437]
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
[ADV-2009-1496]
[http://tomcat.apache.org/security-6.html]
[http://tomcat.apache.org/security-5.html]
[http://tomcat.apache.org/security-4.html]
[http://svn.apache.org/viewvc?rev=781382&view=rev]
[http://svn.apache.org/viewvc?rev=781379&view=rev]
[http://svn.apache.org/viewvc?rev=747840&view=rev]
[FEDORA-2009-11356]
[FEDORA-2009-11352]
[FEDORA-2009-11374]
[tomcat-jsecuritycheck-info-disclosure(50930)]
[ADV-2010-3056]
[ADV-2009-3316]
[ADV-2009-1856]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[35196]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[20090605 [SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication]
[20090604 Re: [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication]
[20090603 [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication]
[MDVSA-2010:176]
[MDVSA-2009:138]
[MDVSA-2009:136]
[DSA-2207]
[http://support.apple.com/kb/HT4077]
[263529]
[1022332]
[42368]
[37460]
[35788]
[35685]
[35344]
[35326]
[oval:org.mitre.oval:def:9101]
[oval:org.mitre.oval:def:6628]
[HPSBUX02579]
[HPSBUX02579]
[SUSE-SR:2009:012]
[APPLE-SA-2010-03-29-1]
Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
[ADV-2009-0775]
[34185]
[FEDORA-2009-3034]
[FEDORA-2009-2983]
[FEDORA-2009-2982]
[FEDORA-2009-2970]
[FEDORA-2009-2928]
[FEDORA-2009-2910]
[FEDORA-2009-2903]
[RHSA-2009:0377]
[https://bugzilla.redhat.com/show_bug.cgi?id=487509]
[littlecms-unspecified-dos(49328)]
[USN-744-1]
[1021870]
[20090320 [oCERT-2009-003] LittleCMS integer errors]
[20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)]
[RHSA-2009:0339]
[http://www.ocert.org/advisories/ocert-2009-003.html]
[MDVSA-2009:162]
[MDVSA-2009:137]
[MDVSA-2009:121]
[DSA-1769]
[DSA-1745]
[SSA:2009-083-01]
[GLSA-200904-19]
[34782]
[34675]
[34632]
[34463]
[34454]
[34450]
[34442]
[34418]
[34408]
[34400]
[34382]
[34367]
[http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html]
[http://scary.beasts.org/security/CESA-2009-003.html]
[oval:org.mitre.oval:def:10023]
[SUSE-SR:2009:007]
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.
[FEDORA-2009-2792]
[FEDORA-2009-2784]
[https://bugzilla.redhat.com/show_bug.cgi?id=487685]
[evolution-ntlmsasl-info-disclosure(49233)]
[ADV-2009-0716]
[34109]
[RHSA-2009:0358]
[RHSA-2009:0355]
[RHSA-2009:0354]
[MDVSA-2009:078]
[DSA-1813]
[1021845]
[35357]
[35065]
[34363]
[34348]
[34339]
[34338]
[34286]
[oval:org.mitre.oval:def:10081]
[52673]
[[release-team] 20090312 Another Evolution-Data-Server freeze break]
[SUSE-SR:2009:010]
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
[ESB-2009.0259]
[FEDORA-2009-3031]
[FEDORA-2009-3011]
[FEDORA-2009-2885]
[FEDORA-2009-2883]
[https://issues.rpath.com/browse/RPL-2991]
[https://bugzilla.redhat.com/show_bug.cgi?id=487742]
[ghostscript-icclib-native-color-bo(49329)]
[ADV-2009-1708]
[ADV-2009-0816]
[ADV-2009-0777]
[ADV-2009-0776]
[USN-757-1]
[USN-743-1]
[34184]
[20090319 rPSA-2009-0050-1 ghostscript]
[RHSA-2009:0345]
[MDVSA-2009:096]
[MDVSA-2009:095]
[GLSA-200903-37]
[DSA-1746]
[http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050]
[http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm]
[262288]
[1021868]
[35569]
[35559]
[34729]
[34469]
[34443]
[34437]
[34418]
[34398]
[34393]
[34381]
[34373]
[34266]
[oval:org.mitre.oval:def:10795]
[SUSE-SR:2009:007]
[http://bugs.gentoo.org/show_bug.cgi?id=261087]
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
[ESB-2009.0259]
[FEDORA-2009-3031]
[FEDORA-2009-3011]
[FEDORA-2009-2885]
[FEDORA-2009-2883]
[https://issues.rpath.com/browse/RPL-2991]
[https://bugzilla.redhat.com/show_bug.cgi?id=487744]
[ghostscript-icclib-bo(49327)]
[ADV-2009-1708]
[ADV-2009-0816]
[ADV-2009-0777]
[ADV-2009-0776]
[USN-757-1]
[USN-743-1]
[34184]
[20090319 rPSA-2009-0050-1 ghostscript]
[RHSA-2009:0345]
[MDVSA-2009:096]
[MDVSA-2009:095]
[GLSA-200903-37]
[DSA-1746]
[http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050]
[http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm]
[262288]
[1021868]
[35569]
[35559]
[34729]
[34469]
[34443]
[34437]
[34418]
[34398]
[34393]
[34381]
[34373]
[34266]
[oval:org.mitre.oval:def:10544]
[52988]
[SUSE-SR:2009:007]
[http://bugs.gentoo.org/show_bug.cgi?id=261087]
Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation.
[34100]
[[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows]
[http://ocert.org/patches/2008-015/libsoup-CVE-2009-0585.diff]
[libsoup-soupmisc-bo(49273)]
[USN-737-1]
[20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows]
[RHSA-2009:0344]
[http://www.ocert.org/advisories/ocert-2008-015.html]
[MDVSA-2009:081]
[DSA-1748]
[http://support.avaya.com/elmodocs2/security/ASA-2009-088.htm]
[35065]
[34401]
[34337]
[34310]
[oval:org.mitre.oval:def:9599]
[SUSE-SR:2009:010]
Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.
[34100]
[[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows]
[http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff]
[gstreamer-gstvorbistagaddcoverart-bo(49274)]
[USN-735-1]
[20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows]
[http://www.ocert.org/advisories/ocert-2008-015.html]
[MDVSA-2009:085]
[GLSA-200907-11]
[35777]
[34350]
[34335]
[oval:org.mitre.oval:def:9694]
[SUSE-SR:2009:009]
[http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9]
Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel.
[34100]
[[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows]
[http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff]
[http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff]
[USN-733-1]
[20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows]
[RHSA-2009:0358]
[RHSA-2009:0355]
[RHSA-2009:0354]
[http://www.ocert.org/advisories/ocert-2008-015.html]
[MDVSA-2009:078]
[DSA-1813]
[35357]
[34351]
[34348]
[34339]
[34338]
[oval:org.mitre.oval:def:11385]
[52703]
[52702]
[SUSE-SR:2010:012]
agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field.
[https://bugzilla.redhat.com/show_bug.cgi?id=484828]
[RHSA-2009:1065]
[https://bugzilla.redhat.com/show_bug.cgi?id=488706]
[1022278]
[35104]
[35263]
[35242]
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
[ADV-2009-0850]
[34256]
[http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847]
[[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released]
[[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released]
[https://kb.bluecoat.com/index?page=content&id=SA50]
[openssl-asn1-stringprintex-dos(49431)]
[ADV-2010-3126]
[ADV-2010-0528]
[ADV-2009-1548]
[ADV-2009-1220]
[ADV-2009-1175]
[ADV-2009-1020]
[http://www.vmware.com/security/advisories/VMSA-2010-0019.html]
[USN-750-1]
[20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console]
[20090403 rPSA-2009-0057-1 m2crypto openssl openssl-scripts]
[http://www.php.net/archive/2009.php#id2009-04-08-1]
[52864]
[http://www.openssl.org/news/secadv_20090325.txt]
[MDVSA-2009:087]
[DSA-1763]
[http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057]
[http://wiki.rpath.com/Advisories:rPSA-2009-0057]
[http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html]
[http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm]
[http://support.apple.com/kb/HT3865]
[258048]
[1021905]
[FreeBSD-SA-09:08]
[42733]
[42724]
[42467]
[38834]
[38794]
[36701]
[35729]
[35380]
[35181]
[35065]
[34960]
[34896]
[34666]
[34561]
[34509]
[34460]
[34411]
[oval:org.mitre.oval:def:6996]
[oval:org.mitre.oval:def:10198]
[SSRT090062]
[SSRT090062]
[SSRT090059]
[SSRT090059]
[[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates]
[SUSE-SU-2011:0847]
[openSUSE-SU-2011:0845]
[SUSE-SR:2009:010]
[APPLE-SA-2009-09-10-2]
[NetBSD-SA2009-008]
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.
[https://kb.bluecoat.com/index?page=content&id=SA50]
[openssl-cmsverify-security-bypass(49432)]
[ADV-2009-1548]
[ADV-2009-1175]
[ADV-2009-1020]
[ADV-2009-0850]
[34256]
[http://www.php.net/archive/2009.php#id2009-04-08-1]
[52865]
[http://www.openssl.org/news/secadv_20090325.txt]
[http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html]
[http://support.apple.com/kb/HT3865]
[http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847]
[1021907]
[42733]
[42724]
[36701]
[35729]
[35380]
[35065]
[34666]
[34460]
[34411]
[SSRT090059]
[SSRT090059]
[SUSE-SR:2009:010]
[APPLE-SA-2009-09-10-2]
[NetBSD-SA2009-008]
Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ModName parameter to (1) admin_words.php, (2) admin_groups_reapir.php, (3) admin_smilies.php, (4) admin_ranks.php, (5) admin_styles.php, and (6) admin_users.php in admin/.
[33103]
[7658]
[33365]
SQL injection vulnerability in members.php in plx Auto Reminder 3.7 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a newar action.
[33106]
[7663]
[33283]
Cross-site scripting (XSS) vulnerability in index.php in phpSkelSite 1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
[33092]
[7648]
[33382]
PHP remote file inclusion vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.
[33092]
[7648]
[33382]
Directory traversal vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the TplSuffix parameter.
[33092]
[7648]
[33382]
SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action.
[33082]
[7640]
[33364]
[51108]
[http://forum.w3bcms.de/viewtopic.php?f=5&t=256]
SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
[33105]
[7660]
[33332]
Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file.
[33690]
[FEDORA-2009-1877]
[https://issues.rpath.com/browse/RPL-2984]
[https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2590]
[http://www.wireshark.org/security/wnpa-sec-2009-01.html]
[ADV-2009-0370]
[1021697]
[20090312 rPSA-2009-0040-1 tshark wireshark]
[RHSA-2009:0313]
[http://wiki.rpath.com/Advisories:rPSA-2009-0040]
[http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm]
[34344]
[34264]
[34144]
[33872]
[oval:org.mitre.oval:def:9677]
[51815]
[SUSE-SR:2009:005]
Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame.
[FEDORA-2009-1877]
[https://issues.rpath.com/browse/RPL-2984]
[https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1937]
[http://www.wireshark.org/security/wnpa-sec-2009-01.html]
[ADV-2009-0370]
[1021697]
[33690]
[20090312 rPSA-2009-0040-1 tshark wireshark]
[RHSA-2009:0313]
[http://wiki.rpath.com/Advisories:rPSA-2009-0040]
[http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm]
[34344]
[34264]
[34144]
[33872]
[oval:org.mitre.oval:def:10853]
[SUSE-SR:2009:005]
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.
Per http://www.vupen.com/english/advisories/2009/0370:
"Multiple vulnerabilities have been identified in Wireshark, which could be exploited by local or remote attackers to cause a denial of service or compromise a vulnerable system."
[33690]
[https://issues.rpath.com/browse/RPL-2984]
[https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3150]
[http://www.wireshark.org/security/wnpa-sec-2009-01.html]
[ADV-2009-0370]
[1021697]
[20090312 rPSA-2009-0040-1 tshark wireshark]
[http://wiki.rpath.com/Advisories:rPSA-2009-0040]
[34264]
[SUSE-SR:2009:005]
Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi 1.11 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/.
[wikkitikkitavi-upload-file-upload(48571)]
[33647]
[7998]
Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some of these details are obtained from third party information.
[link-description-xss(48553)]
[33642]
[33835]
[51780]
[20090205 Drupal Link Module XSS Vulnerability]
SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter.
[ADV-2009-0379]
[33694]
[8014]
Stack consumption vulnerability in the do_page_fault function in arch/x86/mm/fault.c in the Linux kernel before 2.6.28.5 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via unspecified vectors that trigger page faults on a machine that has a registered Kprobes probe.
[33758]
[USN-751-1]
[http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.5]
[http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=9be260a646bf76fa418ee519afa10196b3164681]
The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by certain groups, possibly a related issue to CVE-2002-0820.
[android-dynamic-linker-privilege-escalation(48840)]
[33695]
[20090208 rooting your own phone: android security]
Multiple integer overflows in malloc_leak.c in Bionic in Open Handset Alliance Android 1.0 have unknown impact and attack vectors, related to the (1) chk_calloc and (2) leak_calloc functions.
[android-malloc-overflow(48841)]
[33695]
[20090208 rooting your own phone: android security]
Integer overflow in the showLog function in fake_log_device.c in liblog in Open Handset Alliance Android 1.0 allows attackers to trigger a buffer overflow and possibly have unspecified other impact by sending a large number of input lines.
[android-showlog-bo(48842)]
[33695]
[20090208 rooting your own phone: android security]
Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests.
[251086]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-125276-08-1]
[33761]
[33923]
Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[33814]
[51816]
Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter.
[quickfinderserver-multiple-xss(48619)]
[ADV-2009-0421]
[1021695]
[33708]
[33886]
[http://packetstormsecurity.org/0902-exploits/nqfs-xss.txt]
[51941]
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.
[interscan-proxyauthorization-info-disc(48681)]
[1021716]
[33687]
[20090209 Trend micro - IWSVA/IWSS - Authorization module password leak]
[33891]
Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages.
[ADV-2009-0369]
[http://www.trendmicro.com/ftp/documentation/readme/iwss_31_win_en_readme_CP_1237_EN.txt]
[1021694]
[33867]
Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL.
[cisco-meetingplace-unauth-access(48888)]
[33901]
[20090225 Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability]
Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid directory permissions."
[1021770]
[33903]
[20090225 Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities]
Cisco Application Networking Manager (ANM) before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to "default user credentials during installation."
[1021771]
[33903]
[20090225 Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities]
Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files.
[1021771]
[33903]
[20090225 Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities]
Unspecified vulnerability in the Java agent in Cisco Application Networking Manager (ANM) before 2.0 Update A allows remote attackers to gain privileges, and cause a denial of service (service outage) by stopping processes, or obtain sensitive information by reading configuration files.
[20090225 Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities]
[1021772]
[33903]
Unspecified vulnerability in the Session Border Controller (SBC) before 3.0(2) for Cisco 7600 series routers allows remote attackers to cause a denial of service (SBC card reload) via crafted packets to TCP port 2000.
[20090304 Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability]
[cisco-sbc-dos(49055)]
[1021787]
[33975]
Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access.
[33900]
[20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine]
Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access.
[20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine]
[33900]
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI).
Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml
Cisco ACE module software can be downloaded from:
http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=280557289
Cisco ACE 4710 Application Control Engine appliance software can be downloaded from:
http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=281222179
[20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine]
[33900]
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet.
[33900]
[20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine]
Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet.
Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml
"Note: SNMPv2c must be explicitly configured in an affected device in order to process any SNMPv2c transactions. SNMPv2c is not enabled by default."
[20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine]
[1021769]
[33900]
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet.
[1021769]
[33900]
[20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine]
The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet.
[ios-sslvpn-dos(49425)]
[ADV-2009-0851]
[34239]
[http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml]
[20090325 Cisco IOS Software WebVPN and SSLVPN Vulnerabilities]
[1021896]
[34438]
[oval:org.mitre.oval:def:6919]
Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when running on Nexus 5000 platforms, allows remote attackers to cause a denial of service (crash) via an unspecified "sequence of TCP packets" related to "TCP State manipulation," possibly related to separate attacks against CVE-2008-4609.
[20090908 TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products]
[1022847]
Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak.
[ios-sslvpn-tcbleak-dos(49427)]
[ADV-2009-0851]
[34239]
[http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml]
[20090325 Cisco IOS Software WebVPN and SSLVPN Vulnerabilities]
[1021896]
[34438]
[oval:org.mitre.oval:def:12092]
The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) via a series of crafted TCP packets.
[ios-tcp-dos(49420)]
[ADV-2009-0851]
[34238]
[20090325 Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability]
[http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml]
[1021903]
[34438]
The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission Control HTTP Authentication Proxy; (6) Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass; (7) Distributed Director with HTTP Redirects; and (8) TCP DNS features in Cisco IOS 12.0 through 12.4 do not properly handle IP sockets, which allows remote attackers to cause a denial of service (outage or resource consumption) via a series of crafted TCP packets.
[ios-ipsockets-dos(49418)]
[ADV-2009-0851]
[34242]
[20090325 Cisco IOS Software Multiple Features IP Sockets Vulnerability]
[http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml]
[1021897]
[34438]
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol (MGCP) allows remote attackers to cause a denial of service (blocked input queue on the inbound interface) via a crafted UDP packet.
[http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml]
[20090325 Cisco IOS Software Multiple Features Crafted UDP Packet Vulnerability]
[ios-udp-dos(49419)]
[1021904]
[34245]
[oval:org.mitre.oval:def:6720]
The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.
Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a8643c.shtml
"Impact
Successful exploitation of this vulnerability may allow an attacker to intercept user credentials that allow the attacker to escalate their privilege level and obtain complete administrative access to a vulnerable Cisco Unified Communications Manager system. If integrated with an external directory service, the intercepted user credentials may allow an attacker to gain access to additional systems configured to use the directory service for authentication."
[ADV-2009-0675]
[20090311 Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability]
[cucm-pab-privilege-escalation(49196)]
[1021839]
[34082]
[20090311 Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability]
[34238]
[52589]
Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6 packets, aka Bug ID CSCsm97220.
[ios-mobile-dos(49424)]
[ADV-2009-0851]
[34241]
[http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml]
[20090325 Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities]
[1021898]
[34438]
[oval:org.mitre.oval:def:12290]
Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via an ICMP packet, aka Bug ID CSCso05337.
[ios-mobile-ha-dos(49585)]
[ios-mobile-dos(49424)]
[ADV-2009-0851]
[34241]
[http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml]
[20090325 Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities]
[1021898]
[34438]
[oval:org.mitre.oval:def:12043]
Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.
Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml
Obtaining Fixed Software
Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html , or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml .
[http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml]
[20090325 Cisco IOS cTCP Denial of Service Vulnerability]
[ios-ctcp-dos(49417)]
[ADV-2009-0851]
[1021895]
[34246]
[34438]
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message.
[20090325 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability]
[http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml]
[ios-sip-dos(49421)]
[ADV-2009-0851]
[34243]
[1021902]
[34438]
The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command.
[ios-scp-priv-escalation(49423)]
[ADV-2009-0851]
[34247]
[20090325 Cisco IOS Software Secure Copy Privilege Escalation Vulnerability]
[http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml]
[1021899]
[34438]
The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 before 3.2(13), and 4.0 before 4.0(6) for Cisco Catalyst 6500 switches and Cisco 7600 routers allows remote attackers to cause a denial of service (traffic-handling outage) via a series of malformed ICMP messages.
[36085]
[20090819 Firewall Services Module Crafted ICMP Message Vulnerability]
[cisco-fwsm-icmp-dos(52591)]
[ADV-2009-2329]
[1022747]
[36373]
PHP remote file inclusion vulnerability in moduli/libri/index.php in phpyabs 0.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the Azione parameter.
[ADV-2009-0361]
[33670]
[8005]
Directory traversal vulnerability in the administrative web server in Swann DVR4-SecuraNet allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by reading the vy_netman.cfg file that contains passwords.
[33716]
[20090210 Remote Authentication Bypass - Swann DVR4 SecuraNet (possibly DVR9 as well)]
[33861]
[http://packetstorm.linuxsecurity.com/0902-exploits/cctv-disclose.txt]
[51897]
sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library.
[FreeBSD-SA-09:05]
[freebsd-telnet-ldpreload-code-execution(48780)]
[33777]
[8055]
[20090214 FreeBSD zeroday]
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.
[ruby-ocspbasicverify-spoofing(48761)]
[USN-805-1]
[1022505]
[33769]
[RHSA-2009:1140]
[MDVSA-2009:193]
[35937]
[35699]
[33750]
[http://redmine.ruby-lang.org/issues/show/1091]
[oval:org.mitre.oval:def:11450]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528]
Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of these details are obtained from third party information.
[simplephpnews-news-code-execution(48829)]
[ADV-2009-0357]
[7999]
[33814]
[51816]
The HTTP interface in Swann DVR4-SecuraNet has a certain default administrative username and password, which makes it easier for remote attackers to obtain privileged access.
[20090210 Remote Authentication Bypass - Swann DVR4 SecuraNet (possibly DVR9 as well)]
[http://packetstorm.linuxsecurity.com/0902-exploits/cctv-disclose.txt]
Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445.
Reference links indicate file inclusion and script or code execution in addition to information exposure.
[http://www.jaws-project.com/blog/show/jaws-089-released]
[jaws-index-file-include(48476)]
[33607]
[7976]
Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml.
[4sitecms-faq-sql-injection(48488)]
[4sitecms-news-sql-injection(48487)]
[4sitecms-hotels-sql-injection(48486)]
[4sitecms-pages-sql-injection(48483)]
[33594]
[20101019 SQL Injection in 4site CMS]
[51809]
[51808]
[51807]
[51806]
[7964]
[http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html]
[http://wsec.ru/wsec-09-002-4site-cms-26-multiple-sql-injections/]
[33733]
msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown.
[wlm-packets-dos(48810)]
[ADV-2009-0466]
[33825]
[20090218 RE: hello bug in windows live messenger]
[33985]
Multiple cross-site request forgery (CSRF) vulnerabilities in the manage_users handler in admin/index.php in Falt4 CMS (aka Falt4 Extreme) RC4 allow remote attackers to hijack the authentication of administrators for requests that change passwords via the (1) edit and (2) edit_now actions.
[falt4-unspecified-csrf(48786)]
[falt4-admin-index-csrf(48786)]
[33973]
[http://packetstorm.linuxsecurity.com/0902-exploits/falt4-cms-xsrf.txt]
The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method.
[nokian95-setattributenode-dos(48763)]
[33767]
[20090213 Nokia N95 browser "setAttributeNode" method crash]
[8051]
Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 and earlier, and possibly 5.02, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a STATS line with a long pwd field. NOTE: some of these details are obtained from third party information.
[tptest-pwd-bo(48781)]
[33785]
[8058]
[33972]
Unspecified vulnerability in the Veritas network daemon (aka vnetd) in Symantec Veritas NetBackup Server / Enterprise Server 5.x, 6.0 before MP7 SP1, and 6.5 before 6.5.3.1 allows remote attackers to execute arbitrary code via unknown vectors related to "initial communications setup."
[http://seer.entsupport.symantec.com/docs/317828.htm]
[veritas-netbackup-vnetd-privilege-escalation(48795)]
[ADV-2009-1097]
[ADV-2009-0461]
[1021734]
[33772]
[253287]
[http://securityresponse.symantec.com/avcenter/security/Content/2009.02.17.html]
[33953]
[52269]
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.
[FEDORA-2009-3875]
[https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf]
[mozilla-firefox-homoglyph-spoofing(48974)]
[ADV-2009-1125]
[USN-764-1]
[33837]
[RHSA-2009:0436]
[http://www.mozilla.org/security/announce/2009/mfsa2009-15.html]
[MDVSA-2009:111]
[DSA-1830]
[DSA-1797]
[http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike]
[35065]
[35042]
[34894]
[34844]
[34843]
[34096]
[RHSA-2009:0437]
[oval:org.mitre.oval:def:11396]
[SUSE-SR:2009:010]
[[dailydave] 20090220 SSL MITM fun.]
[[dailydave] 20090219 SSL MITM fun.]
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
[https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf]
[http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike]
Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."
[http://www.blackhat.com/presentations/bh-dc-09/Fu/BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf]
[http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Fu]
[http://blog.torproject.org/blog/one-cell-enough]
Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user.
[lenovo-plainimage-unauth-access(48961)]
[32700]
[20081208 [SVRT-07-08] Vulnerability in Face Recognition Authentication Mechanism of Lenovo-Asus-Toshiba Laptops]
[http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf]
[http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen]
[http://security.bkis.vn/?p=292]
Asus SmartLogon 1.0.0005 allows physically proximate attackers to bypass "security functions" by presenting an image with a modified viewpoint that matches the posture of a stored image of the authorized notebook user.
[asus-image-security-bypass(48962)]
[32700]
[20081208 [SVRT-07-08] Vulnerability in Face Recognition Authentication Mechanism of Lenovo-Asus-Toshiba Laptops]
[http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf]
[http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen]
[http://security.bkis.vn/?p=292]
Toshiba Face Recognition 2.0.2.32 allows physically proximate attackers to obtain notebook access by presenting a large number of images for which the viewpoint and lighting have been modified to match a stored image of the authorized notebook user.
[toshibaface-notebook-unauth-access(48963)]
[32700]
[20081208 [SVRT-07-08] Vulnerability in Face Recognition Authentication Mechanism of Lenovo-Asus-Toshiba Laptops]
[http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf]
[http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen]
[http://security.bkis.vn/?p=292]
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
[TA09-051A]
[VU#905281]
[adobe-acrobat-reader-image-bo(48825)]
[ADV-2009-1019]
[ADV-2009-0472]
[http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2]
[http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219]
[1021739]
[33751]
[RHSA-2009:0376]
[8099]
[8090]
[http://www.adobe.com/support/security/bulletins/apsb09-04.html]
[http://www.adobe.com/support/security/advisories/apsa09-01.html]
[256788]
[GLSA-200904-17]
[34790]
[34706]
[34490]
[34392]
[33901]
[oval:org.mitre.oval:def:5697]
[52073]
[SUSE-SR:2009:009]
[SUSE-SA:2009:014]
[http://isc.sans.org/diary.html?n&storyid=5902]
Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 allows remote attackers to have an unknown impact via a STATS line with a long email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[tptest-getstatsfromline-bo(48953)]
[tptest-pwd-bo(48781)]
[33972]
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487.
[34064]
[mahara-userprofile-xss(49168)]
[ADV-2009-0665]
[DSA-1736]
[http://wiki.mahara.org/Release_Notes/1.1.2]
[34231]
[34222]
[http://mahara.org/interaction/forum/topic.php?id=350]
Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read.
[ADV-2009-0758]
[34148]
[weechat-ircmessage-dos(49295)]
[[oss-security] 20090317 Re: CVE request -- firefox, vlc, WeeChat]
[DSA-1744]
[http://weechat.flashtux.org/]
[34328]
[34304]
[http://savannah.nongnu.org/bugs/index.php?25862]
[52763]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940]
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
[http://plone.org/products/plone/security/advisories/cve-2009-0662]
[plone-unspecified-session-hijacking(50061)]
[34664]
[34840]
[53975]
Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.
[http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz]
[https://launchpad.net/bugs/cve/2009-0663]
[libdbdpgperl-unspecified-bo(50467)]
[34755]
[RHSA-2009:1067]
[RHSA-2009:0479]
[DSA-1780]
[35685]
[35058]
[34909]
[oval:org.mitre.oval:def:9499]
[SUSE-SR:2009:012]
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view.
[34677]
[DSA-1778]
[34871]
[34789]
[53892]
[53891]
[http://mahara.org/interaction/forum/topic.php?id=532]
Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory.
[ADV-2009-1809]
[35593]
[http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=144]
[DSA-1828]
[http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.diff.gz]
[http://nana.rulezlan.org/~goneri/ocsinventory-agent/Ocsinventory-Agent-0.0.9.3.tar.gz]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506416]
[35768]
[35727]
[55718]
Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.
[zope-protocol-code-execution(52377)]
[ADV-2009-2217]
[35987]
[36205]
[36204]
[http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2]
[56827]
[[zope-announce] 20090806 CVE-2009-0668 and CVE-2009-0669: Releases to fix ZODB ZEO server vulnerabilities]
Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.
[http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2]
[zope-protocol-auth-bypass(52379)]
[ADV-2009-2217]
[35987]
[36205]
[36204]
[56826]
[[zope-announce] 20090806 CVE-2009-0668 and CVE-2009-0669: Releases to fix ZODB ZEO server vulnerabilities]
** REJECT ** Format string vulnerability in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit imap-2007d and other applications, allows remote attackers to execute arbitrary code via format string specifiers in the initial request to the IMAP port (143/tcp). NOTE: Red Hat has disputed the vulnerability, stating "The Red Hat Security Response Team have been unable to confirm the existence of this format string vulnerability in the toolkit, and the sample published exploit is not complete or functional." CVE agrees that the exploit contains syntax errors and uses Unix-only include files while invoking Windows functions.
SQL injection vulnerability in the Resend_Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user_prefix parameter to modules.php.
[33787]
[ravennuke-modules-sql-injection(48791)]
[http://www.waraxe.us/advisory-72.html]
[20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0]
[8068]
[http://ravenphpscripts.com/postt17156.html]
[52298]
Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php.
[ravennuke-admin-code-execution(48790)]
[http://www.waraxe.us/advisory-72.html]
[33787]
[20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0]
[8068]
[http://ravenphpscripts.com/postt17156.html]
images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote attackers to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the error messages, which differ between existing and nonexistent pathnames.
[ravennuke-captcha-afonts-info-disclosure(48983)]
[ravennuke-captcha-info-disc-var1(48983)]
[ravennuke-captcha-info-disclosure(48792)]
[http://www.waraxe.us/advisory-72.html]
[33787]
[20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0]
[8068]
[http://ravenphpscripts.com/postt17156.html]
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue.
[https://bugzilla.redhat.com/show_bug.cgi?id=486534]
[ADV-2009-3316]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-751-1]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:0360]
[RHSA-2009:0326]
[MDVSA-2009:071]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.6]
[DSA-1794]
[DSA-1787]
[DSA-1749]
[37471]
[35394]
[35011]
[34981]
[34680]
[34502]
[34394]
[33938]
[33758]
[oval:org.mitre.oval:def:8685]
[oval:org.mitre.oval:def:11529]
[[oss-security] 20090220 CVE request: kernel: skfp_ioctl inverted logic flaw]
[[netdev] 20090128 [PATCH] drivers/net/skfp: if !capable(CAP_NET_ADMIN): inverted logic]
[SUSE-SA:2009:031]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c25b9abbc2c2c0da88e180c3933d6e773245815a]
The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.
[33846]
[https://bugzilla.redhat.com/show_bug.cgi?id=486305]
[kernel-sock-information-disclosure(48847)]
[ADV-2009-3316]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-751-1]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:0360]
[RHSA-2009:0326]
[[oss-security] 20090302 Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt]
[[oss-security] 20090224 Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt]
[MDVSA-2009:071]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.6]
[DSA-1794]
[DSA-1787]
[DSA-1749]
[37471]
[35394]
[35390]
[35011]
[34981]
[34962]
[34786]
[34680]
[34502]
[34394]
[33758]
[RHSA-2009:0459]
[http://patchwork.kernel.org/patch/6816/]
[oval:org.mitre.oval:def:8618]
[oval:org.mitre.oval:def:11653]
[[oss-security] 20090220 CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt]
[[linux-kernel] 20090223 net: amend the fix for SO_BSDCOMPAT gsopt infoleak]
[[linux-kernel] 20090212 [PATCH] 4 bytes kernel memory disclosure in SO_BSDCOMPAT gsopt try #2]
[SUSE-SA:2009:031]
[SUSE-SA:2009:030]
[SUSE-SA:2009:021]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=df0bca049d01c0ee94afb7cd5dfd959541e6c8da]
avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with the eval switch, as specified in an element of the patterns array.
[ravennuke-avatarlist-code-execution(48789)]
[http://www.waraxe.us/advisory-72.html]
[33787]
[20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0]
[52007]
[8068]
[33928]
[http://ravenphpscripts.com/postt17156.html&sid=12d1201371612260a42fa846ebce7bad]
images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message.
[ravennuke-captcha-info-disclosure(48792)]
[http://www.waraxe.us/advisory-72.html]
[20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0]
[8068]
[http://ravenphpscripts.com/postt17156.html]
Cross-site scripting (XSS) vulnerability in the Your Account module in RavenNuke 2.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[ravennuke-youraccount-xss(48978)]
[http://ravenphpscripts.com/postt17156.html]
[52299]
cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences.
[netgear-ssl312-dos(48605)]
[33675]
[8008]
[http://www.helith.net/txt/netgear_ssl312_remote_dos.txt]
[33896]
[20090208 Netgear SSL312 Router - remote DoS]
PGP Desktop before 9.10 allows local users to (1) cause a denial of service (crash) via a crafted IOCTL request to pgpdisk.sys, and (2) cause a denial of service (crash) and execute arbitrary code via a crafted IRP in an IOCTL request to pgpwded.sys.
[http://en.securitylab.ru/lab/PT-2009-01]
[https://pgp.custhelp.com/cgi-bin/pgp.cfg/php/enduser/std_adp.php?p_faqid=1014&p_topview=1]
[1022034]
[20090413 [Suspected Spam][Positive Technologies SA 2009-01] PGP Desktop Pgpdisk.sys And Pgpwded.sys Multiple Vulnerabilities]
vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0.0.184 in Internet Security Suite r4, and vetmonnt.sys before 10.0.0.217 in Internet Security Suite r5 do not properly verify IOCTL calls, which allows local users to cause a denial of service (system crash) via a crafted call.
[https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214673]
[20090826 [PT-2009-05] CA Internet Security Suite Denial of Service Vulnerability]
[20090818 CA20090818-02: Security Notice for CA Internet Security Suite]
[57228]
[http://en.securitylab.ru/lab/PT-2009-05]
The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory.
[trend-tmactmon-privilege-escalation(49513)]
[1021955]
[34304]
[20090331 [Positive Technologies SA 2009-09] Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities]
[8322]
[http://milw0rm.com/sploits/2009-trendmicro_local_expl_0day.zip]
[http://en.securitylab.ru/lab/PT-2009-09]
The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload.
[ADV-2009-1015]
[[4.5] 002: RELIABILITY FIX: April 11, 2009]
[[4.4] 013: RELIABILITY FIX: April 11, 2009]
[[4.3] 013: RELIABILITY FIX: April 11, 2009]
[ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch]
[openbsd-packetfilter-dos(49837)]
[20090413 OpenBSD 4.3 up to OpenBSD-current: PF null pointer dereference - remote DoS (kernel panic)]
[53608]
[8581]
[8406]
[http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt]
[NetBSD-SA2009-001]
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.
[VU#238019]
[TA10-103B]
[34961]
[ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz]
[solaris-sasl-saslencode64-bo(50554)]
[ADV-2009-2012]
[ADV-2009-1313]
[USN-790-1]
[1022231]
[RHSA-2009:1116]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html]
[MDVSA-2009:113]
[DSA-1807]
[http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091]
[http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm]
[http://support.apple.com/kb/HT4077]
[1021699]
[1020755]
[273910]
[264248]
[259148]
[SSA:2009-134-01]
[GLSA-200907-09]
[39428]
[35746]
[35497]
[35416]
[35321]
[35239]
[35206]
[35102]
[35097]
[35094]
[oval:org.mitre.oval:def:6136]
[oval:org.mitre.oval:def:10687]
[54515]
[54514]
[SUSE-SR:2009:011]
[APPLE-SA-2010-03-29-1]
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
[35510]
[http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c]
[1022478]
[http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h]
[https://bugzilla.mozilla.org/show_bug.cgi?id=516862]
[https://bugzilla.mozilla.org/show_bug.cgi?id=516396]
[ADV-2010-0650]
[ADV-2010-0648]
[ADV-2010-0094]
[ADV-2009-3334]
[ADV-2009-3299]
[ADV-2009-3297]
[USN-915-1]
[20091210 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)]
[20091210 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)]
[20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)]
[20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)]
[RHSA-2010:0154]
[RHSA-2010:0153]
[RHSA-2009:1601]
[http://www.opera.com/support/kb/view/942/]
[http://www.mozilla.org/security/announce/2009/mfsa2009-59.html]
[MDVSA-2009:330]
[MDVSA-2009:294]
[http://support.apple.com/kb/HT4225]
[http://support.apple.com/kb/HT4077]
[272909]
[20100108 MacOS X 10.5/10.6 libc/strtod(3) buffer overflow]
[20091211 Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution)]
[20091211 Sunbird 0.9 Array Overrun (code execution)]
[20091211 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)]
[20091211 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)]
[20091120 Opera 10.01 Remote Array Overrun (Arbitrary code execution)]
[20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)]
[20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)]
[20091030 Multiple BSD printf(1) and multiple dtoa/*printf(3) vulnerabilities]
[20090625 Multiple Vendors libc/gdtoa printf(3) Array Overrun]
[http://secunia.com/secunia_research/2009-35/]
[39001]
[38977]
[38066]
[37683]
[37682]
[37431]
[oval:org.mitre.oval:def:9541]
[oval:org.mitre.oval:def:6528]
[SUSE-SR:2010:013]
[SUSE-SR:2009:018]
[APPLE-SA-2010-06-21-1]
[APPLE-SA-2010-03-29-1]
The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an out-of-bounds read.
[VU#251793]
[ADV-2009-1640]
[35442]
[http://www.foxitsoftware.com/pdf/reader/security.htm#0602]
[1022425]
[35512]
The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access.
[VU#251793]
[ADV-2009-1640]
[35443]
[http://www.foxitsoftware.com/pdf/reader/security.htm#0602]
[1022425]
[35512]
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.
[VU#410676]
[https://www.isc.org/node/468]
[FEDORA-2009-9075]
[FEDORA-2009-8344]
[https://www.isc.org/downloadables/12]
[https://bugzilla.redhat.com/show_bug.cgi?id=507717]
[ADV-2010-1796]
[ADV-2009-1891]
[USN-803-1]
[1022548]
[35668]
[RHSA-2009:1154]
[RHSA-2009:1136]
[55819]
[MDVSA-2009:151]
[DSA-1833]
[SSA:2009-195-01]
[GLSA-200907-12]
[40551]
[37342]
[36457]
[35880]
[35851]
[35850]
[35849]
[35841]
[35832]
[35831]
[35830]
[35829]
[35785]
[oval:org.mitre.oval:def:5941]
[oval:org.mitre.oval:def:10758]
[SUSE-SA:2009:037]
[SSRT100018]
[SSRT100018]
[NetBSD-SA2009-010]
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.
[VU#725188]
[https://www.isc.org/node/474]
[FEDORA-2009-8119]
[ADV-2009-3316]
[ADV-2009-2247]
[ADV-2009-2171]
[ADV-2009-2088]
[ADV-2009-2036]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-808-1]
[SSA:2009-210-01]
[1022613]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[20090729 rPSA-2009-0113-1 bind bind-utils]
[[4.4] 014: RELIABILITY FIX: July 29, 2009]
[http://wiki.rpath.com/Advisories:rPSA-2009-0113]
[http://up2date.astaro.com/2009/08/up2date_7505_released.html]
[1020788]
[264828]
[39334]
[37471]
[36192]
[36098]
[36086]
[36063]
[36056]
[36053]
[36050]
[36038]
[36035]
[oval:org.mitre.oval:def:7806]
[oval:org.mitre.oval:def:12245]
[oval:org.mitre.oval:def:10414]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975]
[http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc]
[ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt]
[NetBSD-SA2009-013]
Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.
[http://sourceforge.net/project/shownotes.php?release_id=660071]
[xinelib-4xmdemuxer-code-execution(48954)]
[USN-746-1]
[http://www.trapkit.de/advisories/TKADV2009-004.txt]
[20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability]
[MDVSA-2009:299]
[MDVSA-2009:298]
[SUSE-SR:2009:009]
[http://bugs.xine-project.org/show_bug.cgi?id=205]
Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters.
[businessmanager-qub-bez74-xss(47795)]
[33153]
[http://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txt]
[20090109 Re: Plunet BusinessManager failure in access controls and multiple stored cross site scripting]
[20090107 Plunet BusinessManager failure in access controls and multiple stored cross site scripting]
Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_DirAnzeige.jsp, or (2) list sensitive Jobs via a direct request to pagesUTF8/auftrag_job.jsp.
[businessmanager-multiple-security-bypass(47794)]
[33153]
[http://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txt]
[20090109 Re: Plunet BusinessManager failure in access controls and multiple stored cross site scripting]
[20090107 Plunet BusinessManager failure in access controls and multiple stored cross site scripting]
Multiple PHP remote file inclusion vulnerabilities in index.php in Cybershade CMS 0.2b, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) THEME_header and (2) THEME_footer parameters.
[cybershadecms-index-file-include(47725)]
[33101]
[7668]
SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php.
[ADV-2009-0026]
[33114]
[7670]
SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
[webboard-bview-sql-injection(47722)]
[33084]
[7635]
[34099]
SQL injection vulnerability in search.php in WSN Guest 1.23 allows remote attackers to execute arbitrary SQL commands via the search parameter in an advanced action.
[wsnguest-search-sql-injection(47723)]
[33097]
[7659]
SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
[powernews-news-sql-injection(47701)]
[33081]
[7641]
[33363]
[51110]
SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.
[simplereview-index-sql-injection(47726)]
[33102]
[http://packetstormsecurity.org/0901-exploits/joomlasimplereview-sql.txt]
SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information.
[powerclan-index-sql-injection(47702)]
[33083]
[7642]
[33362]
[51112]
Multiple cross-site request forgery (CSRF) vulnerabilities in SemanticScuttle before 0.91 allow remote attackers to (1) hijack the authentication of administrators via unknown vectors or (2) hijack the authentication of arbitrary users via vectors involving the profile page.
[http://sourceforge.net/project/shownotes.php?release_id=651587]
[33383]
SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[phpfootball-login-sql-injection(47720)]
[33367]
[51104]
Multiple cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the user parameter to login.php or (2) the dbfield parameter to filter.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[phpfootball-login-xss(47721)]
[phpfootball-filter-xss(47719)]
[51103]
[33367]
[51105]
filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some sources, but the provenance of that information is unknown.
[51102]
[7636]
[33367]
Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows local users to gain privileges via unknown vectors.
[HPSBMA02412]
[ADV-2009-0671]
[1021835]
[34078]
[34276]
[34243]
[52592]
[HPSBMA02413]
[HPSBMA02412]
Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows remote attackers to obtain sensitive information via unknown vectors.
[SSRT080040]
[SSRT080040]
[ADV-2009-0671]
[1021836]
[34078]
[34276]
[52591]
[HPSBMA02413]
Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers cause a denial of service (application crash) or read portions of memory via one or more crafted packets.
[ADV-2009-1309]
[1022220]
[34955]
[9007]
[9006]
[35084]
[http://ivizsecurity.com/security-advisory-iviz-sr-09002.html]
[SSRT090031]
[SSRT090031]
Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials 6.0.2 through 6.0.4 allows remote authenticated users to obtain "access" or "extended privileges" via unknown vectors.
[ADV-2009-1109]
[1022084]
[34807]
[53881]
[HPSBMA02414]
Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service or obtain "access" via unknown vectors.
[ADV-2009-1108]
[1022085]
[34808]
[SSRT080146]
[SSRT080146]
Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service via unknown vectors.
[ADV-2009-1108]
[1022086]
[34808]
[SSRT080146]
Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to execute arbitrary code via unknown vectors.
[ADV-2009-1108]
[1022087]
[34808]
[SSRT080146]
[SSRT080146]
Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unknown vectors, a different issue than CVE-2008-1660.
[34748]
[HPSBUX02366]
[HPSBUX02366]
[oval:org.mitre.oval:def:5791]
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.
[HPSBMA02425]
[HPSBMA02425]
[ADV-2009-1250]
[1022163]
[34942]
[54222]
Unspecified vulnerability in Easy Login in the Sender module in HP Remote Graphics Software (RGS) 4.0.0 through 5.2.4 allows remote attackers to execute arbitrary code via unknown vectors.
[ADV-2009-1323]
[1022221]
[34980]
[HPSBMA02427]
[HPSBMA02427]
[35089]
[35087]
Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the user cookie parameter.
[33729]
[8032]
Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
[34185]
[FEDORA-2009-3034]
[FEDORA-2009-2983]
[FEDORA-2009-2982]
[FEDORA-2009-2970]
[FEDORA-2009-2928]
[FEDORA-2009-2910]
[FEDORA-2009-2903]
[RHSA-2009:0377]
[https://bugzilla.redhat.com/show_bug.cgi?id=487508]
[littlecms-unspecified-bo(49326)]
[ADV-2009-0775]
[USN-744-1]
[1021869]
[20090320 [oCERT-2009-003] LittleCMS integer errors]
[20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)]
[RHSA-2009:0339]
[http://www.ocert.org/advisories/ocert-2009-003.html]
[MDVSA-2009:162]
[MDVSA-2009:137]
[MDVSA-2009:121]
[DSA-1769]
[DSA-1745]
[SSA:2009-083-01]
[GLSA-200904-19]
[34782]
[34675]
[34632]
[34463]
[34454]
[34450]
[34442]
[34418]
[34408]
[34400]
[34382]
[34367]
[http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html]
[http://scary.beasts.org/security/CESA-2009-003.html]
[oval:org.mitre.oval:def:11780]
[SUSE-SR:2009:007]
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.
[gigcalendar-index-sql-injection(47919)]
[33241]
[7746]
SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
[33864]
[20090223 [ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability]
[8098]
[52256]
[http://e-rdc.org/v1/news.php?readmore=126]
SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php.
[33871]
[8100]
Multiple directory traversal vulnerabilities in Page Engine CMS 2.0 Basic and Pro allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the fPrefix parameter to (1) modules/recent_poll_include.php, (2) modules/login_include.php, and (3) modules/statistics_include.php and (4) configuration.inc.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[pageengine-fprefix-file-include(48856)]
[33860]
[33983]
[52178]
[52177]
[52176]
[52175]
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.
[gigcalendar-venuedetails-sql-injection(48865)]
[33863]
[33859]
[20090221 gigCalendar 1.0 (banddetails.php) Joomla Component SQL Injection]
[20090221 gigCalendar 1.0 (venuedetails.php) Joomla Component SQL Injection]
[20090221 gigCalendar Joomla Component 1.0 SQL Injection]
Directory traversal vulnerability in pages/play.php in Free Arcade Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
[33869]
[8094]
[34023]
Downloadcenter 2.1 stores common.h under the web root with insufficient access control, which allows remote attackers to obtain user credentials and other sensitive information via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[downloadcenter-common-info-disclosure(48862)]
[33992]
[52180]
Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
[FEDORA-2009-3034]
[FEDORA-2009-2983]
[FEDORA-2009-2982]
[FEDORA-2009-2970]
[FEDORA-2009-2928]
[FEDORA-2009-2910]
[FEDORA-2009-2903]
[RHSA-2009:0377]
[https://bugzilla.redhat.com/show_bug.cgi?id=487512]
[littlecms-readsetofcurves-bo(49330)]
[littlecms-unspecified-code-execution(49330)]
[ADV-2009-0775]
[USN-744-1]
[1021869]
[34185]
[20090320 [oCERT-2009-003] LittleCMS integer errors]
[20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)]
[RHSA-2009:0339]
[http://www.ocert.org/advisories/ocert-2009-003.html]
[MDVSA-2009:162]
[MDVSA-2009:137]
[MDVSA-2009:121]
[DSA-1769]
[DSA-1745]
[SSA:2009-083-01]
[GLSA-200904-19]
[34782]
[34675]
[34632]
[34463]
[34454]
[34450]
[34442]
[34418]
[34408]
[34400]
[34382]
[34367]
[http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html]
[http://scary.beasts.org/security/CESA-2009-003.html]
[oval:org.mitre.oval:def:9742]
[SUSE-SR:2009:007]
Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia PC Suite 6.86.9.3 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file.
[ADV-2009-0318]
[20090203 Nokia Multimedia Player v1.1 .m3u Heap Overflow PoC exploit]
[33796]
[51739]
Directory traversal vulnerability in lib/classes/message_class.php in Papoo CMS 3.6, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the pfadhier parameter. NOTE: some of these details are obtained from third party information.
[33718]
[8030]
[33911]
Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[http://sourceforge.net/project/shownotes.php?release_id=660130]
[http://sourceforge.net/forum/forum.php?forum_id=917656]
[33733]
[33888]
Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[ADV-2009-0368]
[33681]
[[MediaWiki-announce] 20090207 MediaWiki releases: security update and new major branch]
[DSA-1901]
[http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_12/phase3/RELEASE-NOTES]
[http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_4/phase3/RELEASE-NOTES]
[http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_4/phase3/RELEASE-NOTES]
[33881]
SQL injection vulnerability in login.php in Auth Php 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
[33723]
[8033]
[33908]
SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
[33728]
[8034]
SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
[33725]
[8035]
SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginName parameter.
[33721]
[20090210 Craft Silicon Banking@Home SQL Injection]
[33907]
[20090210 Craft Silicon Banking at Home SQL Injection]
The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information.
Note that CVE-2009-0742 is not referenced on the vendor advisory page at:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml
[20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine]
Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field.
[20090226 Cisco Unified MeetingPlace Stored Cross-Site Scripting Vulnerability]
[cisco-meetingplace-emailaddress-xss(48965)]
[1021778]
[33915]
[20090225 Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability]
Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) character, followed by an & (ampersand) character.
[safari-feedsuri-dos(48943)]
[33909]
[20090225 Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of Service Vulnerability]
[oval:org.mitre.oval:def:6066]
The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory.
[ADV-2009-3316]
[ADV-2009-0509]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-751-1]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[DSA-1787]
[DSA-1749]
[37471]
[34981]
[34394]
[oval:org.mitre.oval:def:7765]
[oval:org.mitre.oval:def:10942]
[http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7]
[http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fdff73f094e7220602cc3f8959c7230517976412]
[http://bugzilla.kernel.org/show_bug.cgi?id=12433]
The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem.
[linux-kernel-makeindexeddir-ext4-dos(48872)]
[ADV-2009-3316]
[ADV-2009-0509]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-751-1]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[DSA-1749]
[37471]
[34394]
[oval:org.mitre.oval:def:8039]
[oval:org.mitre.oval:def:10342]
[52202]
[http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7]
[http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e6b8bc09ba2075cd91fbffefcd2778b1a00bd76f]
[http://bugzilla.kernel.org/show_bug.cgi?id=12430]
The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem.
[http://bugzilla.kernel.org/show_bug.cgi?id=12375]
[ADV-2009-3316]
[ADV-2009-0509]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-751-1]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[DSA-1749]
[37471]
[34394]
[oval:org.mitre.oval:def:9200]
[oval:org.mitre.oval:def:8585]
[http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7]
[http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=06a279d636734da32bb62dd2f7b0ade666f65d7c]
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem.
[ADV-2009-3316]
[ADV-2009-0509]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-751-1]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[DSA-1749]
[37471]
[34394]
[oval:org.mitre.oval:def:8526]
[oval:org.mitre.oval:def:10683]
[52203]
[http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7]
[http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ec110281379826c5cf6ed14735e47027c3c5765]
[http://bugzilla.kernel.org/show_bug.cgi?id=12371]
Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed.
[ADV-2009-0510]
[33873]
[http://optipng.sourceforge.net]
[optipng-gifreadnextextension-code-execution(48879)]
[[oss-security] 20090225 Re: CVE request: optipng security release]
[[oss-security] 20090224 CVE request: optipng security release]
[GLSA-200903-12]
[http://sourceforge.net/tracker/index.php?func=detail&aid=2582013&group_id=151404&atid=780913]
[35685]
[34259]
[34201]
[34035]
[SUSE-SR:2009:012]
[SUSE-SR:2009:006]
SQL injection vulnerability in login.php in the smNews example script for txtSQL 2.2 Final allows remote attackers to execute arbitrary SQL commands via the username parameter.
[smnews-login-sql-injection(48813)]
[8076]
Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers.
[http://yaws.hyber.org/]
[ADV-2009-0590]
[33834]
[[oss-security] 20090219 CVE request for yaws]
[8148]
[DSA-1740]
[34239]
[33979]
Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism.
[http://www.movabletype.com/blog/2009/02/movable-type-424-get-updated-with-better-password-recovery.html]
Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename.
[FEDORA-2009-2758]
[FEDORA-2009-2703]
[33865]
[[oss-security] 20090223 CVE request: mldonkey arbitrary file download vulnerability]
[8097]
[GLSA-200903-36]
[DSA-1739]
[34436]
[34345]
[34306]
[34008]
[http://savannah.nongnu.org/bugs/?25667]
PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
[FEDORA-2009-3848]
[FEDORA-2009-3768]
[USN-761-1]
[1021979]
[RHSA-2009:0350]
[[oss-security] 20090225 Re: CVE Request - php (PHP BZ#27421)]
[[oss-security] 20090203 Re: CVE Request - php (PHP BZ#27421)]
[[oss-security] 20090130 CVE Request - php (PHP BZ#27421)]
[DSA-1789]
[35306]
[35007]
[35003]
[34830]
[34642]
[oval:org.mitre.oval:def:11035]
[SUSE-SR:2009:008]
[http://bugs.php.net/bug.php?id=27421]
The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.
[USN-850-1]
[33749]
[20090417 rPSA-2009-0059-1 poppler]
[[oss-security] 20090219 Re: CVE Request: Poppler -Two Denial of Service Vulnerabilities]
[[oss-security] 20090213 CVE Request: Poppler -Two Denial of Service Vulnerabilities]
[DSA-1941]
[http://wiki.rpath.com/Advisories:rPSA-2009-0059]
[37114]
[35685]
[33853]
[SUSE-SR:2009:012]
[[poppler] 20090128 poppler/Form.cc]
[http://bugs.freedesktop.org/show_bug.cgi?id=19790]
The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference.
[33749]
[20090417 rPSA-2009-0059-1 poppler]
[[oss-security] 20090219 Re: CVE Request: Poppler -Two Denial of Service Vulnerabilities]
[[oss-security] 20090213 CVE Request: Poppler -Two Denial of Service Vulnerabilities]
[http://wiki.rpath.com/Advisories:rPSA-2009-0059]
[35685]
[33853]
[SUSE-SR:2009:012]
[[poppler] 20090123 poppler/JBIG2Stream.cc]
[http://bugs.freedesktop.org/show_bug.cgi?id=19702]
Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions.
[[oss-security] 20090302 CVE Request: mpfr (Buffer Overflow)]
[http://mpfr.loria.fr/mpfr-2.4.1/]
[USN-772-1]
[33945]
[35028]
[34204]
The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm.
[33946]
[[oss-security] 20090302 CVE id request: avahi]
[MDVSA-2009:076]
[DSA-2086]
[38420]
[SUSE-SR:2010:002]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683]
Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors.
[http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1396]
[http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1395]
[http://znc.svn.sourceforge.net/viewvc/znc/trunk/modules/webadmin.cpp?view=log&sortby=rev&sortdir=down&pathrev=1395]
[[oss-security] 20090301 CVE id request: znc]
[DSA-1735]
[34230]
[52295]
Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb.
[51752]
[7982]
[33839]
[http://packetstorm.linuxsecurity.com/0902-exploits/teamboard-ddxss.txt]
Cross-site scripting (XSS) vulnerability in online.asp in Team Board 1.x allows remote attackers to inject arbitrary web script or HTML via the lookname parameter.
[33614]
[7982]
Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP Comment allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[33587]
[33804]
[51738]
Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 allows remote attackers to inject arbitrary web script or HTML via the charm parameter.
[33640]
[7993]
[33832]
Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 allow remote attackers to inject arbitrary web script or HTML via the charm parameter to (1) index.php and (2) kipper.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[33832]
Directory traversal vulnerability in index.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the configfile parameter.
[kipper-index-file-include(49271)]
[33640]
[7993]
[33832]
Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[33832]
Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data.
[7993]
[33832]
SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the forumID parameter in a next action.
[33620]
[7984]
QIP 2005 build 8082 allows remote attackers to cause a denial of service (CPU consumption and application hang) via a crafted Rich Text Format (RTF) ICQ message, as demonstrated by an {\rtf\pict\&&} message. NOTE: the vulnerability may be in Sergey Tkachenko TRichView. If so, then this should not be treated as a vulnerability in QIP.
[33609]
[20090204 QIP 2005 Denial of Service Vulnerability]
[51755]
[33851]
dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a denial of service (crash) by signing a message with a key that has been revoked in DNS, which triggers an assertion error.
[33337]
[DSA-1728]
[http://sourceforge.net/project/shownotes.php?release_id=654247]
[dkimmilter-p-dos(48085)]
[[oss-security] 20090302 CVE id request: dkim-milter]
[http://sourceforge.net/tracker/index.php?func=detail&aid=2508602&group_id=139420&atid=744358]
[34053]
[33581]
The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.
[FEDORA-2009-3101]
[https://bugzilla.mozilla.org/buglist.cgi?bug_id=424276,435209,436965,460706,466057,468578,471594,472502]
[ADV-2009-0632]
[1021795]
[33990]
[RHSA-2009:0315]
[http://www.mozilla.org/security/announce/2009/mfsa2009-07.html]
[MDVSA-2009:083]
[MDVSA-2009:075]
[DSA-1830]
[DSA-1751]
[http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document]
[http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm]
[SSA:2009-083-03]
[SSA:2009-083-02]
[34527]
[34464]
[34462]
[34383]
[34272]
[34145]
[34140]
[oval:org.mitre.oval:def:6755]
[oval:org.mitre.oval:def:6196]
[oval:org.mitre.oval:def:6163]
[oval:org.mitre.oval:def:5250]
[oval:org.mitre.oval:def:11314]
[SUSE-SA:2009:012]
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
[FEDORA-2009-3101]
[FEDORA-2009-2884]
[FEDORA-2009-2882]
[https://bugzilla.mozilla.org/show_bug.cgi?id=475136]
[ADV-2009-0632]
[USN-741-1]
[1021795]
[33990]
[RHSA-2009:0325]
[RHSA-2009:0315]
[RHSA-2009:0258]
[http://www.mozilla.org/security/announce/2009/mfsa2009-07.html]
[MDVSA-2009:083]
[MDVSA-2009:075]
[DSA-1830]
[DSA-1751]
[http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document]
[http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm]
[SSA:2009-083-03]
[SSA:2009-083-02]
[34527]
[34464]
[34462]
[34417]
[34387]
[34383]
[34324]
[34272]
[34145]
[34140]
[34137]
[oval:org.mitre.oval:def:9609]
[oval:org.mitre.oval:def:6811]
[oval:org.mitre.oval:def:6097]
[oval:org.mitre.oval:def:5945]
[oval:org.mitre.oval:def:5703]
[SUSE-SA:2009:023]
[SUSE-SA:2009:012]
The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
[https://bugzilla.mozilla.org/show_bug.cgi?id=472787]
[FEDORA-2009-3101]
[https://bugzilla.mozilla.org/show_bug.cgi?id=467499]
[https://bugzilla.mozilla.org/show_bug.cgi?id=457521]
[ADV-2009-0632]
[1021795]
[33990]
[RHSA-2009:0315]
[http://www.mozilla.org/security/announce/2009/mfsa2009-07.html]
[MDVSA-2009:083]
[MDVSA-2009:075]
[DSA-1830]
[DSA-1751]
[http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document]
[http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm]
[SSA:2009-083-03]
[SSA:2009-083-02]
[34527]
[34464]
[34462]
[34383]
[34272]
[34145]
[34140]
[oval:org.mitre.oval:def:6708]
[oval:org.mitre.oval:def:6141]
[oval:org.mitre.oval:def:5980]
[oval:org.mitre.oval:def:5856]
[oval:org.mitre.oval:def:10491]
[SUSE-SA:2009:012]
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
[FEDORA-2009-3101]
[FEDORA-2009-2884]
[FEDORA-2009-2882]
[https://bugzilla.mozilla.org/show_bug.cgi?id=473709]
[ADV-2009-0632]
[USN-741-1]
[1021795]
[33990]
[RHSA-2009:0325]
[RHSA-2009:0315]
[RHSA-2009:0258]
[http://www.mozilla.org/security/announce/2009/mfsa2009-07.html]
[MDVSA-2009:083]
[MDVSA-2009:075]
[DSA-1830]
[DSA-1751]
[http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document]
[http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm]
[SSA:2009-083-03]
[SSA:2009-083-02]
[34527]
[34464]
[34462]
[34417]
[34387]
[34383]
[34324]
[34272]
[34145]
[34140]
[34137]
[oval:org.mitre.oval:def:6945]
[oval:org.mitre.oval:def:6121]
[oval:org.mitre.oval:def:6057]
[oval:org.mitre.oval:def:5947]
[oval:org.mitre.oval:def:11138]
[SUSE-SA:2009:023]
[SUSE-SA:2009:012]
Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.
[FEDORA-2009-2884]
[FEDORA-2009-2882]
[https://bugzilla.mozilla.org/show_bug.cgi?id=474456]
[ADV-2009-0632]
[1021796]
[33990]
[RHSA-2009:0325]
[RHSA-2009:0315]
[RHSA-2009:0258]
[http://www.mozilla.org/security/announce/2009/mfsa2009-08.html]
[MDVSA-2009:075]
[DSA-1751]
[http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document]
[http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm]
[34417]
[34383]
[34324]
[34272]
[34145]
[34140]
[34137]
[oval:org.mitre.oval:def:9681]
[oval:org.mitre.oval:def:7584]
[oval:org.mitre.oval:def:6207]
[oval:org.mitre.oval:def:5816]
[oval:org.mitre.oval:def:5806]
[SUSE-SA:2009:012]
nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
[FEDORA-2009-3101]
[FEDORA-2009-2884]
[FEDORA-2009-2882]
[https://bugzilla.mozilla.org/show_bug.cgi?id=414540]
[ADV-2009-0632]
[USN-741-1]
[1021797]
[33990]
[RHSA-2009:0325]
[RHSA-2009:0315]
[RHSA-2009:0258]
[http://www.mozilla.org/security/announce/2009/mfsa2009-09.html]
[MDVSA-2009:083]
[MDVSA-2009:075]
[DSA-1830]
[DSA-1751]
[http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document]
[http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm]
[SSA:2009-083-03]
[SSA:2009-083-02]
[34527]
[34464]
[34462]
[34417]
[34387]
[34383]
[34324]
[34272]
[34145]
[34140]
[34137]
[oval:org.mitre.oval:def:9241]
[oval:org.mitre.oval:def:7390]
[oval:org.mitre.oval:def:6191]
[oval:org.mitre.oval:def:6017]
[oval:org.mitre.oval:def:5956]
[SUSE-SA:2009:023]
[SUSE-SA:2009:012]
Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.
[https://bugzilla.mozilla.org/show_bug.cgi?id=452979]
[mozilla-invisible-url-spoofing(49087)]
[ADV-2009-0632]
[33990]
[RHSA-2009:0315]
[http://www.mozilla.org/security/announce/2009/mfsa2009-11.html]
[MDVSA-2009:075]
[http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document]
[http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm]
[1021799]
[34272]
[34145]
[34140]
[oval:org.mitre.oval:def:7435]
[oval:org.mitre.oval:def:6229]
[oval:org.mitre.oval:def:6157]
[oval:org.mitre.oval:def:6039]
[oval:org.mitre.oval:def:11222]
[SUSE-SA:2009:012]
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."
[https://bugzilla.redhat.com/show_bug.cgi?id=485163]
[linux-kernel-rtcache-dos(49199)]
[ADV-2009-3316]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[1021958]
[34084]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:0326]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25]
[37471]
[33758]
[oval:org.mitre.oval:def:7867]
[oval:org.mitre.oval:def:10215]
[[oss-security] 20090311 CVE-2009-0778 kernel: rt_cache leak]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160]
Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local users to gain privileges via a long "input string."
[ADV-2009-0487]
[IZ44388]
[IZ44332]
[IZ44220]
[IZ44199]
[33852]
[52179]
[1021741]
[34005]
The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and 4.4 allows remote attackers to cause a denial of service (application crash) via an Autonomous System (AS) advertisement containing a long AS path.
[[4.4] 010: RELIABILITY FIX: February 18, 2009]
[[4.3] 010: RELIABILITY FIX: February 18, 2009]
[openbsd-aspathprepend-dos(48812)]
[1021736]
[33828]
[33975]
[52271]
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
[FEDORA-2009-11356]
[FEDORA-2009-11352]
[FEDORA-2009-11374]
[tomcat-cal2-xss(49213)]
[ADV-2010-3056]
[ADV-2009-3316]
[ADV-2009-1856]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[20090306 [SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application]
[MDVSA-2009:138]
[MDVSA-2009:136]
[DSA-2207]
[http://tomcat.apache.org/security-6.html]
[http://tomcat.apache.org/security-5.html]
[http://tomcat.apache.org/security-4.html]
[http://support.apple.com/kb/HT4077]
[263529]
[42368]
[37460]
[35788]
[35685]
[oval:org.mitre.oval:def:6564]
[oval:org.mitre.oval:def:11041]
[HPSBUX02579]
[HPSBUX02579]
[SUSE-SR:2009:012]
[APPLE-SA-2010-03-29-1]
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
[https://issues.apache.org/bugzilla/show_bug.cgi?id=29936]
[20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure]
[http://tomcat.apache.org/security-6.html]
[http://tomcat.apache.org/security-5.html]
[http://tomcat.apache.org/security-4.html]
[http://svn.apache.org/viewvc?rev=781708&view=rev]
[http://svn.apache.org/viewvc?rev=781542&view=rev]
[http://svn.apache.org/viewvc?rev=739522&view=rev]
[http://svn.apache.org/viewvc?rev=681156&view=rev]
[http://svn.apache.org/viewvc?rev=652592&view=rev]
[FEDORA-2009-11356]
[FEDORA-2009-11352]
[FEDORA-2009-11374]
[https://issues.apache.org/bugzilla/show_bug.cgi?id=45933]
[tomcat-xml-information-disclosure(51195)]
[ADV-2010-3056]
[ADV-2009-3316]
[ADV-2009-1856]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[1022336]
[35416]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[MDVSA-2010:176]
[MDVSA-2009:138]
[MDVSA-2009:136]
[DSA-2207]
[http://support.apple.com/kb/HT4077]
[263529]
[42368]
[37460]
[35788]
[35685]
[oval:org.mitre.oval:def:6450]
[oval:org.mitre.oval:def:10716]
[HPSBUX02579]
[HPSBUX02579]
[SUSE-SR:2009:012]
[APPLE-SA-2010-03-29-1]
Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors.
[DSA-1755]
[ADV-2009-0907]
[RHSA-2009:0373]
[http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm]
[34548]
[34479]
[34441]
[oval:org.mitre.oval:def:11613]
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This was originally intended for a report about TCP Wrappers and the hosts_ctl API function, but further investigation showed that this was documented behavior by that function. Notes: Future CVE identifiers might be assigned to applications that mis-use the API in a security-relevant fashion.
The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory.
[34216]
[linux-kernel-ecryptfs-information-disclosure(49355)]
[ADV-2009-3316]
[ADV-2009-0802]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[1022177]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9]
[37471]
[35015]
[34422]
[RHSA-2009:0473]
[oval:org.mitre.oval:def:8319]
[oval:org.mitre.oval:def:11068]
[52860]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8faece5f906725c10e7a1f6caf84452abadbdc7b]
Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors.
[https://bugzilla.redhat.com/show_bug.cgi?id=491365]
[rhnss-url-security-bypass(66691)]
[ADV-2011-0967]
[1025316]
[47316]
[RHSA-2011:0434]
[44150]
OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.
[34256]
[https://kb.bluecoat.com/index?page=content&id=SA50]
[openssl-asn1-structure-dos(49433)]
[ADV-2009-1548]
[ADV-2009-1175]
[ADV-2009-1020]
[ADV-2009-0850]
[http://www.php.net/archive/2009.php#id2009-04-08-1]
[52866]
[http://www.openssl.org/news/secadv_20090325.txt]
[http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html]
[http://support.apple.com/kb/HT3865]
[http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847]
[1021906]
[42733]
[42724]
[36701]
[35729]
[35380]
[35065]
[34666]
[34460]
[34411]
[SSRT090059]
[SSRT090059]
[SUSE-SU-2011:0847]
[openSUSE-SU-2011:0845]
[SUSE-SR:2009:010]
[APPLE-SA-2009-09-10-2]
[NetBSD-SA2009-008]
The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD.
[34296]
[DSA-1760]
[DSA-1759]
[openswan-strongswan-dpd-dos(49523)]
[ADV-2009-0886]
[1021950]
[1021949]
[20090330 CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan & Strongswan IPsec]
[RHSA-2009:0402]
[http://www.openswan.org/CVE-2009-0790/CVE-2009-0790.txt]
[34546]
[34494]
[34483]
[34472]
[oval:org.mitre.oval:def:11171]
[SUSE-SR:2009:009]
[http://download.strongswan.org/CHANGES4.txt]
Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179.
[https://bugzilla.redhat.com/show_bug.cgi?id=491840]
[RHSA-2009:1512]
[RHSA-2009:1503]
[RHSA-2009:1502]
[RHSA-2009:1501]
[RHSA-2009:1500]
[cups-pdftops-filter-bo(50941)]
[ADV-2009-2928]
[ADV-2009-1488]
[35195]
[RHSA-2009:1083]
[MDVSA-2009:334]
[1022326]
[37079]
[37077]
[37043]
[37037]
[37028]
[37023]
[35685]
[35340]
[oval:org.mitre.oval:def:10534]
[SUSE-SR:2009:012]
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.
[FEDORA-2009-3710]
[FEDORA-2009-3709]
[FEDORA-2009-3435]
[FEDORA-2009-3430]
[https://bugzilla.redhat.com/show_bug.cgi?id=491853]
[ghostscript-icc-bo(50381)]
[ADV-2009-1708]
[USN-757-1]
[20090417 rPSA-2009-0060-1 ghostscript]
[RHSA-2009:0421]
[RHSA-2009:0420]
[MDVSA-2009:096]
[MDVSA-2009:095]
[http://wiki.rpath.com/Advisories:rPSA-2009-0060]
[http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm]
[262288]
[35569]
[35559]
[35416]
[34732]
[34729]
[34726]
[34711]
[34667]
[34373]
[oval:org.mitre.oval:def:11207]
[SUSE-SR:2009:011]
[SUSE-SR:2009:009]
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."
[FEDORA-2009-3967]
[FEDORA-2009-3914]
[FEDORA-2009-3426]
[FEDORA-2009-3425]
[RHSA-2009:0377]
[https://bugzilla.redhat.com/show_bug.cgi?id=492353]
[ADV-2011-0087]
[ADV-2009-0964]
[ADV-2009-0963]
[USN-1043-1]
[34420]
[34411]
[MDVSA-2009:162]
[MDVSA-2009:137]
[MDVSA-2009:121]
[DSA-1769]
[GLSA-200904-19]
[42870]
[35048]
[34782]
[34675]
[34635]
[34634]
[34632]
[34623]
[oval:org.mitre.oval:def:11340]
Integer overflow in the PulseAudioTargetDataL class in src/java/org/classpath/icedtea/pulseaudio/PulseAudioTargetDataLine.java in Pulse-Java, as used in OpenJDK 1.6.0.0 and other products, allows remote attackers to cause a denial of service (applet crash) via a crafted Pulse Audio source data line.
[FEDORA-2009-3426]
[FEDORA-2009-3425]
[https://bugzilla.redhat.com/show_bug.cgi?id=492367]
[pulsejava--pulseaudiotargetdatal-dos(50383)]
[ADV-2009-0965]
[MDVSA-2009:162]
[MDVSA-2009:137]
[34623]
[[distro-pkg-dev] 20090211 changeset in /hg/icedtea6: 2009-02-11 Omair Majid <omajid at redh...]
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0796, CVE-2009-1265. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a different issue. Notes: All CVE users should consult CVE-2009-0796 and CVE-2009-1265 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
[http://svn.apache.org/viewvc?view=rev&revision=761081]
[https://launchpad.net/bugs/cve/2009-0796]
[https://bugzilla.redhat.com/show_bug.cgi?id=494402]
[ADV-2009-0943]
[1021988]
[34383]
[20090415 XSS with mod_perl perl_status utility]
[MDVSA-2009:091]
[[modperl] 20090401 [SECURITY] [CVE-2009-0796] Vulnerability found in Apache::Status and Apache2::Status]
[[modperl-cvs] 20090401 svn commit: r761081 - in /perl/modperl/branches/1.x: Changes lib/Apache/Status.pm]
[http://svn.apache.org/viewvc/perl/modperl/branches/1.x/lib/Apache/Status.pm?r1=177851&r2=761081&pathrev=761081&diff_format=h]
[http://support.apple.com/kb/HT4435]
[1021709]
[1021508]
[34597]
[oval:org.mitre.oval:def:8488]
[APPLE-SA-2010-11-10-1]
ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
[https://bugzilla.redhat.com/show_bug.cgi?id=494443]
[FEDORA-2009-5608]
[FEDORA-2009-5578]
[https://bugzilla.redhat.com/show_bug.cgi?id=502583]
[acpid-socket-dos(50060)]
[USN-766-1]
[1022182]
[34692]
[RHSA-2009:0474]
[MDVSA-2009:107]
[GLSA-200905-06]
[DSA-1786]
[35231]
[35209]
[35010]
[34918]
[34914]
[34838]
[oval:org.mitre.oval:def:9955]
[oval:org.mitre.oval:def:7560]
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
[VU#196617]
[ADV-2009-1076]
[ADV-2009-1066]
[ADV-2009-1065]
[34568]
[RHSA-2009:0480]
[RHSA-2009:0431]
[RHSA-2009:0430]
[RHSA-2009:0429]
[DSA-1793]
[DSA-1790]
[http://poppler.freedesktop.org/releases.html]
[FEDORA-2009-6982]
[FEDORA-2009-6973]
[FEDORA-2009-6972]
[ADV-2010-1040]
[ADV-2009-1077]
[1022072]
[MDVSA-2011:175]
[MDVSA-2010:087]
[MDVSA-2009:101]
[SSA:2009-129-01]
[35685]
[35618]
[35065]
[35064]
[35037]
[34991]
[34963]
[34959]
[34852]
[34756]
[34755]
[34746]
[34481]
[34291]
[RHSA-2009:0458]
[oval:org.mitre.oval:def:10204]
[SUSE-SR:2009:012]
[SUSE-SR:2009:010]
[SUSE-SA:2009:024]
[http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495886]
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
[VU#196617]
[FEDORA-2009-6982]
[FEDORA-2009-6973]
[FEDORA-2009-6972]
[https://bugzilla.redhat.com/show_bug.cgi?id=495887]
[ADV-2010-1040]
[ADV-2009-1077]
[ADV-2009-1076]
[ADV-2009-1066]
[ADV-2009-1065]
[1022073]
[34568]
[RHSA-2009:0480]
[RHSA-2009:0431]
[RHSA-2009:0430]
[RHSA-2009:0429]
[MDVSA-2011:175]
[MDVSA-2010:087]
[MDVSA-2009:101]
[DSA-1793]
[DSA-1790]
[SSA:2009-129-01]
[35685]
[35618]
[35065]
[35064]
[35037]
[34991]
[34963]
[34959]
[34852]
[34756]
[34755]
[34746]
[34481]
[34291]
[RHSA-2009:0458]
[http://poppler.freedesktop.org/releases.html]
[oval:org.mitre.oval:def:11323]
[SUSE-SR:2009:012]
[SUSE-SR:2009:010]
[SUSE-SA:2009:024]
Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
[VU#435052]
[33858]
Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
[VU#435052]
[33858]
SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
[http://www.kb.cert.org/vuls/id/MAPG-7M6SM7]
[VU#435052]
[33858]
Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
[VU#435052]
[33858]
[http://www.kb.cert.org/vuls/id/MAPG-7N9GN8]
Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php.
[http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=476&easiestml_lang=xlang%3Aen]
[http://xoops.peak.ne.jp/md/news/]
[33896]
[33986]
[JVNDB-2009-000013]
[JVN#91591874]
Unspecified vulnerability in OpenGoo before 1.2.1 allows remote authenticated users to modify their own permissions via unknown attack vectors.
[33897]
[http://sourceforge.net/project/shownotes.php?release_id=663706]
[34044]
zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php.
[zfeeder-admin-security-bypass(48866)]
[8092]
Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
[simplecmms-unspecified-sql-injection(48883)]
[ADV-2009-0490]
[http://sourceforge.net/project/shownotes.php?release_id=661656&group_id=245458]
The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the owner of the document object.
Per http://www-01.ibm.com/support/docview.wss?uid=swg1HD80332
"Scenario:
1. Create a document class and give permissions to joe only.
2. When someone else but joe logs onto Web editor, and does a
search on this new class no results are returned as expected.
3. Login as joe and search for an object created for this new
class. click on the email icon, and send the mail to bob.
4. When bob clicks on the link in the email, he can view the
profile card of the object, but when he clicks on viewer he
gets an unauthorized operation error. Bob shouldn't be able
to view the profile card in the first place as he doesn't
have any access to this class. This is a security hole in
the web editor."
[ADV-2009-0525]
[33895]
[HD80332]
[34037]
SQL injection vulnerability in login.php in xGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter.
[xguestbook-login-sql-injection(48881)]
[ADV-2009-0523]
[33875]
[8101]
Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer method.
[sopcast-setexternalplayer-code-execution(48955)]
[33920]
[20090226 Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc]
[http://retrogod.altervista.org/9sg_sopcastia.html]
Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, 6.0.1.4603, and other 6.x and earlier versions allows remote attackers to execute arbitrary code via a crafted Intel Hex Code (.hex) file. NOTE: some of these details are obtained from third party information.
[hexworkshop-hex-bo(48970)]
[33932]
[20090227 Hex Workshop <= v6 (.hex) File Local Code]
[8121]
[34021]
Insecure method vulnerability in the ImeraIEPlugin ActiveX control (ImeraIEPlugin.dll 1.0.2.54) in Imera TeamLinks Client allows remote attackers to force the download and execution of arbitrary URLs via modified DownloadProtocol, DownloadHost, DownloadPort, and DownloadURI parameters.
[imera-imeraieplugin-code-execution(49028)]
[ADV-2009-0591]
[8144]
[34103]
Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 Beta 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.
[blogsa-widgets-xss(49024)]
[33957]
[20090302 Blogsa <= 1.0 Beta 3 XSS Vulnerability]
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
[DSA-1720]
[http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/]
[1021710]
[[oss-security] 20090210 CVE request: typo3 xss (typo3-sa-2009-002)]
Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.
[http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/]
[1021709]
[[oss-security] 20090210 CVE request: typo3 xss (typo3-sa-2009-002)]
[DSA-1720]
Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module.
[ADV-2009-0572]
[http://drupal.org/node/386606]
[http://drupal.org/node/386604]
[protectednode-passwordpage-xss(48980)]
[34060]
[52300]
[http://lampsecurity.org/node/28]
[http://drupal.org/node/385950]
Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to create pages when tagging is enabled, to inject arbitrary web script or HTML via the Vocabulary name (name parameter) to index.php. NOTE: some of these details are obtained from third party information.
[33923]
[http://drupal.org/node/386942]
[drupal-taxonomy-name-xss(48979)]
[34080]
[52285]
[http://drupal.org/node/386940]
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
[http://bugs.mysql.com/bug.php?id=42495]
[mysql-xpath-dos(49050)]
[ADV-2009-0594]
[1021786]
[33972]
[34115]
[oval:org.mitre.oval:def:7544]
[http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html]
[http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html]
Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to check.php. NOTE: the start_date/reserve.php vector is already covered by CVE-2008-6132.
[ADV-2009-0491]
[http://sourceforge.net/project/shownotes.php?release_id=662749]
[http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/reserve.php?r1=318&r2=328]
[http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/check.php?r1=318&r2=332]
[33991]
Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element.
[33969]
[http://downloads.securityfocus.com/vulnerabilities/exploits/33969.html]
Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to cause a denial of service (system crash) via a crafted IOCTL call.
[slysoft-elbycdio-dos(49232)]
[http://www.slysoft.com/download/changes_clonedvd.txt]
[http://www.slysoft.com/download/changes_anydvd.txt]
[34103]
[20090312 [Suspected Spam][PT-2009-11] SlySoft Multiple Products ElbyCDIO.sys Denial of Service]
[34289]
[34288]
[34287]
[34269]
[52679]
[http://en.securitylab.ru/lab/PT-2009-11]
SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
[34021]
[http://sourceforge.net/project/showfiles.php?group_id=133415]
[tinxcms-rss-sql-injection(49115)]
[20090306 [Positive Technologies SA:2009-13] TinX CMS 3.x SQL Injection Vulnerability]
[http://sourceforge.net/project/shownotes.php?group_id=133415&release_id=658540]
[34178]
[http://en.securitylab.ru/lab/PT-2009-13]
BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.
[bloghelper-commondb-info-disclosure(47799)]
[7689]
[33384]
PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.
[pollhelper-poll-info-disclosure(47797)]
[7690]
[33378]
[51185]
QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request.
[33166]
[7699]
[33420]
Multiple SQL injection vulnerabilities in QuoteBook allow remote attackers to execute arbitrary SQL commands via the (1) MyBox and (2) selectFavorites parameters to (a) quotes.php and the (3) QuoteName and (4) QuoteText parameters to (b) quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[33166]
[33420]
Cross-site scripting (XSS) vulnerability in QuoteBook allows remote attackers to inject arbitrary web script or HTML via the (1) QuoteName and (2) QuoteText parameters to quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[33166]
[33420]
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter.
[33156]
[7697]
[33424]
SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter.
[33155]
[20090107 PHP-Fusion Mod E-Cart Sql Injection]
[7698]
Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third party information.
[33159]
[7696]
[33425]
The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.
[https://bugzilla.redhat.com/show_bug.cgi?id=487990]
[linux-kernel-auditsyscallentry-sec-bypass(49061)]
[ADV-2009-3316]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-751-1]
[1022153]
[33951]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[20090516 rPSA-2009-0084-1 kernel]
[RHSA-2009:0451]
[MDVSA-2009:118]
[DSA-1800]
[DSA-1794]
[DSA-1787]
[http://wiki.rpath.com/Advisories:rPSA-2009-0084]
[37471]
[35394]
[35390]
[35185]
[35121]
[35120]
[35015]
[35011]
[34981]
[34962]
[34917]
[34084]
[http://scary.beasts.org/security/CESA-2009-001.html]
[RHSA-2009:0473]
[RHSA-2009:0459]
[oval:org.mitre.oval:def:9600]
[oval:org.mitre.oval:def:8508]
[[oss-security] 20090302 CVE request: kernel: x86-64: syscall-audit: 32/64 syscall hole]
[[linux-kernel] 20090228 [PATCH 1/2] x86-64: syscall-audit: fix 32/64 syscall hole]
[[linux-kernel] 20090228 [PATCH 0/2] x86-64: 32/64 syscall arch holes]
[SUSE-SA:2009:031]
[SUSE-SA:2009:030]
[SUSE-SA:2009:028]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccbe495caa5e604b04d5a31d7459a6f6a76a756c]
The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343.
[https://bugzilla.redhat.com/show_bug.cgi?id=487255]
[USN-751-1]
[33948]
[RHSA-2009:0451]
[MDVSA-2009:118]
[DSA-1800]
[35394]
[35390]
[35185]
[35121]
[34917]
[34786]
[34084]
[http://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-seccomp.html]
[http://scary.beasts.org/security/CESA-2009-004.html]
[http://scary.beasts.org/security/CESA-2009-001.html]
[[oss-security] 20090302 CVE request: kernel: x86-64: seccomp: 32/64 syscall hole]
[[linux-kernel] 20090228 [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole]
[[linux-kernel] 20090228 [PATCH 0/2] x86-64: 32/64 syscall arch holes]
[[linux-kernel] 20090227 Re: [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole]
[SUSE-SA:2009:031]
[SUSE-SA:2009:030]
[SUSE-SA:2009:028]
[SUSE-SA:2009:021]
Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action.
[http://www.foxitsoftware.com/pdf/reader/security.htm#bypass]
[ADV-2009-0634]
[1021824]
[34035]
[20090309 Foxit Reader Multiple Vulnerabilities (CORE-2009-0218)]
[http://www.coresecurity.com/content/foxit-reader-vulnerabilities]
[34036]
[[dailydave] 20100402 0day, it may not be]
[http://blog.zoller.lu/2009/03/remote-code-execution-in-pdf-still.html]
Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action.
[foxitreader-pdf-bo(49136)]
[ADV-2009-0634]
[1021824]
[34035]
[20090309 Foxit Reader Multiple Vulnerabilities (CORE-2009-0218)]
[http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased]
[http://www.coresecurity.com/content/foxit-reader-vulnerabilities]
[34036]
The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function.
[254088]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-139498-04-1]
[sun-solaris-cryptodriver-dos(49105)]
[ADV-2009-0815]
[ADV-2009-0606]
[34000]
[http://support.avaya.com/elmodocs2/security/ASA-2009-097.htm]
[1021810]
[34455]
[34149]
[oval:org.mitre.oval:def:5641]
Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action.
[FEDORA-2009-3383]
[FEDORA-2009-3357]
[1021952]
[34306]
[20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3]
[http://www.positronsecurity.com/advisories/2009-000.html]
[DSA-1914]
[http://trac.osgeo.org/mapserver/ticket/2944]
[34603]
[34520]
[[mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes]
Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header.
[[mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes]
[FEDORA-2009-3383]
[FEDORA-2009-3357]
[mapserver-contentlength-bo(49545)]
[1021952]
[34306]
[20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3]
[http://www.positronsecurity.com/advisories/2009-000.html]
[DSA-1914]
[http://trac.osgeo.org/mapserver/ticket/2943]
[34603]
[34520]
Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.
[[mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes]
[FEDORA-2009-3383]
[FEDORA-2009-3357]
[mapserver-mapserv-dir-traversal(49548)]
[1021952]
[34306]
[20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3]
[http://www.positronsecurity.com/advisories/2009-000.html]
[DSA-1914]
[http://trac.osgeo.org/mapserver/ticket/2942]
[34603]
[34520]
mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink.
[[mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes]
[FEDORA-2009-3383]
[FEDORA-2009-3357]
[1021952]
[34306]
[20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3]
[http://www.positronsecurity.com/advisories/2009-000.html]
[DSA-1914]
[http://trac.osgeo.org/mapserver/ticket/2941]
[34603]
[34520]
The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists.
[[mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes]
[FEDORA-2009-3383]
[FEDORA-2009-3357]
[1021952]
[34306]
[20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3]
[http://www.positronsecurity.com/advisories/2009-000.html]
[DSA-1914]
[http://trac.osgeo.org/mapserver/ticket/2939]
[34603]
[34520]
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.
[TA09-133A]
[VU#662091]
[FEDORA-2009-2852]
[FEDORA-2009-2834]
[ADV-2009-2248]
[ADV-2009-1297]
[ADV-2009-1106]
[ADV-2009-1057]
[ADV-2009-0976]
[ADV-2009-0960]
[USN-755-1]
[1021867]
[34408]
[20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation]
[20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]]
[RHSA-2009:0408]
[MDVSA-2009:098]
[http://www-01.ibm.com/support/docview.wss?uid=swg21396120]
[http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058]
[http://wiki.rpath.com/Advisories:rPSA-2009-0058]
[http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt]
[http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html]
[http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html]
[http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm]
[http://support.apple.com/kb/HT3549]
[256728]
[GLSA-200904-09]
[35074]
[34734]
[34640]
[34637]
[34630]
[34628]
[34622]
[34617]
[34594]
[oval:org.mitre.oval:def:9474]
[oval:org.mitre.oval:def:6339]
[APPLE-SA-2009-05-12]
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
[TA09-133A]
[VU#662091]
[FEDORA-2009-2852]
[FEDORA-2009-2834]
[kerberos-spnego-dos(49448)]
[ADV-2009-2248]
[ADV-2009-1297]
[ADV-2009-1106]
[ADV-2009-1057]
[ADV-2009-0976]
[ADV-2009-0847]
[USN-755-1]
[1021867]
[34257]
[20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation]
[20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]]
[RHSA-2009:0408]
[MDVSA-2009:082]
[http://www-01.ibm.com/support/docview.wss?uid=swg21396120]
[http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058]
[http://wiki.rpath.com/Advisories:rPSA-2009-0058]
[http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt]
[http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html]
[http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html]
[http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm]
[http://support.apple.com/kb/HT3549]
[256728]
[http://src.mit.edu/fisheye/changelog/krb5/?cs=22084]
[http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875&r2=22084]
[GLSA-200904-09]
[35074]
[34734]
[34640]
[34637]
[34630]
[34628]
[34622]
[34617]
[34594]
[34347]
[oval:org.mitre.oval:def:6449]
[oval:org.mitre.oval:def:10044]
[APPLE-SA-2009-05-12]
[http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402]
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
[TA09-133A]
[http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt]
[FEDORA-2009-2852]
[FEDORA-2009-2834]
[ADV-2009-2248]
[ADV-2009-2084]
[ADV-2009-1297]
[ADV-2009-1106]
[ADV-2009-1057]
[ADV-2009-0976]
[ADV-2009-0960]
[http://www.vmware.com/security/advisories/VMSA-2009-0008.html]
[USN-755-1]
[1021994]
[34409]
[20090701 VMSA-2009-0008 ESX Service Console update for krb5]
[20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation]
[20090407 MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]]
[RHSA-2009:0408]
[MDVSA-2009:098]
[http://www-01.ibm.com/support/docview.wss?uid=swg21396120]
[http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058]
[http://wiki.rpath.com/Advisories:rPSA-2009-0058]
[http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html]
[http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html]
[http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm]
[http://support.apple.com/kb/HT3549]
[256728]
[GLSA-200904-09]
[35667]
[35074]
[34734]
[34640]
[34637]
[34630]
[34628]
[34622]
[34617]
[34598]
[34594]
[RHSA-2009:0410]
[RHSA-2009:0409]
[oval:org.mitre.oval:def:6301]
[oval:org.mitre.oval:def:5483]
[oval:org.mitre.oval:def:10694]
[SSRT100495]
[HPSBOV02682]
[HPSBUX02421]
[HPSBUX02421]
[[security-announce] 20090701 VMSA-2009-0008 ESX Service Console update for krb5]
[APPLE-SA-2009-05-12]
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.
[TA09-133A]
[FEDORA-2009-2852]
[FEDORA-2009-2834]
[ADV-2009-2248]
[ADV-2009-2084]
[ADV-2009-1297]
[ADV-2009-1106]
[ADV-2009-1057]
[ADV-2009-0976]
[ADV-2009-0960]
[USN-755-1]
[1021993]
[34408]
[20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation]
[20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]]
[MDVSA-2009:098]
[http://www-01.ibm.com/support/docview.wss?uid=swg21396120]
[http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058]
[http://wiki.rpath.com/Advisories:rPSA-2009-0058]
[http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt]
[http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html]
[http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html]
[http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm]
[http://support.apple.com/kb/HT3549]
[256728]
[GLSA-200904-09]
[35074]
[34734]
[34640]
[34637]
[34628]
[34622]
[34617]
[34594]
[oval:org.mitre.oval:def:6387]
[HPSBUX02421]
[HPSBUX02421]
[APPLE-SA-2009-05-12]
Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path."
[opensuse-gtk2-code-execution(49228)]
[34259]
[SUSE-SR:2009:006]
Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platforms via a long username field during backup domain authentication, related to libnnlindtb.so; or (2) cause a denial of service (daemon crash) on Windows platforms via a long username field during backup domain authentication, related to nnwindtb.dll. NOTE: some of these details are obtained from third party information.
Per: http://secunia.com/advisories/34024
Successful exploitation allows to crash the application on a Windows system and reportedly allows to execute arbitrary code on a Linux system.
[novanet-dtbclslogin-bo(49074)]
[33954]
[http://www.insight-tech.org/index.php?p=NovaNET-12-Remote-Buffer-Oveflow]
[34024]
[52302]
[52301]
Cross-site scripting (XSS) vulnerability in BitDefender Internet Security 2009 allows user-assisted remote attackers to inject arbitrary web script or HTML via the filename of a virus-infected file, as demonstrated by a filename inside a (1) rar or (2) zip archive file.
[ADV-2009-0557]
[33921]
[20090227 Re: BitDefender Internet Security XSS]
[20090226 BitDefender Internet Security XSS]
[34082]
Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php.
[34014]
[20090305 CelerBB 0.0.2 Multiple Vulnerabilities]
[8161]
showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter.
[34014]
[20090305 CelerBB 0.0.2 Multiple Vulnerabilities]
[8161]
login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value.
[34014]
[20090305 CelerBB 0.0.2 Multiple Vulnerabilities]
[8161]
Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory.
[dash-profile-code-execution(49216)]
[USN-732-1]
[34092]
[34205]
Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[ADV-2009-0854]
[ADV-2009-0607]
[34259]
[34001]
[PK82988]
[PK81212]
[PK77505]
[34461]
[34131]
Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[PK81212]
[ADV-2009-1464]
[ADV-2009-0607]
[34001]
[http://www-01.ibm.com/support/docview.wss?uid=swg27006876]
[1021811]
Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console.
[sunmc-performancereportingmodule-xss(49076)]
[ADV-2009-0605]
[33999]
[247046]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-125191-04-1]
[1021809]
[34146]
The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.
[http://securityandthe.net/2009/03/05/security-issue-in-djbdns-confirmed/]
[djbdns-response-packet-spoofing(49003)]
[33937]
[20090305 Re: djbdns misformats some long response packets; patch and example attack]
[20090228 Re: djbdns misformats some long response packets; patch and example attack]
[20090226 djbdns misformats some long response packets; patch and example attack]
[DSA-1831]
[35820]
[[dns] 20090304 djbdns<=1.05 lets AXFRed subdomains overwrite domains]
[[dns] 20090225 djbdns misformats some long response packets; patch and example]
[http://it.slashdot.org/article.pl?sid=09/03/05/2014249]
The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program.
[linux-kernel-shmgetstat-dos(49229)]
[USN-751-1]
[34020]
[DSA-1800]
[DSA-1794]
[DSA-1787]
[35394]
[35390]
[35185]
[35121]
[35011]
[34981]
[http://patchwork.kernel.org/patch/6554/]
[[oss-security] 20090306 CVE request: kernel: shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM]
[[linux-kernel] 20090127 [PATCH 1/2] fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM]
[[linux-kernel] 20080229 [BUG] soft lockup detected with ipcs]
[[git-commits-head] 20090205 shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM]
[SUSE-SA:2009:031]
[SUSE-SA:2009:030]
[SUSE-SA:2009:028]
[http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.5]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a68e61e8ff2d46327a37b69056998b47745db6fa]
Cross-site scripting (XSS) vulnerability in the web user interface in the login application in NetMRI 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to error pages.
[33824]
[20090218 DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability]
[33963]
[http://connection.netcordia.com/forums/t/731.aspx]
Cross-site scripting (XSS) vulnerability in phpDenora before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via an IRC channel name. NOTE: some of these details are obtained from third party information.
[33822]
[http://sourceforge.net/project/shownotes.php?release_id=661189]
[phpdenora-ircchannel-xss(48799)]
[33960]
[51981]
Cross-site scripting (XSS) vulnerability in the hook_cntrlr_error_output function in modules/page/hooks/listeners.php in the admincp component in TangoCMS 2.2.x (aka Eagle) before 2.2.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
[http://tangocms.org/changelog]
[http://tangocms.org/article/view/2.2.4-released]
[33833]
[33967]
SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter.
[scms-deletepage-sql-injection(48806)]
[33799]
[8071]
S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.
[scms-cookie-security-bypass(48805)]
[33799]
[8071]
Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods.
[geovision-livex-activex-file-overwrite(48773)]
[33782]
[33969]
[8059]
pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php.
[phnews-genbackup-info-disclosure(48801)]
[8073]
The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and 3.0.1 allows remote attackers to obtain (1) hardware and (2) software information via unspecified requests in a client connection.
Per: http://www.fujitsu.com/global/support/software/security/products-f/esf-200901e.html
For the Patches, please contact a Fujitsu system engineer or your partner(s).
[fujitsu-enhanced-hrms-info-disclosure(48817)]
[33831]
[http://www.fujitsu.com/global/support/software/security/products-f/esf-200901e.html]
[33974]
CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
[jasmine2000-weblink-response-splitting(48818)]
[33832]
[http://www.fujitsu.com/global/support/software/security/products-f/jasmine-200901e.html]
[33971]
Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
[34034]
[http://www-01.ibm.com/support/docview.wss?uid=swg21329223]
[ADV-2009-0638]
[1021820]
[34189]
The NFSv4 Server module in the kernel in Sun Solaris 10, and OpenSolaris before snv_111, allow local users to cause a denial of service (infinite loop and system hang) by accessing an hsfs filesystem that is shared through NFSv4, related to the rfs4_op_readdir function.
[34031]
[252469]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1]
[solaris-nfsv4-hsfs-dos(49133)]
[ADV-2009-0765]
[ADV-2009-0635]
[http://support.avaya.com/elmodocs2/security/ASA-2009-090.htm]
[1021819]
[34371]
[34193]
The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.
[34070]
[http://downloads.digium.com/pub/security/AST-2009-002.html]
[ADV-2009-0667]
[1021834]
[20090310 AST-2009-002: Remote Crash Vulnerability in SIP channel driver]
[34229]
[52568]
[http://bugs.digium.com/view.php?id=14417]
[http://bugs.digium.com/view.php?id=13547]
The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes.
[253588]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1]
[solaris-nfssec-unauthorized-access(49170)]
[ADV-2009-0798]
[ADV-2009-0658]
[34063]
[http://support.avaya.com/elmodocs2/security/ASA-2009-093.htm]
[1021833]
[34429]
[34213]
[52559]
The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "override each other."
[250306]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1]
[solaris-nfsd-unauthorized-access(49171)]
[ADV-2009-0814]
[ADV-2009-0657]
[34062]
[http://support.avaya.com/elmodocs2/security/ASA-2009-096.htm]
[1021832]
[34435]
[34225]
[52560]
Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allow local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors including ones related to (1) an argument handling deadlock in a door server and (2) watchpoint problems in the door_call function.
[242486]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-61-1]
[ADV-2009-0766]
[ADV-2009-0673]
[1021840]
[34081]
[http://support.avaya.com/elmodocs2/security/ASA-2009-095.htm]
[34375]
[34227]
Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server.
[242486]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-61-1]
[ADV-2009-0766]
[ADV-2009-0673]
[1021840]
[34081]
[http://support.avaya.com/elmodocs2/security/ASA-2009-095.htm]
[34375]
[34227]
[52561]
Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.
Per: http://sunsolve.sun.com/search/document.do?assetkey=1-66-254568-1
"5. Resolution
This issue is addressed in the following releases:
Linux
* Sun xVM VirtualBox 2.0.6r43001
* Sun xVM VirtualBox 2.1.4r43001"
[ADV-2009-0674]
[http://www.virtualbox.org/ticket/3444]
[254568]
[https://bugs.gentoo.org/show_bug.cgi?id=260331]
[xvmvirtualbox-unspecified-priv-escalation(49193)]
[1021841]
[34080]
[[oss-security] 20090317 Re: CVE-2009-0876 (VirtualBox) references]
[[oss-security] 20090316 CVE-2009-0876 (VirtualBox) references]
[34232]
[52580]
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field.
[34083]
[20090310 Sun Java System Communications Express [HTML Injection]]
[http://sosoblood.freehostia.com/SJSC/html_injection.gif]
[52718]
The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height.
[https://gna.org/bugs/index.php?13031]
[wesnoth-readgamemap-dos(49294)]
[http://svn.gna.org/viewcvs/wesnoth/trunk/src/terrain_translation.cpp?rev=33078&dir_pagestart=200&view=log]
[http://svn.gna.org/viewcvs/wesnoth/trunk/src/terrain_translation.cpp?r2=32987&rev=32987&r1=31859&dir_pagestart=200]
[http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog]
[http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog]
[http://launchpad.net/bugs/336396]
[http://launchpad.net/bugs/335089]
The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.
[https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8]
[ADV-2009-0656]
[https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt]
[director-cim-consumer-dos(49285)]
[34061]
[20090310 SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability]
[8190]
[1021825]
[34212]
[52615]
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.
Per: http://www.securityfocus.com/archive/1/archive/1/501639/100/0/threaded
"The vendor has adressed this vulnerability in service update 2 for IBM
Director agent 5.20.3. Download link:
https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp
&S_PKG=director_x_520&S_TACT=sms<=en_US&cp=UTF-8"
[https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8]
[ADV-2009-0656]
[https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt]
[director-cim-directory-traversal(49286)]
[34065]
[20090310 SEC Consult SA-20090305-2 :: IBM Director CIM Server Local Privilege Escalation Vulnerability]
[34212]
[52616]
SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
[isiajax-paises-sql-injection(49113)]
[8167]
Multiple SQL injection vulnerabilities in nForum 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to showtheme.php and the (2) user parameter to userinfo.php.
[34030]
[20090306 nForum 1.5 Multiple SQL Injection]
SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter.
[blueeyecms-blueeyecmslogin-sql-injection(49104)]
[34022]
[8165]
Buffer overflow in FileZilla Server before 0.9.31 allows remote attackers to cause a denial of service via unspecified vectors related to SSL/TLS packets.
[ADV-2009-0603]
[http://filezilla-project.org/index.php]
[filezillaserver-ssltls-dos(49107)]
[1021812]
[34006]
[http://sourceforge.net/project/shownotes.php?release_id=665428]
[34089]
Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file.
[mediacommands-playlist-bo(49035)]
[ADV-2009-0583]
[http://www.securityfocus.com/data/vulnerabilities/exploits/33958.rb]
[http://www.securityfocus.com/data/vulnerabilities/exploits/33958.py]
[http://www.securityfocus.com/data/vulnerabilities/exploits/33958-2.py]
[33958]
[8135]
[34122]
[52346]
Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the default_language parameter.
[htms-login-file-include(49114)]
[34029]
[8169]
[8168]
Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt.
[34010]
[FEDORA-2009-3231]
[FEDORA-2009-3204]
[linuxpam-pamstrtok-priv-escalation(49110)]
[MDVSA-2009:077]
[34733]
[http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?view=log]
[http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?r1=1.9&r2=1.10&view=patch]
[[oss-security] 20090305 CVE Request -- pam]
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0889.
[TA09-161A]
[ADV-2009-1547]
[http://www.adobe.com/support/security/bulletins/apsb09-07.html]
[35274]
[RHSA-2009:1109]
[1022361]
[GLSA-200907-06]
[35734]
[35496]
[34580]
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0888.
[TA09-161A]
[ADV-2009-1547]
[http://www.adobe.com/support/security/bulletins/apsb09-07.html]
[35274]
[RHSA-2009:1109]
[1022361]
[GLSA-200907-06]
[35734]
[35496]
[34580]
The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks.
[http://www-01.ibm.com/support/docview.wss?uid=swg27014463]
[http://www-01.ibm.com/support/docview.wss?uid=swg27007951]
[http://www-01.ibm.com/support/docview.wss?uid=swg27006876]
[websphere-ws-security-session-hijacking(49391)]
[PK66676]
The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.
[http://www-01.ibm.com/support/docview.wss?uid=swg27014463]
[http://www-01.ibm.com/support/docview.wss?uid=swg27007951]
[websphere-console-session-hijacking(49499)]
[34501]
[34131]
Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the xvidcore library in Xvid before 1.2.2, as used by Windows Media Player and other applications, allow remote attackers to execute arbitrary code by providing a crafted macroblock (aka MBlock) number in a video stream in a crafted movie file that triggers heap memory corruption, related to a "missing resync marker range check" and the (1) decoder_iframe, (2) decoder_pframe, and (3) decoder_bframe functions.
[http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.81]
[https://www.it-isac.org/postings/cyber/alertdetail.php?id=4634&selyear=2009&menutype=menupublic]
[http://www.xvid.org/News.64.0.html?&cHash=0170b4e439&tx_ttnews[backPid]=64&tx_ttnews[tt_news]=7]
[ADV-2009-1468]
[35156]
[35274]
[http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c]
Heap-based buffer overflow in the decoder_create function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the DirectShow (aka DShow) frontend and improper handling of the XVID_ERR_MEMORY return code during processing of a crafted movie file. NOTE: some of these details are obtained from third party information.
[http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.81]
[http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c]
[https://www.it-isac.org/postings/cyber/alertdetail.php?id=4635&selyear=2009&menutype=menupublic]
[http://www.xvid.org/News.64.0.html?&cHash=0170b4e439&tx_ttnews[backPid]=64&tx_ttnews[tt_news]=7]
[35158]
Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow.
[ADV-2009-3379]
[http://www.novell.com/support/viewContent.do?externalId=7004912]
[https://bugzilla.novell.com/show_bug.cgi?id=545887]
[https://bugzilla.novell.com/show_bug.cgi?id=524344]
[application-control-request-overflow(50616)]
[37184]
[20091124 Novell eDirectory Remote Code Execution]
[37554]
Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 allows remote attackers to execute arbitrary code via a crafted request.
[ADV-2009-1463]
[http://www-01.ibm.com/support/docview.wss?uid=swg21386826]
[websphere-mq-clientconnection-bo(50641)]
[35170]
[1022311]
[35303]
IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 before 6.1.1.1 allows remote authenticated users to obtain sensitive information via vectors related to the "schema DB2 instance id" and the bcgarchive (aka the archiver script).
[JR31482]
[websphere-pg-bcgarchive-info-disclosure(50643)]
[35136]
Stack-based buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted HTTP request.
[HPSBMA02483]
[HPSBMA02483]
[37294]
[37261]
[20091209 HP OpenView Network Node Manager Remote Code Execution]
[SSRT090257]
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors.
[http://www-01.ibm.com/support/docview.wss?uid=swg21375859]
[websphere-issecurityenabled-info-disclosure(50882)]
[35406]
[PK78134]
Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file.
[websphere-mq-client-ccdt-bo(51038)]
[IC59375]
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
Please refer to this link http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx for mitigating factors and additional information.
[TA09-286A]
[TA09-223A]
[TA09-195A]
[35832]
[http://www.adobe.com/support/security/bulletins/apsb09-11.html]
[http://www.adobe.com/support/security/advisories/apsa09-04.html]
[ADV-2009-2232]
[ADV-2009-2034]
[http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1]
[MS09-060]
[MS09-037]
[MS09-035]
[http://www.adobe.com/support/security/bulletins/apsb09-13.html]
[http://www.adobe.com/support/security/bulletins/apsb09-10.html]
[266108]
[36746]
[36374]
[36187]
[oval:org.mitre.oval:def:7581]
[oval:org.mitre.oval:def:6373]
[oval:org.mitre.oval:def:6311]
[oval:org.mitre.oval:def:6289]
[HPSBMA02488]
[HPSBMA02488]
[http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx]
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application.
[PK87767]
[PK81944]
[websphere-jaxws-wssecurity-sec-bypass(51293)]
[35594]
The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP requests.
[websphere-soap-security-bypass(51490)]
[35741]
[http://www-01.ibm.com/support/docview.wss?uid=swg27007951]
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
[websphere-mq-group-weak-security(51042)]
[IZ37102]
The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors.
[http://www-01.ibm.com/support/docview.wss?uid=swg27015429]
[was-sca-scaallauthorizedusers-sec-bypass(52074)]
[36306]
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1899. Reason: This candidate is a duplicate of CVE-2009-1899. Notes: All CVE users should reference CVE-2009-1899 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder.
[20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues]
[[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues]
[ADV-2009-0944]
[http://www.vmware.com/security/advisories/VMSA-2009-0005.html]
[1021975]
[34373]
[oval:org.mitre.oval:def:6399]
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435.
[20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues]
[[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues]
[ADV-2009-0944]
[http://www.vmware.com/security/advisories/VMSA-2009-0005.html]
[1021974]
[34373]
[oval:org.mitre.oval:def:6251]
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-436.
[20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues]
[[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues]
[ADV-2009-0944]
[http://www.vmware.com/security/advisories/VMSA-2009-0005.html]
[1021974]
[34373]
[oval:org.mitre.oval:def:5786]
perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors.
[34089]
[perlmdkcommon-unspecified-priv-escalation(49220)]
[ADV-2009-0688]
[MDVSA-2009:072]
Unspecified vulnerability in the keysock kernel module in Solaris 10 and OpenSolaris builds snv_01 through snv_108 allows local users to cause a denial of service (system panic) via unknown vectors related to PF_KEY socket, probably related to setting socket options.
[sun-solaris-keysock-dos(49247)]
[ADV-2009-0817]
[ADV-2009-0717]
[1021846]
[34118]
[http://support.avaya.com/elmodocs2/security/ASA-2009-099.htm]
[253568]
[34456]
[34277]
[oval:org.mitre.oval:def:6203]
[52678]
Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.
[https://bugs.gentoo.org/show_bug.cgi?id=261032]
[ADV-2009-0586]
[33961]
[http://www.opera.com/support/kb/view/926/]
[http://www.opera.com/docs/changelogs/windows/964/]
[http://www.opera.com/docs/changelogs/solaris/964/]
[http://www.opera.com/docs/changelogs/mac/964/]
[http://www.opera.com/docs/changelogs/linux/964/]
[http://www.opera.com/docs/changelogs/freebsd/964/]
[[oss-security] 20090307 CVE Request: Opera <9.64: Execution of arbitrary code]
[1021782]
[GLSA-200903-30]
[34418]
[34294]
[34135]
[oval:org.mitre.oval:def:6230]
[oval:org.mitre.oval:def:5955]
[SUSE-SR:2009:007]
Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins.
[ADV-2009-0586]
[33961]
[http://www.opera.com/docs/changelogs/windows/964/]
[http://www.opera.com/docs/changelogs/solaris/964/]
[http://www.opera.com/docs/changelogs/mac/964/]
[http://www.opera.com/docs/changelogs/linux/964/]
[http://www.opera.com/docs/changelogs/freebsd/964/]
[34418]
[34135]
[oval:org.mitre.oval:def:6220]
[SUSE-SR:2009:007]
Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue."
[ADV-2009-0586]
[33961]
[http://www.opera.com/docs/changelogs/windows/964/]
[http://www.opera.com/docs/changelogs/solaris/964/]
[http://www.opera.com/docs/changelogs/mac/964/]
[http://www.opera.com/docs/changelogs/linux/964/]
[http://www.opera.com/docs/changelogs/freebsd/964/]
[34418]
[34135]
[SUSE-SR:2009:007]
Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with "no contact from / to internet."
[http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ]
[VU#845747]
[http://ptk.dflabs.com/security.html]
[http://ptk.dflabs.com/faq.html]
[ptk-unspecified-xss(49236)]
[34111]
[34257]
Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
[http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ]
[VU#845747]
[http://ptk.dflabs.com/security.html]
[http://ptk.dflabs.com/faq.html]
[ptk-unspecified-command-execution(49235)]
[34111]
XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with "no contact from / to internet."
[http://ptk.dflabs.com/security.html]
[ptk-default-password(49306)]
[http://www.ibm.com/developerworks/linux/library/l-xampp/]
[http://www.debianhelp.co.uk/xampp.htm]
[http://www.apachefriends.org/en/faq-xampp-linux.html]
Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.
[hp-ovnnm-ovoslocale-bo(49364)]
[ADV-2009-0819]
[1021883]
[34294]
[20090323 CORE-2009-0122: HP OpenView Buffer Overflows]
[http://www.coresecurity.com/content/openview-buffer-overflows]
[8308]
[34444]
[SSRT090008]
[SSRT090008]
Multiple heap-based buffer overflows in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long OvAcceptLang cookie, which triggers the error in ov.dll and ovwww.dll, or (2) a long Accept-Language HTTP header, which triggers the error in ovwww.dll or libovwww.so.4.
[hp-ovnnm-ovacceptlang-acceptlanguage-bo(49363)]
[ADV-2009-0819]
[1021883]
[34135]
[34134]
[20090323 CORE-2009-0122: HP OpenView Buffer Overflows]
[http://www.coresecurity.com/content/openview-buffer-overflows]
[34444]
[SSRT090008]
[SSRT090008]
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.
Per: https://bugzilla.redhat.com/show_bug.cgi?id=488156
"PostgreSQL allows remote authenticated users to cause a momentary denial
of service (crash due to stack consumption) when there is a failure to
convert a localized error message to the client-specified encoding.
In releases 8.3.6, 8.2.12, 8.1.16. 8.0.20, and 7.4.24, a trivial
misconfiguration is sufficient to provoke a crash. In older releases
it is necessary to select a locale and client encoding for which
specific messages fail to translate, and so a given installation may or
may not be vulnerable depending on the administrator-determined locale
setting.
Releases 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 are secure against
all known variants of this issue."
[ADV-2009-1316]
[ADV-2009-0767]
[34090]
[http://www.postgresql.org/about/news.1065]
[FEDORA-2009-2959]
[FEDORA-2009-2927]
[https://bugzilla.redhat.com/show_bug.cgi?id=488156]
[1021860]
[20090519 rPSA-2009-0086-1 postgresql postgresql-contrib postgresql-server]
[RHSA-2009:1067]
[[oss-security] 20090311 CVE request -- postgresql]
[MDVSA-2009:079]
[http://wiki.rpath.com/Advisories:rPSA-2009-0086]
[1020455]
[258808]
[35100]
[34453]
[oval:org.mitre.oval:def:6252]
[oval:org.mitre.oval:def:10874]
[SUSE-SR:2009:009]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517405]
[[pgsql-bugs] 20090227 BUG #4680: Server crashed if using wrong (mismatch) conversion functions]
[[pgsql-bugs] 20090227 Re: BUG #4680: Server crashed if using wrong (mismatch) conversion functions]
Unspecified vulnerability in Kerberos Incremental Propagation in Solaris 10 and OpenSolaris snv_01 through snv_110 allows remote attackers to cause a denial of service (loss of incremental propagation requests to slave KDC servers) via unknown vectors related to the master Key Distribution Center (KDC) server.
[solaris-kerberos-dos(49276)]
[ADV-2009-0875]
[ADV-2009-0741]
[1021851]
[34139]
[http://support.avaya.com/elmodocs2/security/ASA-2009-102.htm]
[249926]
[34487]
[34298]
[oval:org.mitre.oval:def:6174]
Unspecified vulnerability in Sun OpenSolaris snv_39 through snv_45, when running in 64-bit mode on x86 architectures, allows local users to cause a denial of service (hang of UFS filesystem write) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6442712.
[solaris-ufs-filesystem-64bit-dos(49281)]
[ADV-2009-0876]
[ADV-2009-0742]
[1021850]
[34137]
[http://support.avaya.com/elmodocs2/security/ASA-2009-103.htm]
[254628]
[34331]
Unspecified vulnerability in Sun Solaris 10 on SPARC sun4v systems, and OpenSolaris snv_47 through snv_85, allows local users to cause a denial of service (hang of UFS filesystem write) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6425723.
[solaris-ufs-filesystem-sun4vdos(49282)]
[ADV-2009-0876]
[ADV-2009-0742]
[1021850]
[34137]
[http://support.avaya.com/elmodocs2/security/ASA-2009-103.htm]
[254628]
[34331]
Unspecified vulnerability in the UFS filesystem functionality in Sun OpenSolaris snv_86 through snv_91, when running in 32-bit mode on x86 systems, allows local users to cause a denial of service (panic) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6679732.
[solaris-ufs-filesystem-32bit-dos(49283)]
[ADV-2009-0876]
[ADV-2009-0742]
[1021850]
[34137]
[http://support.avaya.com/elmodocs2/security/ASA-2009-103.htm]
[254628]
[34331]
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
Per vendor advisory in the 'details' section it states:
"The Adobe Reader and Acrobat 9.1 and 7.1.1 updates resolve an input validation issue in a JavaScript method that could potentially lead to remote code execution. This issue has already been resolved in Adobe Reader 8.1.3 and Acrobat 8.1.3. (CVE-2009-0927)"
http://www.adobe.com/support/security/bulletins/apsb09-04.html
[http://www.adobe.com/support/security/bulletins/apsb09-04.html]
[adobe-unspecified-javascript-code-execution(49312)]
[http://www.zerodayinitiative.com/advisories/ZDI-09-014]
[ADV-2009-1019]
[ADV-2009-0770]
[1021861]
[34169]
[20090324 ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability]
[256788]
[GLSA-200904-17]
[34790]
[34706]
[34490]
[SUSE-SR:2009:009]
[SUSE-SA:2009:014]
Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table.
[ADV-2009-1019]
[1021892]
[34229]
[RHSA-2009:0376]
[http://www.adobe.com/support/security/bulletins/apsb09-04.html]
[256788]
[GLSA-200904-17]
[34790]
[34706]
[34490]
[34392]
[SUSE-SR:2009:009]
[SUSE-SA:2009:014]
[20090324 Adobe Reader and Acrobat JBIG2 Encoded Stream Heap Overflow Vulnerability]
Directory traversal vulnerability in the media manager in Nucleus CMS before 3.40 allows remote attackers to read arbitrary files via unknown vectors.
[nucleuscms-mediamanager-directory-traversal(49142)]
[ADV-2009-0637]
[34040]
[http://www.nucleuscms.org/index.php/item/index.php/item/3051]
[34180]
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php.
[33492]
[DSA-1770]
[34703]
[34418]
[33719]
[SUSE-SR:2009:007]
[[announce] 20090127 IMP 4.3.3 (final)]
[[announce] 20090127 IMP 4.2.2 (final)]
[http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.375]
[http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.301.2.3]
Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[33491]
[33695]
[[announce] 20090127 Horde Groupware 1.1.5 (final)]
[[announce] 20090127 Horde 3.2.4 (final)]
[[announce] 20090127 Horde 3.3.3 (final)]
[http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503]
[http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5]
[http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5]
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
[33491]
[8077]
[34609]
[34418]
[33695]
[SUSE-SR:2009:007]
[[announce] 20090127 Horde Groupware 1.1.5 (final)]
[[announce] 20090127 Horde 3.2.4 (final)]
[[announce] 20090127 Horde 3.3.3 (final)]
[http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503]
[http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5]
[http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5]
Cross-site scripting (XSS) vulnerability in the administrative interface in Dotclear before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[ADV-2009-0636]
[http://dotclear.org/blog/post/2009/02/05/Dotclear-2.1.5]
[dotclear-admin-interface-xss(49138)]
[34036]
[34181]
Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.
[FEDORA-2009-2746]
[FEDORA-2009-2747]
[ejabberd-chatroom-xss(49289)]
[34133]
[http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_204]
[[oss-security] 20090316 CVE request: XSS in MUC logs of ejabberd]
[DSA-1774]
[34781]
[34354]
[34340]
[52714]
The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, 2.6.28 to 2.6.28.2, and 2.6.29-rc3 allows local users to cause a denial of service (OOPS) via a read with an invalid address to an inotify instance, which causes the device's event list mutex to be unlocked twice and prevents proper synchronization of a data structure for the inotify instance.
[33624]
[[linux-kernel] 20090131 [patch 03/43] inotify: clean up inotify_read and fix locking]
[https://bugzilla.redhat.com/show_bug.cgi?id=488935]
[linux-kernel-inotify-read-dos(49331)]
[[oss-security] 20090319 Re: CVE request: kernel: inotify local DoS]
[[oss-security] 20090318 Re: CVE request: kernel: inotify local DoS]
[[oss-security] 20090306 CVE request: kernel: inotify local DoS]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.3]
Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes."
[[or-announce] 20090209 Tor 0.2.0.34 is released (security fixes)]
[33713]
[GLSA-200904-11]
[34583]
[33880]
Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors.
[[or-announce] 20090209 Tor 0.2.0.34 is released (security fixes)]
[33713]
[GLSA-200904-11]
[34583]
[33880]
Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input."
[[or-announce] 20090209 Tor 0.2.0.34 is released (security fixes)]
[tor-mirrors-dos(49323)]
[33713]
[GLSA-200904-11]
[34583]
[33880]
Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0.
[33713]
[GLSA-200904-11]
[34583]
[33880]
[[or-announce] 20090209 Tor 0.2.0.34 is released (security fixes)]
Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.
[ADV-2009-0754]
[34143]
[20090316 HP Laserjet multiple models web management CSRF vulnerability & insecure default configuration]
[http://www.louhinetworks.fi/advisory/HP_20090317.txt]
[52849]
[52848]
[52847]
[HPSN-2009-001]
The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access.
[ADV-2009-0754]
[20090316 HP Laserjet multiple models web management CSRF vulnerability & insecure default configuration]
[http://www.louhinetworks.fi/advisory/HP_20090317.txt]
[HPSN-2009-001]
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[macos-helpviewer-css-code-execution(50485)]
[ADV-2009-1297]
[1022216]
[34926]
[35074]
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[macos-helpviewer-html-code-execution(50486)]
[ADV-2009-1297]
[1022216]
[34926]
[35074]
The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[ADV-2009-1297]
[1022215]
[34939]
[34926]
[35074]
Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.
[TA09-133A]
[http://support.apple.com/kb/HT3549]
[APPLE-SA-2009-05-12]
[APPLE-SA-2009-05-12]
[APPLE-SA-2009-05-12]
[FEDORA-2009-8049]
[FEDORA-2009-8039]
[FEDORA-2009-6166]
[safari-webkit-svglist-bo(50477)]
[http://www.zerodayinitiative.com/advisories/ZDI-09-022]
[ADV-2011-0212]
[ADV-2009-1621]
[ADV-2009-1321]
[ADV-2009-1298]
[ADV-2009-1297]
[USN-823-1]
[USN-857-1]
[USN-836-1]
[USN-822-1]
[1022207]
[34924]
[20090519 ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability]
[RHSA-2009:1130]
[DSA-1950]
[http://support.apple.com/kb/HT3639]
[http://support.apple.com/kb/HT3550]
[43068]
[37746]
[36790]
[36461]
[36062]
[35805]
[35576]
[35095]
[35074]
[35056]
[oval:org.mitre.oval:def:11584]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
[http://googlechromereleases.blogspot.com/2009/05/stable-update-bug-fix.html]
[http://code.google.com/p/chromium/issues/detail?id=9019]
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
[TA09-133A]
[http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog]
[https://bugzilla.redhat.com/show_bug.cgi?id=491384]
[ADV-2009-1621]
[ADV-2009-1522]
[ADV-2009-1297]
[ADV-2009-1058]
[USN-767-1]
[34550]
[RHSA-2009:1062]
[RHSA-2009:1061]
[RHSA-2009:0329]
[MDVSA-2009:243]
[DSA-1784]
[http://support.apple.com/kb/HT4435]
[http://support.apple.com/kb/HT3639]
[http://support.apple.com/kb/HT3613]
[http://support.apple.com/kb/HT3549]
[270268]
[GLSA-200905-05]
[35379]
[35210]
[35204]
[35200]
[35198]
[35074]
[35065]
[34967]
[34913]
[34723]
[oval:org.mitre.oval:def:10149]
[SUSE-SR:2009:010]
[APPLE-SA-2010-11-10-1]
[APPLE-SA-2009-05-12]
[APPLE-SA-2009-06-17-1]
[APPLE-SA-2009-06-08-1]
[http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e]
[http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b]
[http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5]
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.
[DSA-1811]
[https://bugzilla.redhat.com/show_bug.cgi?id=500972]
[apple-cups-ipptag-dos(50926)]
[USN-780-1]
[35169]
[20090602 CORE-2009-0420 - Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability]
[RHSA-2009:1083]
[RHSA-2009:1082]
[http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability]
[http://support.apple.com/kb/HT3865]
[1022321]
[36701]
[35685]
[35342]
[35340]
[35328]
[35322]
[oval:org.mitre.oval:def:9631]
[SUSE-SR:2009:012]
[APPLE-SA-2009-09-10-2]
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
[ADV-2009-1470]
[35157]
[http://support.apple.com/kb/HT3592]
[APPLE-SA-2009-06-01-2]
[itunes-itms-bo(50899)]
[1022313]
[20090602 Re: TPTI-09-03: Apple iTunes Multiple Protocol Handler Buffer Overflow Vulnerabilities]
[8934]
[8861]
[http://static.dataspill.org/releases/itunes/itms_overflow.rb]
[35314]
[http://redpig.dataspill.org/2009/05/drive-by-attack-for-itunes-811.html]
[54833]
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file.
[ADV-2009-1469]
[http://support.apple.com/kb/HT3591]
[quicktime-flc-bo(50887)]
[1022314]
[35161]
[35091]
[54878]
[APPLE-SA-2009-06-01-1]
Buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted compressed PSD image.
[ADV-2009-1469]
[http://support.apple.com/kb/HT3591]
[1022314]
[35168]
[35091]
[54877]
[APPLE-SA-2009-06-01-1]
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
[ADV-2009-1469]
[http://support.apple.com/kb/HT3591]
[quicktime-pictfile-bo(50890)]
[1022314]
[35164]
[35091]
[54876]
[APPLE-SA-2009-06-01-1]
Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types.
[ADV-2009-1469]
[35167]
[http://support.apple.com/kb/HT3591]
[APPLE-SA-2009-06-01-1]
[quicktime-crgn-bo(50892)]
[1022314]
[35091]
[54875]
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue."
[ADV-2009-1469]
[35166]
[http://support.apple.com/kb/HT3591]
[quicktime-image-description-code-exec(50895)]
[1022314]
[35091]
[54874]
[APPLE-SA-2009-06-01-1]
Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie containing a user data atom of size zero.
[ADV-2009-1469]
[35162]
[http://support.apple.com/kb/HT3591]
[APPLE-SA-2009-06-01-1]
[quicktime-userdata-code-execution(50896)]
[1022314]
[35091]
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.
[ADV-2009-1469]
[35165]
[http://support.apple.com/kb/HT3591]
[APPLE-SA-2009-06-01-1]
[quicktime-jp2-bo(50898)]
[1022314]
[35091]
[54873]
Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials.
[http://support.apple.com/kb/HT3639]
[iphone-ipod-certificate-info-disclosure(51208)]
[ADV-2009-1621]
[35447]
[35414]
[55236]
[APPLE-SA-2009-06-17-1]
The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue."
[http://support.apple.com/kb/HT3639]
[ipod-iphone-mpeg4-dos(51211)]
[ADV-2009-1621]
[35433]
[35414]
[55237]
[APPLE-SA-2009-06-17-1]
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL.
[http://support.apple.com/kb/HT3639]
[APPLE-SA-2009-06-17-1]
[iphone-ipod-mail-weak-security(51209)]
[ADV-2009-1621]
[35434]
[35414]
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.
[http://support.apple.com/kb/HT3639]
[iphone-ipod-mail-security-bypass(51210)]
[ADV-2009-1621]
[35414]
[55238]
[APPLE-SA-2009-06-17-1]
Unspecified vulnerability in Futomi's CGI Cafe MP Form Mail CGI eCommerce 1.3.0 and earlier, and CGI Professional 3.2.2 and earlier, allows remote attackers to gain administrative privileges via unknown attack vectors.
[mpformmailcgi-pro-unspecified-sec-bypass(49180)]
[mpformmailcgi-ecom-unspecified-sec-bypass(49179)]
[34071]
[http://www.futomi.com/library/info/2009/20090310.html]
[34197]
[52527]
[JVNDB-2009-000014]
[JVN#84899898]
Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.
[phprunner-searchfield-sql-injection(49278)]
[ADV-2009-0750]
[34146]
[20090317 PHPRunner SQL Injection]
[8226]
[http://www.bugreport.ir/index_63.htm]
[34330]
[52801]
[52800]
[52799]
[52798]
UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.
[phprunner-userview-information-disclosure(49279)]
[ADV-2009-0750]
[20090317 PHPRunner SQL Injection]
[8226]
[http://www.bugreport.ir/index_63.htm]
[52804]
SQL injection vulnerability in functions/browse.php in Ganesha Digital Library (GDL) 4.0 and 4.2 allows remote attackers to execute arbitrary SQL commands via the node parameter in a browse action to gdl.php.
[gdl-node-sql-injection(49292)]
[ADV-2009-0751]
[34144]
[8228]
[52803]
PHP remote file inclusion vulnerability in cross.php in YABSoft Mega File Hosting 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
[megafile-cross-file-include(49302)]
[34157]
[8230]
[34325]
[52789]
The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument.
[servuftp-smnt-dos(49260)]
[34127]
[8212]
SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information.
[fmoblog-index-sql-injection(49296)]
[ADV-2009-0752]
[34147]
[8229]
[34341]
[52836]
Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote attackers to hijack the authentication of administrators for requests that change the email address via the act[update] action.
[phpfox-unspecified-csrf(49288)]
[phpfox-email-account-csrf(49288)]
[34333]
[http://packetstormsecurity.org/0903-exploits/phpfox1621-xsrf.txt]
[52770]
PHP remote file inclusion vulnerability in includes/class_image.php in PHP Pro Bid 6.05, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the fileExtension parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[phpprobid-classimage-file-include(49290)]
[34145]
[52750]
[34278]
Cross-site scripting (XSS) vulnerability in futomi's CGI Cafe Access Analyzer CGI Standard Version 3.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
[http://www.futomi.com/library/info/2009/20090316.html]
[cgicafe-unspecified-xss(49264)]
[ADV-2009-0737]
[34123]
[34271]
[52802]
[JVNDB-2009-000015]
[JVN#23558374]
Unspecified vulnerability in the Workspace Manager component in Oracle Database 11.1.0.6, 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022052]
[34461]
[34693]
Unspecified vulnerability in the Cluster Ready Services component in Oracle Database 10.1.0.5 allows remote attackers to affect availability via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022052]
[34461]
[34693]
[53736]
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022055]
[34461]
[34693]
[53751]
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022052]
[34461]
[34693]
[53732]
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to LTADM.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022052]
[34461]
[34693]
[53733]
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the GRANT_TYPE_ACCESS procedure in the DBMS_AQADM_SYS package.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022052]
[34461]
[20090416 SQL Injection in package DBMS_AQADM_SYS]
[http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html]
[34693]
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022052]
[34461]
[34693]
[53734]
Unspecified vulnerability in the Resource Manager component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022052]
[34461]
[34693]
Unspecified vulnerability in the SQLX Functions component in Oracle Database 10.2.0.3 and 11.1.0.6 allows remote authenticated users to affect integrity and availability, related to AGGXQIMP.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022052]
[34461]
[34693]
Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022052]
[34461]
[20090416 Unprivileged DB users can see APEX password hashes]
[http://www.red-database-security.com/advisory/apex_password_hashes.html]
[8456]
[34693]
[53738]
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote authenticated users to affect integrity via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022057]
[34461]
[34693]
[53759]
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022055]
[34461]
[34693]
[53752]
Unspecified vulnerability in the Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_SYS_SQL.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022052]
[34461]
[34693]
Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users with the IMP_FULL_DATABASE role to affect confidentiality, integrity, and availability.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022052]
[34461]
[34693]
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022052]
[34461]
[34693]
[53735]
Unspecified vulnerability in the Upgrade component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html]
[oracle-database-upgrade-unspecified(51746)]
[ADV-2009-1900]
[1022560]
[35679]
[35776]
[55889]
Unspecified vulnerability in the Password Policy component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022052]
[34461]
[34693]
[53740]
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, and 10.1.3.3.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022055]
[34461]
[34693]
[53742]
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, and 10.1.3.3.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022055]
[34461]
[34693]
[53743]
Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[oracledatabase-tnslistener-dos(50026)]
[1022052]
[34461]
[34693]
[53737]
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the DEQ_EXEJOB procedure.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022052]
[34461]
[20090416 SQL Injection in package DBMS_AQIN]
[http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html]
[34693]
Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a format string vulnerability that allows remote attackers to execute arbitrary code via format string specifiers in an HTTP POST URI, which are not properly handled when logging to opmn/logs/opmn.log.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[oracle-appserver-opmn-unspecified(50030)]
[http://www.zerodayinitiative.com/advisories/ZDI-09-017]
[1022055]
[34461]
[20090414 ZDI-09-017: Oracle Applications Server 10g Format String Vulnerability]
[34693]
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022055]
[34461]
[34693]
[53744]
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 allows remote attackers to affect integrity via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022056]
[34461]
[34693]
[53754]
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022055]
[34461]
[34693]
[53745]
Unspecified vulnerability in the Database Vault component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, related to DBMS_SYS_SQL.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022052]
[34461]
[34693]
[53739]
Unspecified vulnerability in the PeopleSoft Enterprise HRMS - eBenefits component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[34461]
[34693]
[53758]
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022056]
[34461]
[34693]
[53753]
The Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 uses default passwords for unspecified "FND Applications Users (not DB users)," which has unknown impact and attack vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022056]
[34461]
[34693]
[53755]
Unspecified vulnerability in Oracle BEA WebLogic Portal 8.1 Gold through SP6 allows remote authenticated users to gain privileges via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[oracle-weblogic-wls-priv-escalation(50053)]
[1022059]
[34461]
[http://www.oracle.com/technology/deploy/security/wls-security/1001.html]
[53767]
Unspecified vulnerability in Oracle BEA WebLogic Server 10.3, 10.0 Gold through MP1, 9.2 Gold through MP3, 9.1, 9.0, 8.1 Gold through SP6, and 7.0 Gold through SP7 allows remote attackers to gain privileges via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[oracle-weblogic-wls-priv-escalation2(50052)]
[1022059]
[34461]
[http://www.oracle.com/technology/deploy/security/wls-security/1002.html]
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect integrity via unknown vectors related to "access to source code of web pages."
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[oracle-weblogic-wls-read-source(50054)]
[1022059]
[34461]
[http://www.oracle.com/technology/deploy/security/wls-security/1003.html]
[53762]
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality and integrity via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022059]
[34461]
Unspecified vulnerability in the Oracle Data Service Integrator (AquaLogic Data Services Platform) component in BEA Product Suite 10.3.0, 3.2, 3.0.1, and 3.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022059]
[34461]
[http://www.oracle.com/technology/deploy/security/wls-security/1005.html]
[53760]
Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022059]
[34461]
Unspecified vulnerability in the Data Mining component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality, integrity, and availability, related to SYS.DMP_SYS.
[TA09-294A]
[1023057]
[36750]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html]
[37027]
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022055]
[34461]
[34693]
[53747]
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022055]
[34461]
[34693]
[53748]
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022055]
[34461]
[34693]
[53749]
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022055]
[34461]
[34693]
[53750]
[20090515 Multiple Vendor Outside In Multiple Integer Overflow Vulnerabilities]
Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[oracle-bea-http-bo(64935)]
[1022059]
[34461]
[http://www.oracle.com/technology/deploy/security/wls-security/1012.html]
[http://secunia.com/secunia_research/2009-22/]
[53765]
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote attackers to affect confidentiality and integrity via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022057]
[34461]
[34693]
[53756]
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote attackers to affect confidentiality and integrity via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022057]
[34461]
[34693]
[53757]
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.05, and 10.2.04 allows remote authenticated users to affect integrity via unknown vectors.
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html]
[oracle-database-core-rdbms-unspecified(51747)]
[ADV-2009-1900]
[1022560]
[35682]
[35776]
[55893]
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow involving an unspecified Server Plug-in and a crafted SSL certificate.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[oracle-bea-ssl-bo(64934)]
[1022059]
[34461]
[http://secunia.com/secunia_research/2009-23/]
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors.
[TA09-105A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html]
[1022055]
[34461]
[34693]
[53746]
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LTRIC (WMSYS.LTRIC).
[TA09-294A]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html]
[1023057]
[36765]
[37027]
[59112]
Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html]
[oracle-database-netauth-unspecified(51748)]
[ADV-2009-1900]
[1022560]
[35680]
[35776]
[55884]
Unspecified vulnerability in the Network Foundation component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html]
[oracle-database-netfoundation-unspecified(51749)]
[ADV-2009-1900]
[1022560]
[35684]
[35776]
[55897]
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html]
[oracle-database-adv-replication-unspecified(51750)]
[ADV-2009-1900]
[1022560]
[35685]
[35776]
[55886]
Heap-based buffer overflow in the Preview/ Set Segment function in Gretech GOMlab GOM Encoder 1.0.0.11 and earlier allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a long text field in a subtitle (.srt) file.
[gomencoder-srt-bo(49252)]
[ADV-2009-0735]
[34120]
[20090316 [Bkis-04-2009] GOM Encoder Heap-based Buffer Overflow]
[8225]
[http://security.bkis.vn/?p=352]
[34314]
[52677]
SQL injection vulnerability in index.php in phpComasy 0.9.1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.
[phpcomasy-entryid-sql-injection(49268)]
[ADV-2009-0734]
[34131]
[8220]
[52817]
Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 allow remote attackers to execute arbitrary SQL commands via the linkid parameter to edlink.php, and unspecified other vectors.
[phplinkadmin-edlink-sql-injection(49265)]
[ADV-2009-0733]
[34129]
[8216]
[34323]
[52778]
PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
[phplinkadmin-edlink-sql-injection(49265)]
[ADV-2009-0733]
[34129]
[8216]
[34323]
[52779]
Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
[kimwebsites-login-sql-injection(49259)]
[ADV-2009-0732]
[34116]
[8209]
SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter.
[opencart-order-sql-injection(49262)]
[34121]
[20090316 NGENUITY-2009-005 OpenCart Order By Blind SQL Injection]
[http://www.ngenuity.org/wordpress/2009/03/10/ngenuity-2009-005-opencart-order-by-blind-sql-injection/]
[34313]
Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file.
[ezipwizard-zip-bo(49148)]
[34044]
[8180]
[8217]
[39169]
Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll.
[poppeeper-date-bo(49215)]
[34093]
[20090312 POP Peeper 3.4.0.0 Date Remote Buffer Overflow Vulnerability]
[8203]
[http://www.krakowlabs.com/res/adv/KL0309ADV-poppeeper_date-bof.txt]
[34077]
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
[wordpressmu-wpmufunctions-xss(49184)]
[1021838]
[34075]
[20090310 [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability]
[8196]
Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.
[servuftp-mkd-dir-traversal(49258)]
[ADV-2009-0738]
[34125]
[8211]
[34329]
[52773]
SQL injection vulnerability in gallery_list.php in YABSoft Advanced Image Hosting (AIH) Script 2.3 allows remote attackers to execute arbitrary SQL commands via the gal parameter.
[advancedimage-gallerylist-sql-injection(49316)]
[34176]
[8238]
[34366]
[52813]
SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503.
[deluxebb-qorder-sql-injection(49313)]
[34174]
[8240]
[34365]
[52788]
SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI.
[http://drupal.org/node/406316]
[tasklist-unspecifed-sql-injection(49320)]
[34171]
[52781]
[34376]
Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS).
[tasklist-css-xss(49319)]
[34170]
[34376]
[52782]
[http://drupal.org/node/406316]
Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI.
[http://drupal.org/node/406314]
[plus1-unspecified-csrf(49310)]
[34168]
[34378]
[52786]
[http://drupal.org/node/405672]
Unspecified vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to send unlimited spam messages via unknown vectors related to the flood control API.
[http://drupal.org/node/406516]
[34173]
[34374]
[52785]
Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.
[34274]
[8217]
[52762]
[52761]
Buffer overflow in CDex 1.70b2 allows remote attackers to execute arbitrary code via a crafted Info header in an Ogg Vorbis (.ogg) file.
[cdex-ogg-bo(49304)]
[34164]
[20090317 CDex v1.70b2 (.ogg) local buffer overflow exploit poc]
[8231]
[http://retrogod.altervista.org/9sg_cdex_ogg.html]
[52812]
Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote attackers to execute arbitrary code via a crafted project (.wap) file.
[winasmstudio-wap-bo(49266)]
[34132]
[8224]
[34309]
[52776]
The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value.
[freebsd-ktimer-memory-overwrite(49362)]
[1021882]
[34196]
[8261]
[FreeBSD-SA-09:06]
Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
[apple-safari-unspecified-code-execution(49388)]
[1021879]
[34183]
[http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889]
[http://twitter.com/tippingpoint1/status/1351485521]
[52888]
[http://news.cnet.com/8301-1009_3-10199652-83.html]
[http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits]
[http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009]
[http://cansecwest.com/index.html]
[http://blogs.zdnet.com/security/?p=2934]
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
[microsoft-ie-unspecified-code-execution(49389)]
[1021880]
[34182]
[http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889]
[52892]
[http://news.cnet.com/8301-1009_3-10199652-83.html]
[http://dvlabs.tippingpoint.com/blog/2009/03/20/pwn2own-day-2]
[http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits]
[http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009]
[http://cansecwest.com/index.html]
[http://blogs.zdnet.com/security/?p=2934]
Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
[https://bugzilla.mozilla.org/show_bug.cgi?id=484320]
[ADV-2009-0864]
[34181]
[http://www.mozilla.org/security/announce/2009/mfsa2009-13.html]
[FEDORA-2009-3101]
[FEDORA-2009-3100]
[FEDORA-2009-3099]
[http://www.zerodayinitiative.com/advisories/ZDI-09-015]
[USN-745-1]
[1021878]
[20090330 ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability]
[RHSA-2009:0398]
[RHSA-2009:0397]
[MDVSA-2009:084]
[http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889]
[DSA-1756]
[http://twitter.com/tippingpoint1/status/1351635812]
[http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm]
[34792]
[34550]
[34549]
[34527]
[34521]
[34511]
[34510]
[34505]
[34471]
[oval:org.mitre.oval:def:11368]
[52896]
[http://news.cnet.com/8301-1009_3-10199652-83.html]
[SUSE-SA:2009:022]
[http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits]
[http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009]
[http://cansecwest.com/index.html]
[http://blogs.zdnet.com/security/?p=2941]
[http://blogs.zdnet.com/security/?p=2934]
requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.
[vlcmediaplayer-web-status-bo(49249)]
[34126]
[[oss-security] 20090317 CVE request -- firefox, vlc, WeeChat]
[8213]
[oval:org.mitre.oval:def:14357]
[http://bugs.gentoo.org/show_bug.cgi?id=262708]
The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "an off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries.
[33672]
[[linux-kernel] 20090202 Re: [PATCH] Fix memory corruption in console selection]
[[linux-kernel] 20090130 [PATCH] Fix memory corruption in console selection]
[USN-751-1]
[RHSA-2009:0451]
[[oss-security] 20090212 http://www.securityfocus.com/bid/33672/info kernel issue]
[[oss-security] 20090212 Re: http://www.securityfocus.com/bid/33672/info kernel issue]
[[oss-security] 20090212 Re: http://www.securityfocus.com/bid/33672/info kernel]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.4]
[DSA-1800]
[DSA-1787]
[35121]
[34981]
[34917]
Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail.
[http://drupal.org/node/406516]
[52852]
The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header.
[snom-httphost-security-bypass(52424)]
[20090812 Authentication Bypass of Snom Phone Web Interface]
[http://www.csnc.ch/misc/files/advisories/cve-2009-1048.txt]
[36293]
SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter.
[bloginator-articlecall-sql-injection(49325)]
[34187]
[8244]
[8243]
[34395]
[52839]
Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie.
[bloginator-cookie-security-bypass(49324)]
[34187]
[8243]
[34395]
[52838]
FubarForum 1.6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.
[20090317 [ECHO_ADV_107$2009] FubarForum <= 1.6 Critical File Disclosure Vulnerability]
[34358]
[http://e-rdc.org/v1/news.php?readmore=131]
FireAnt 1.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.
Additional information available at:
http://secunia.com/advisories/34359/
[20090317 [ECHO_ADV_106$2009] FireAnt <= 1.3 Critical File Disclosure Vulnerability]
[34359]
[http://e-rdc.org/v1/news.php?readmore=130]
chaozzDB 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.
[20090317 [ECHO_ADV_105$2009] chaozzDB <= 1.2 Critical File Disclosure Vulnerability]
[http://e-rdc.org/v1/news.php?readmore=129]
Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 2008, Lite2, and Ichitaro viewer 5.1.5.0 and earlier allows remote attackers to execute arbitrary code via a crafted file, as exploited in the wild by Trojan.Tarodrop.H in March 2009.
[http://www.justsystems.com/jp/info/js09001.html]
[ichitaro-webpuraguinbyua-code-execution(49280)]
[ADV-2009-0769]
[http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-031608-2424-99]
[34138]
[34405]
Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests.
[sitecore-web-service-info-disclosure(49298)]
[ADV-2009-0753]
[34162]
[20090317 Sitecore .NET 5.3.x - web service information disclosure]
[34356]
[http://sdn5.sitecore.net/Products/Sitecore%20V5/Sitecore%20CMS%205,-d-,3/ReleaseNotes/V5,-d-,3,-d-,2/ChangeLog.aspx]
IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported reports by "forcefully browsing."
[ADV-2009-0768]
[1021863]
[34163]
[PK79991]
[34349]
[52764]
MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file that triggers memory corruption, related to a "format string buffer overflow." NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
[zipitfast-zip-bo(49491)]
[8180]
[34223]
[52550]
Stack-based buffer overflow in ZipGenius might allow remote attackers to execute arbitrary code via a crafted .zip file that triggers an SEH overwrite. NOTE: it is possible that this overlaps CVE-2005-3317. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
[zipgenius-zip-bo(49490)]
[8180]
Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote attackers to execute arbitrary code via a crafted .zip file. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
[powerzip-zip-bo(49492)]
[8180]
Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009.
[apple-safari-unspecified-code-execution1(49463)]
[1021879]
[34179]
[http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9129978]
[52888]
[http://news.cnet.com/8301-1009_3-10199652-83.html]
[http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits]
[http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009]
[http://cansecwest.com/index.html]
Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062.
[http://www.adobe.com/support/security/bulletins/apsb09-04.html]
[ADV-2009-1019]
[1021892]
[34229]
[RHSA-2009:0376]
[256788]
[GLSA-200904-17]
[34790]
[34706]
[34490]
[34392]
[SUSE-SR:2009:009]
[SUSE-SA:2009:014]
Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061.
[34229]
[http://www.ivizsecurity.com/security-advisory-iviz-sr-09001.html]
[http://www.adobe.com/support/security/bulletins/apsb09-04.html]
[ADV-2009-1019]
[1021892]
[RHSA-2009:0376]
[256788]
[GLSA-200904-17]
[34790]
[34706]
[34490]
[34392]
[SUSE-SR:2009:009]
[SUSE-SA:2009:014]
Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers to execute arbitrary code via a crafted executable (.exe) file.
[exescope-exe-bo(49379)]
[ADV-2009-0821]
[34219]
[8270]
[34413]
[52868]
Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method.
[orbitdownloader-activex-file-deletion(49353)]
[http://www.waraxe.us/advisory-73.html]
[34200]
[8257]
SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[pixiecms-index-sql-injection(49334)]
[34364]
[52834]
SQL injection vulnerability in the referral function in admin/lib/lib_logs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request.
[pixiecms-referral-sql-injection(49335)]
[34189]
[8252]
[34364]
[52833]
[http://lampsecurity.org/Pixie-CMS-Multiple-Vulnerabilities]
[20090319 Pixie CMS Multiple Vulnerabilities]
Cross-site scripting (XSS) vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to inject arbitrary web script or HTML via the x parameter.
[pixiecms-index-xss(49333)]
[34189]
[8252]
[34364]
[52832]
[http://lampsecurity.org/Pixie-CMS-Multiple-Vulnerabilities]
[20090319 Pixie CMS Multiple Vulnerabilities]
Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file.
[bsplayer-bsl-bo(49342)]
[ADV-2009-0800]
[34190]
[20090320 Bs.Player <= 2.34 Build 980 (.bsl) local buffer overflow 0day exploit (seh)]
[8251]
[8249]
[34412]
[http://retrogod.altervista.org/9sg_bsplayer_seh.html]
[52841]
Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in the Node reference sub-module and the (2) names of candidate referenced users in the User reference sub-module.
[http://drupal.org/node/406520]
[cck-node-user-xss(49317)]
[34172]
[34370]
[52784]
[52783]
Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter.
[expressionengine-avatar-xss(49359)]
[34193]
[20090322 ExpressionEngine Persistent Cross-Site Scripting]
[http://www.ngenuity.org/wordpress/2009/01/28/ngenuity-2009-003-expressionengine-persistent-cross-site-scripting/]
[34379]
[http://expressionengine.com/docs/changelog.html#v167]
Stack-based buffer overflow in Icarus 2.0 allows remote attackers to cause a denial of service (application crach) or execute arbitrary code via a crafted Portable Game Notation (.pgn) file.
[icarus-pgn-bo(49309)]
[34167]
[8236]
[34368]
[52780]
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
[linux-kernel-capmknod-security-bypass(49356)]
[ADV-2009-3316]
[ADV-2009-0802]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-793-1]
[34205]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:1081]
[[oss-security] 20090323 CVE request: kernel: nfsd did not drop CAP_MKNOD for non-root]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9]
[DSA-1800]
[[linux-kernel] 20090311 VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK?]
[37471]
[35656]
[35394]
[35390]
[35343]
[35185]
[35121]
[34786]
[34432]
[34422]
[oval:org.mitre.oval:def:8382]
[oval:org.mitre.oval:def:10314]
[SUSE-SA:2009:031]
[SUSE-SA:2009:030]
[SUSE-SA:2009:028]
[SUSE-SA:2009:021]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=76a67ec6fb79ff3570dcb5342142c16098299911]
nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.
[DSA-1758]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476]
[34211]
[[oss-security] 20090324 Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap]
[[oss-security] 20090324 Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap]
[[oss-security] 20090324 Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap]
[[oss-security] 20090323 CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap]
[34523]
[http://launchpad.net/bugs/cve/2009-1073]
[http://ch.tudelft.nl/~arthur/nss-ldapd/news.html#20090322]
[http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/man/nss-ldapd.conf.5.xml?r1=805&r2=806]
[http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/debian/libnss-ldapd.postinst?r1=795&r2=813]
Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs.
[34191]
[253267]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1]
[http://blogs.sun.com/security/entry/sun_alert_253267_sun_java]
[ADV-2009-0797]
[1021881]
[34380]
Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
[34191]
[253267]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1]
[http://blogs.sun.com/security/entry/sun_alert_253267_sun_java]
[ADV-2009-0797]
[1021881]
[34380]
Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
[34191]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1]
[ADV-2009-0797]
[253267]
[1021881]
[34380]
[http://blogs.sun.com/security/entry/sun_alert_253267_sun_java]
The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password.
[34191]
[253267]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1]
[http://blogs.sun.com/security/entry/sun_alert_253267_sun_java]
[ADV-2009-0797]
[1021881]
[34380]
Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, which allows remote authenticated users to have an unspecified impact.
[34191]
[253267]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1]
[http://blogs.sun.com/security/entry/sun_alert_253267_sun_java]
[ADV-2009-0797]
[1021881]
[34380]
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683.
[34191]
[253267]
[http://blogs.sun.com/security/entry/sun_alert_253267_sun_java]
[ADV-2009-0797]
[1021881]
[34380]
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033.
[34191]
[253267]
[http://blogs.sun.com/security/entry/sun_alert_253267_sun_java]
[ADV-2009-0797]
[1021881]
[34380]
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19595 and 19661.
[34191]
[253267]
[http://blogs.sun.com/security/entry/sun_alert_253267_sun_java]
[ADV-2009-0797]
[1021881]
[34380]
Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs.
[34191]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1]
[ADV-2009-0797]
[253267]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1]
[1021881]
[34380]
[http://blogs.sun.com/security/entry/sun_alert_253267_sun_java]
Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving "resource adapters."
[253267]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1]
[http://blogs.sun.com/security/entry/sun_alert_253267_sun_java]
[ADV-2009-0797]
[34191]
[1021881]
[34380]
Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object.
[253267]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1]
[http://blogs.sun.com/security/entry/sun_alert_253267_sun_java]
[jsim-sco-unspecified(49607)]
[ADV-2009-0797]
[34191]
[1021881]
[34380]
Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh.
[[oss-security] 20090323 CVE request: API key disclosure in piwik]
[http://marco-ziesing.de/archives/35-Schluesselloch-in-Piwik.html]
[http://dev.piwik.org/trac/ticket/599]
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.
[34233]
[[oss-security] 20090324 CVE id request: ldns]
[http://www.nlnetlabs.nl/svn/ldns/tags/release-1.5.0/Changelog]
[http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=232]
[DSA-1795]
[35065]
[35013]
[SUSE-SR:2009:010]
Multiple argument injection vulnerabilities in PPLive.exe in PPLive 1.9.21 and earlier allow remote attackers to execute arbitrary code via a UNC share pathname in the LoadModule argument to the (1) synacast, (2) Play, (3) pplsv, or (4) ppvod URI handler. NOTE: some of these details are obtained from third party information.
[pplive-uri-code-execution(49263)]
[ADV-2009-0739]
[8215]
[34327]
Hannon Hill Cascade Server 5.7 and other versions allows remote authenticated users to execute arbitrary programs or Java code via a crafted XSLT stylesheet with "extension elements and extension functions" that trigger code execution by Xalan-Java, as demonstrated using xalan://java.lang.Runtime.
[cascadeserver-xlst-command-execution(49332)]
[34186]
[20090319 Command Execution in Hannon Hill Cascade Server]
[8247]
Absolute path traversal vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to read arbitrary files via a base64-encoded absolute path in the filename parameter.
[rapidleech-filename-info-disclosure(49253)]
[34119]
[20090314 [Bkis-03-2009] Multiple Vulnerabilities found in Rapidleech rev.36]
[34300]
Directory traversal vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uploaded parameter.
[rapidleech-uploaded-file-include(49256)]
[34119]
[20090314 [Bkis-03-2009] Multiple Vulnerabilities found in Rapidleech rev.36]
[http://security.bkis.vn/?p=345]
[34300]
[52753]
Cross-site scripting (XSS) vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to inject arbitrary web script or HTML via the uploaded parameter.
[rapidleech-upload-xss(49257)]
[34119]
[20090314 [Bkis-03-2009] Multiple Vulnerabilities found in Rapidleech rev.36]
[34300]
[52754]
Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote attackers to execute arbitrary code by calling the GetAudioPlayingTime method with certain arguments.
[geovision-liveaudio-activex-dos(49238)]
[34115]
[20090313 GeoVision LiveAudio ActiveX Control GetAudioPlayingTime() remote freed-memory access exploit]
[8206]
[http://retrogod.altervista.org/9sg_geovision_liveaudio_freedmem.html]
LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).
[254569]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-19-1]
[RHSA-2009:1198]
[RHSA-2009:0377]
[ADV-2009-3316]
[ADV-2009-1426]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-748-1]
[1021893]
[34240]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:1038]
[RHSA-2009:0394]
[RHSA-2009:0392]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html]
[MDVSA-2009:162]
[MDVSA-2009:137]
[DSA-1769]
[http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm]
[http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm]
[GLSA-200911-02]
[37460]
[37386]
[36185]
[35776]
[35416]
[35255]
[35223]
[35156]
[34675]
[34632]
[34496]
[34495]
[34489]
[oval:org.mitre.oval:def:6676]
[oval:org.mitre.oval:def:11343]
[HPSBUX02429]
[SUSE-SA:2009:036]
[SUSE-SR:2009:011]
[SUSE-SA:2009:029]
[SUSE-SA:2009:016]
[HPSBMA02429]
[HPSBMA02429]
Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.
[254569]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-19-1]
[RHSA-2009:1198]
[RHSA-2009:0377]
[ADV-2009-3316]
[ADV-2009-1900]
[ADV-2009-1426]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-748-1]
[1021893]
[34240]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:1038]
[RHSA-2009:0394]
[RHSA-2009:0392]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html]
[MDVSA-2009:162]
[MDVSA-2009:137]
[DSA-1769]
[http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm]
[http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm]
[GLSA-200911-02]
[37460]
[37386]
[36185]
[35776]
[35416]
[35255]
[35223]
[35156]
[34675]
[34632]
[34496]
[34495]
[34489]
[oval:org.mitre.oval:def:6598]
[oval:org.mitre.oval:def:11064]
[HPSBUX02429]
[SUSE-SA:2009:036]
[SUSE-SR:2009:011]
[SUSE-SA:2009:029]
[SUSE-SA:2009:016]
[HPSBMA02429]
[HPSBMA02429]
Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.
[254570]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1]
[RHSA-2009:1198]
[RHSA-2009:0377]
[ADV-2009-3316]
[ADV-2009-1426]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-748-1]
[1021894]
[34240]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:1038]
[RHSA-2009:0394]
[RHSA-2009:0392]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html]
[MDVSA-2009:162]
[MDVSA-2009:137]
[DSA-1769]
[http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm]
[http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm]
[1020225]
[GLSA-200911-02]
[37460]
[37386]
[36185]
[35776]
[35416]
[35255]
[35223]
[35156]
[34675]
[34632]
[34496]
[34495]
[34489]
[oval:org.mitre.oval:def:6643]
[oval:org.mitre.oval:def:10124]
[HPSBUX02429]
[SUSE-SA:2009:036]
[SUSE-SR:2009:011]
[SUSE-SA:2009:029]
[SUSE-SA:2009:016]
[20090326 Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability]
[SSRT090058]
[SSRT090058]
Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.
[254570]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1]
[RHSA-2009:1198]
[RHSA-2009:0377]
[ADV-2009-3316]
[ADV-2009-1426]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-748-1]
[1021894]
[34240]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:1038]
[RHSA-2009:0394]
[RHSA-2009:0392]
[MDVSA-2009:162]
[MDVSA-2009:137]
[DSA-1769]
[http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm]
[http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm]
[1020225]
[GLSA-200911-02]
[37460]
[37386]
[36185]
[35416]
[35255]
[35223]
[35156]
[34675]
[34632]
[34496]
[34495]
[34489]
[oval:org.mitre.oval:def:8844]
[oval:org.mitre.oval:def:6659]
[HPSBUX02429]
[SUSE-SA:2009:036]
[SUSE-SR:2009:011]
[SUSE-SA:2009:029]
[SUSE-SA:2009:016]
[HPSBMA02429]
[HPSBMA02429]
Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.
[254571]
[RHSA-2009:1198]
[RHSA-2009:0377]
[jre-gif-file-bo(49475)]
[ADV-2009-3316]
[ADV-2009-1426]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-748-1]
[1021913]
[34240]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:1038]
[RHSA-2009:0392]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html]
[MDVSA-2009:162]
[MDVSA-2009:137]
[DSA-1769]
[http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm]
[GLSA-200911-02]
[37460]
[37386]
[36185]
[35776]
[35255]
[35223]
[35156]
[34675]
[34632]
[34496]
[34489]
[oval:org.mitre.oval:def:6288]
[oval:org.mitre.oval:def:11241]
[HPSBUX02429]
[SUSE-SA:2009:036]
[SUSE-SA:2009:029]
[SUSE-SA:2009:016]
[20090326 Sun Java Web Start (JWS ) PNG Decoding Integer Overflow Vulnerability]
[20090326 Sun Java Runtine Environment (JRE) GIF Decoding Heap Corruption Vulnerability]
[HPSBMA02429]
[HPSBMA02429]
Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.
[254571]
[RHSA-2009:1198]
[RHSA-2009:0377]
[ADV-2009-3316]
[ADV-2009-1426]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-748-1]
[1021913]
[34240]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:1038]
[RHSA-2009:0394]
[RHSA-2009:0392]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html]
[MDVSA-2009:162]
[MDVSA-2009:137]
[DSA-1769]
[http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm]
[http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm]
[GLSA-200911-02]
[37460]
[37386]
[36185]
[35776]
[35416]
[35255]
[35223]
[35156]
[34675]
[34632]
[34496]
[34495]
[34489]
[oval:org.mitre.oval:def:9956]
[oval:org.mitre.oval:def:6008]
[HPSBUX02429]
[SUSE-SA:2009:036]
[SUSE-SR:2009:011]
[SUSE-SA:2009:029]
[SUSE-SA:2009:016]
[SSRT090058]
[SSRT090058]
Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow.
[254571]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1]
[RHSA-2009:1198]
[ADV-2009-3316]
[ADV-2009-1426]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[1021913]
[34240]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:1038]
[RHSA-2009:0394]
[RHSA-2009:0392]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html]
[http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm]
[http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm]
[GLSA-200911-02]
[37460]
[37386]
[36185]
[35776]
[35416]
[35255]
[35223]
[35156]
[34496]
[34495]
[oval:org.mitre.oval:def:5726]
[HPSBUX02429]
[SUSE-SA:2009:036]
[SUSE-SR:2009:011]
[SUSE-SA:2009:029]
[SUSE-SA:2009:016]
[20090326 Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability]
[HPSBMA02429]
[HPSBMA02429]
Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.
[254608]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-19-1]
[RHSA-2009:1198]
[ADV-2009-3316]
[ADV-2009-1426]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-748-1]
[1021917]
[34240]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:1038]
[RHSA-2009:0394]
[RHSA-2009:0392]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html]
[http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm]
[http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm]
[GLSA-200911-02]
[37460]
[37386]
[36185]
[35776]
[35416]
[35255]
[35223]
[35156]
[34496]
[34495]
[34489]
[oval:org.mitre.oval:def:6224]
[HPSBUX02429]
[SUSE-SA:2009:036]
[SUSE-SR:2009:011]
[SUSE-SA:2009:029]
[SUSE-SA:2009:016]
[HPSBMA02429]
[HPSBMA02429]
Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak."
[254609]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1]
[RHSA-2009:1198]
[RHSA-2009:0377]
[ADV-2009-3316]
[ADV-2009-1426]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-748-1]
[1021918]
[34240]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:1038]
[RHSA-2009:0392]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html]
[MDVSA-2009:162]
[MDVSA-2009:137]
[DSA-1769]
[http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm]
[GLSA-200911-02]
[37460]
[37386]
[36185]
[35776]
[35255]
[35223]
[35156]
[34675]
[34632]
[34496]
[34489]
[oval:org.mitre.oval:def:6412]
[oval:org.mitre.oval:def:10152]
[HPSBUX02429]
[SUSE-SA:2009:036]
[SUSE-SA:2009:029]
[SUSE-SA:2009:016]
[SSRT090058]
[SSRT090058]
Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
[254610]
[RHSA-2009:0377]
[ADV-2009-3316]
[ADV-2009-1426]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-748-1]
[1021919]
[34240]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:0392]
[MDVSA-2009:162]
[MDVSA-2009:137]
[http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm]
[GLSA-200911-02]
[37460]
[37386]
[35255]
[35223]
[34632]
[34496]
[34489]
[oval:org.mitre.oval:def:6722]
[oval:org.mitre.oval:def:10300]
[HPSBUX02429]
[SUSE-SA:2009:029]
[SUSE-SA:2009:016]
[HPSBMA02429]
[HPSBMA02429]
Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860.
[254611]
[RHSA-2009:1198]
[jre-javaplugin-privilege-escalation(49456)]
[ADV-2009-3316]
[ADV-2009-1426]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[1021920]
[34240]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:1038]
[RHSA-2009:0394]
[RHSA-2009:0392]
[http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm]
[http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm]
[GLSA-200911-02]
[37460]
[37386]
[36185]
[35416]
[35255]
[35156]
[34496]
[34495]
[oval:org.mitre.oval:def:6542]
[HPSBUX02429]
[SUSE-SA:2009:036]
[SUSE-SR:2009:011]
[SUSE-SA:2009:016]
[SSRT090058]
[SSRT090058]
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.
[254611]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1]
[RHSA-2009:1198]
[jre-plugin-javascriptcode-unauthorized-access(49457)]
[ADV-2009-3316]
[ADV-2009-1426]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[1021920]
[34240]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:1038]
[RHSA-2009:0394]
[RHSA-2009:0392]
[http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm]
[http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm]
[GLSA-200911-02]
[37460]
[37386]
[36185]
[35416]
[35255]
[35156]
[34496]
[34495]
[oval:org.mitre.oval:def:6584]
[HPSBUX02429]
[SUSE-SA:2009:036]
[SUSE-SR:2009:011]
[SUSE-SA:2009:016]
[SSRT090058]
[SSRT090058]
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.
[254611]
[RHSA-2009:1198]
[jre-plugin-weak-security(49458)]
[ADV-2010-1191]
[ADV-2009-3316]
[ADV-2009-1426]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[1021920]
[34240]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:1038]
[RHSA-2009:0392]
[http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm]
[http://support.apple.com/kb/HT4171]
[GLSA-200911-02]
[39819]
[37460]
[37386]
[36185]
[35255]
[35156]
[34496]
[oval:org.mitre.oval:def:6642]
[HPSBUX02429]
[SUSE-SA:2009:036]
[SUSE-SA:2009:016]
[APPLE-SA-2010-05-18-1]
[SSRT090058]
[SSRT090058]
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.
[254611]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1]
[RHSA-2009:1198]
[jre-plugin-crossdomain-info-disclosure(49459)]
[ADV-2009-3316]
[ADV-2009-1426]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[1021920]
[34240]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:1038]
[RHSA-2009:0392]
[http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm]
[GLSA-200911-02]
[37460]
[37386]
[36185]
[35255]
[35156]
[34496]
[oval:org.mitre.oval:def:6619]
[HPSBUX02429]
[SUSE-SA:2009:036]
[SUSE-SA:2009:016]
[SSRT090058]
[SSRT090058]
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
[254611]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-14-1]
[RHSA-2009:1198]
[jre-plugin-signedapplet-unauth-access(49460)]
[ADV-2009-3316]
[ADV-2009-1426]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[1021920]
[34240]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:1038]
[RHSA-2009:0394]
[RHSA-2009:0392]
[http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm]
[http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm]
[GLSA-200911-02]
[37460]
[37386]
[36185]
[35416]
[35255]
[35156]
[34496]
[34495]
[oval:org.mitre.oval:def:6585]
[HPSBUX02429]
[SUSE-SA:2009:036]
[SUSE-SR:2009:011]
[SUSE-SA:2009:016]
[HPSBMA02429]
[HPSBMA02429]
Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 and 6.3 before SP2 allow remote attackers to execute arbitrary code via a crafted message to (1) ctrlservice.exe or (2) rep_srv.exe, possibly related to an integer overflow.
[ADV-2009-1018]
[1022026]
[34449]
[20090409 FGA-2009-003:EMC RepliStor Buffer Overflow Vulnerability]
[http://www.fortiguardcenter.com/advisory/FGA-2009-13.html]
[34699]
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
[TA09-160A]
[MS09-020]
[ADV-2009-1539]
[1022358]
[35232]
[20090616 IIS WebDav Vulnerability CVE ID]
[oval:org.mitre.oval:def:5861]
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
[TA09-160A]
[MS09-025]
[ADV-2009-1544]
[1022359]
[35372]
[oval:org.mitre.oval:def:6206]
[54940]
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
[TA09-160A]
[MS09-025]
[ADV-2009-1544]
[1022359]
[35238]
[35372]
[oval:org.mitre.oval:def:6231]
[54941]
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
[TA09-160A]
[MS09-025]
[ADV-2009-1544]
[1022359]
[35240]
[35372]
[oval:org.mitre.oval:def:5912]
[54942]
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
[TA09-160A]
[MS09-025]
[ADV-2009-1544]
[1022359]
[35372]
[oval:org.mitre.oval:def:6016]
[54943]
win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
[TA09-314A]
[MS09-065]
[oval:org.mitre.oval:def:5588]
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
[TA09-132A]
[MS09-017]
[ADV-2009-1290]
[1022205]
[34837]
[32428]
[oval:org.mitre.oval:def:5416]
Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
[TA09-132A]
[MS09-017]
[ADV-2009-1290]
[1022205]
[34839]
[32428]
[oval:org.mitre.oval:def:6176]
[54387]
[20090512 Microsoft PowerPoint PPT95 Import Multiple Stack Buffer Overflow Vulnerabilities]
Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
[TA09-132A]
[http://www.zerodayinitiative.com/advisories/ZDI-09-020/]
[ADV-2009-1290]
[1022205]
[34840]
[20090512 ZDI-09-020: Microsoft Office PowerPoint Notes Container Heap Overflow Vulnerability]
[MS09-017]
[32428]
[oval:org.mitre.oval:def:5961]
[20090512 Microsoft PowerPoint Notes Container Heap Corruption Vulnerability]
Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
[TA09-132A]
[ADV-2009-1290]
[1022205]
[34841]
[20090512 Secunia Research: Microsoft PowerPoint Atom Parsing Buffer Overflows]
[MS09-017]
[http://secunia.com/secunia_research/2008-46/]
[32428]
[oval:org.mitre.oval:def:5351]
[54393]
Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
[TA09-251A]
[MS09-049]
[oval:org.mitre.oval:def:6389]
Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
[TA09-223A]
[ADV-2009-2238]
[MS09-044]
[1022709]
[36229]
[oval:org.mitre.oval:def:5693]
Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "Record Pointer Corruption Vulnerability."
[TA09-160A]
[MS09-021]
[http://www.zerodayinitiative.com/advisories/ZDI-09-040/]
[ADV-2009-1540]
[1022351]
[35246]
[20090610 ZDI-09-040: Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability]
[oval:org.mitre.oval:def:5922]
[54958]
Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
[TA09-195A]
[MS09-031]
[ADV-2009-1889]
[1022547]
[35784]
[oval:org.mitre.oval:def:5649]
The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
[TA09-223A]
[MS09-043]
[http://xeye.us/blog/2009/07/one-0day/]
[http://www.microsoft.com/technet/security/advisory/973472.mspx]
[http://trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/browser/owc_spreadsheet_msdso.rb]
[oval:org.mitre.oval:def:5809]
[http://isc.sans.org/diary.html?storyid=6778]
[http://blogs.technet.com/srd/archive/2009/07/13/more-information-about-the-office-web-components-activex-vulnerability.aspx]
[http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx]
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
[TA09-132A]
[powerpoint-sounddata-code-execution(50425)]
[ADV-2009-1290]
[1022205]
[34876]
[MS09-017]
[32428]
[oval:org.mitre.oval:def:5946]
[54381]
The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
[TA09-160A]
[ADV-2009-1537]
[35226]
[MS09-018]
[1022349]
[http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm]
[35355]
[oval:org.mitre.oval:def:6180]
[54937]
[20090611 Microsoft Active Directory Hexdecimal DN AttributeValue Invalid Free Vulnerability]
Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
[TA09-160A]
[MS09-018]
[ADV-2009-1537]
[1022349]
[35225]
[http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm]
[35355]
[oval:org.mitre.oval:def:6253]
[54938]
Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability."
[TA09-160A]
[MS09-019]
[ADV-2009-1538]
[1022350]
[oval:org.mitre.oval:def:6278]
Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
[TA09-160A]
[MS09-019]
[ADV-2009-1538]
[1022350]
[20090610 FortiGuard Advisory: Microsoft Internet Explorer DHTML Handling Remote Memory Corruption Vulnerability]
[http://www.fortiguardcenter.com/advisory/FGA-2009-22.html]
[oval:org.mitre.oval:def:5554]
Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.
[34401]
[GLSA-200904-07]
[34610]
[53529]
[http://bugs.gentoo.org/show_bug.cgi?id=242930]
[http://bugs.gentoo.org/show_bug.cgi?id=200023]
Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761.
[20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues]
[[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues]
[ADV-2009-0944]
[http://www.vmware.com/security/advisories/VMSA-2009-0005.html]
[1021977]
[34373]
[oval:org.mitre.oval:def:6310]
Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors.
[ADV-2009-0944]
[http://www.vmware.com/security/advisories/VMSA-2009-0005.html]
[1021976]
[34373]
[20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues]
[oval:org.mitre.oval:def:5471]
[[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues]
Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable).
[http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php]
[34642]
[34468]
[http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303]
[SUSE-SR:2009:008]
CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.
[http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php]
[http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303]
[34642]
[34468]
[SUSE-SR:2009:008]
Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.
[http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php]
[34251]
[MDVSA-2009:115]
[DSA-1824]
[GLSA-200906-03]
[35635]
[35585]
[34642]
[34430]
[http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986&r2=12302&pathrev=12302]
[SUSE-SR:2009:008]
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
[http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php]
[34236]
[20090609 CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept]
[MDVSA-2009:115]
[http://www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/]
[DSA-1824]
[GLSA-200906-03]
[35635]
[35585]
[34642]
[34430]
[http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301]
[SUSE-SR:2009:008]
[http://labs.neohapsis.com/2009/04/06/about-cve-2009-1151/]
Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and possibly other versions, allows remote attackers to cause a denial of service (device restart and loss of configuration) by connecting to TCP port 53, then closing the connection.
[gigaset-se461-html-dos(49365)]
[34220]
[8260]
[http://helith.net/txt/siemens_gigaset_se461_wimax_router_remote_dos.txt]
Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.
[20090818 Cisco IOS XR Software Border Gateway Protocol Vulnerability]
[1022756]
Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors.
Per vendor advisory: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml
"VPN Authentication Bypass Vulnerability
Cisco ASA or Cisco PIX security appliances that are configured for IPsec or SSL-based remote access VPN and have the Override Account Disabled feature enabled are affected by this vulnerability.
Note: The Override Account Disabled feature was introduced in Cisco ASA software version 7.1(1). Cisco ASA and PIX software versions 7.1, 7.2, 8.0, and 8.1 are affected by this vulnerability. This feature is disabled by default. "
[20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances]
[ADV-2009-0981]
[1022016]
[34429]
[34607]
[53441]
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2) HTTP packet.
Per vendor advisory: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml
VPN Authentication Bypass Vulnerability
The Cisco ASA or Cisco PIX security appliance can be configured to override an account-disabled indication from a AAA server and allow the user to log on anyway. However, the user must provide the correct credentials in order to login to the VPN. A vulnerability exists in the Cisco ASA and Cisco PIX security appliances where VPN users can bypass authentication when the override account feature is enabled.
Note: The override account feature was introduced in Cisco ASA software version 7.1(1).
The override account feature is enabled with the override-account-disable command in tunnel-group general-attributes configuration mode, as shown in the following example. The following example allows overriding the "account-disabled" indicator from the AAA server for the WebVPN tunnel group "testgroup":
hostname(config)#tunnel-group testgroup type webvpn
hostname(config)#tunnel-group testgroup general-attributes
hostname(config-tunnel-general)#override-account-disable
Note: The override account feature is disabled by default.
[20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances]
[ADV-2009-0981]
[1022015]
[34429]
[34607]
[53442]
Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet.
Per vendor advisory: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml
Crafted TCP Packet DoS Vulnerability
Cisco ASA and Cisco PIX security appliances may experience a memory leak that can be triggered by a series of crafted TCP packets. Cisco ASA and Cisco PIX security appliances running versions 7.0, 7.1, 7.2, 8.0, and 8.1 are affected when configured for any of the following features:
* SSL VPNs
* ASDM Administrative Access
* Telnet Access
* SSH Access
* Cisco Tunneling Control Protocol (cTCP) for Remote Access VPNs
* Virtual Telnet
* Virtual HTTP
* Transport Layer Security (TLS) Proxy for Encrypted Voice Inspection
* Cut-Through Proxy for Network Access
* TCP Intercept
[20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances]
[ADV-2009-0981]
[1022015]
[34429]
[34607]
[53445]
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet.
[20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances]
[ADV-2009-0981]
[1022015]
[34429]
[34607]
[53444]
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets.
[20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances]
[ADV-2009-0981]
[1022015]
[34429]
[34607]
[53446]
Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277.
[20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances]
[ADV-2009-0981]
[1022017]
[34429]
[34607]
Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.
[20090520 CiscoWorks TFTP Directory Traversal Vulnerability]
[ADV-2009-1390]
[35040]
[1022263]
[35179]
[54616]
[JVNDB-2009-000032]
[JVN#62527913]
Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter.
[ironport-asyncos-referrer-xss(50948)]
[1022335]
[35203]
[http://tools.cisco.com/security/center/viewAlert.x?alertId=18365]
[34895]
[54884]
Memory leak on the Cisco Physical Access Gateway with software before 1.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified TCP packets.
[20090624 Cisco Physical Access Gateway Denial of Service Vulnerability]
[1022444]
[35477]
[http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080ad0fb2.html]
The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.2 before 4.2.205.0 and 5.x before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a malformed response to a (1) HTTP or (2) HTTPS authentication request, aka Bug ID CSCsx03715.
[20090727 Multiple Vulnerabilities in Cisco Wireless LAN Controllers]
[ADV-2009-2021]
Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0, 5.1 before 5.1.163.0, and 5.0 and 5.2 before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (memory consumption and device reload) via SSH management connections, aka Bug ID CSCsw40789.
[20090727 Multiple Vulnerabilities in Cisco Wireless LAN Controllers]
[ADV-2009-2021]
[1022605]
[35817]
The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy27708.
[20090727 Multiple Vulnerabilities in Cisco Wireless LAN Controllers]
[ADV-2009-2021]
[1022605]
Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to modify the configuration via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy44672.
[ADV-2009-2021]
[1022606]
[20090727 Multiple Vulnerabilities in Cisco Wireless LAN Controllers]
Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (memory corruption and device reload) by using an RFC4271 peer to send an update with a long series of AS numbers, aka Bug ID CSCsy86021.
[20090729 Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities]
[ADV-2009-2082]
[1022619]
[35862]
[36046]
[oval:org.mitre.oval:def:6697]
The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.
Per: http://www.securityfocus.com/bid/34235/info
Mozilla Firefox is prone to a remote memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the affected browser. Failed exploit attempt will result in a denial-of-service condition.
[https://bugzilla.mozilla.org/show_bug.cgi?id=485286]
[https://bugzilla.mozilla.org/show_bug.cgi?id=485217]
[ADV-2009-0853]
[34235]
[http://www.mozilla.org/security/announce/2009/mfsa2009-12.html]
[SUSE-SA:2009:023]
[SUSE-SA:2009:022]
[FEDORA-2009-3101]
[FEDORA-2009-3100]
[FEDORA-2009-3099]
[https://bugzilla.mozilla.org/show_bug.cgi?id=460090]
[mozilla-xslt-code-execution(49439)]
[USN-745-1]
[1021939]
[RHSA-2009:0398]
[RHSA-2009:0397]
[8285]
[MDVSA-2009:084]
[DSA-1756]
[http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm]
[34792]
[34550]
[34549]
[34527]
[34521]
[34511]
[34510]
[34505]
[34486]
[34471]
[oval:org.mitre.oval:def:11372]
[http://blogs.zdnet.com/security/?p=3013]
Unspecified vulnerability in Sun OpenSolaris snv_100 through snv_101 allows local users, with privileges in a non-global zone, to execute arbitrary code in the global zone when a global-zone user is using mdb on a non-global zone process.
[opensolaris-mdb-code-execution(49468)]
[ADV-2009-0877]
[1021944]
[34272]
[255608]
The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.
[FEDORA-2009-3283]
[FEDORA-2009-3280]
[USN-791-2]
[8297]
[DSA-1761]
[http://tracker.moodle.org/browse/MDL-18552]
[35570]
[34600]
[34557]
[34517]
[SUSE-SR:2009:009]
[http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5]
The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.
[http://www-01.ibm.com/support/docview.wss?uid=swg27014463]
[http://www-01.ibm.com/support/docview.wss?uid=swg27007951]
[34502]
[34461]
[34131]
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have been accessible if the intended 755 permissions were used.
[ADV-2009-0854]
[http://www-01.ibm.com/support/docview.wss?uid=swg27014463]
[34259]
[PK82988]
[34461]
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors.
[http://www-01.ibm.com/support/docview.wss?uid=swg27014463]
[ADV-2009-1464]
[34506]
[http://www-01.ibm.com/support/docview.wss?uid=swg27006876]
[35301]
[34461]
Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message.
[[oss-security] 20090330 [Fwd: Cross-Site Scripting in Banshee DAAP Extension]]
[http://bugzilla.gnome.org/show_bug.cgi?id=577270]
mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action.
[[mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes]
[FEDORA-2009-3383]
[FEDORA-2009-3357]
[1021952]
[34306]
[20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3]
[http://www.positronsecurity.com/advisories/2009-000.html]
[34603]
Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown impact and remote attack vectors.
[[mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes]
[FEDORA-2009-3383]
[FEDORA-2009-3357]
[1021952]
[34306]
[20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3]
[http://www.positronsecurity.com/advisories/2009-000.html]
[http://trac.osgeo.org/mapserver/ticket/2944]
[34603]
Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line."
[http://www-01.ibm.com/support/docview.wss?uid=swg21246076]
[ADV-2009-0881]
[34285]
[http://www-01.ibm.com/support/docview.wss?uid=swg21375360]
[1021945]
[34498]
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.
[VU#196617]
[RHSA-2009:0430]
[FEDORA-2009-6982]
[FEDORA-2009-6973]
[FEDORA-2009-6972]
[https://bugzilla.redhat.com/show_bug.cgi?id=495889]
[ADV-2010-1040]
[ADV-2009-1621]
[ADV-2009-1522]
[ADV-2009-1077]
[ADV-2009-1076]
[ADV-2009-1066]
[ADV-2009-1065]
[1022073]
[34568]
[RHSA-2009:0480]
[RHSA-2009:0431]
[RHSA-2009:0429]
[MDVSA-2011:175]
[MDVSA-2010:087]
[MDVSA-2009:101]
[DSA-1793]
[DSA-1790]
[http://support.apple.com/kb/HT3639]
[http://support.apple.com/kb/HT3613]
[SSA:2009-129-01]
[35685]
[35618]
[35379]
[35065]
[35064]
[35037]
[34991]
[34963]
[34959]
[34852]
[34756]
[34755]
[34746]
[34481]
[34291]
[RHSA-2009:0458]
[http://poppler.freedesktop.org/releases.html]
[oval:org.mitre.oval:def:11892]
[SUSE-SR:2009:012]
[SUSE-SR:2009:010]
[SUSE-SA:2009:024]
[APPLE-SA-2009-06-17-1]
[APPLE-SA-2009-06-08-1]
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.
[VU#196617]
[ADV-2009-1076]
[ADV-2009-1066]
[ADV-2009-1065]
[34568]
[RHSA-2009:0480]
[RHSA-2009:0431]
[RHSA-2009:0430]
[RHSA-2009:0429]
[DSA-1793]
[DSA-1790]
[RHSA-2009:0458]
[http://poppler.freedesktop.org/releases.html]
[FEDORA-2009-6982]
[FEDORA-2009-6973]
[FEDORA-2009-6972]
[https://bugzilla.redhat.com/show_bug.cgi?id=495892]
[ADV-2010-1040]
[ADV-2009-1077]
[1022073]
[MDVSA-2011:175]
[MDVSA-2010:087]
[MDVSA-2009:101]
[SSA:2009-129-01]
[35685]
[35618]
[35065]
[35064]
[35037]
[34991]
[34963]
[34959]
[34852]
[34756]
[34755]
[34746]
[34481]
[34291]
[oval:org.mitre.oval:def:9926]
[SUSE-SR:2009:012]
[SUSE-SR:2009:010]
[SUSE-SA:2009:024]
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.
[VU#196617]
[ADV-2009-1076]
[ADV-2009-1066]
[ADV-2009-1065]
[34568]
[RHSA-2009:0431]
[RHSA-2009:0430]
[RHSA-2009:0429]
[DSA-1793]
[DSA-1790]
[35037]
[http://poppler.freedesktop.org/releases.html]
[FEDORA-2009-6982]
[FEDORA-2009-6973]
[FEDORA-2009-6972]
[https://bugzilla.redhat.com/show_bug.cgi?id=495894]
[ADV-2010-1040]
[ADV-2009-1077]
[1022072]
[RHSA-2009:0480]
[MDVSA-2011:175]
[MDVSA-2010:087]
[MDVSA-2009:101]
[SSA:2009-129-01]
[35685]
[35618]
[35065]
[35064]
[34991]
[34963]
[34959]
[34852]
[34756]
[34755]
[34746]
[34481]
[34291]
[RHSA-2009:0458]
[oval:org.mitre.oval:def:9683]
[SUSE-SR:2009:012]
[SUSE-SR:2009:010]
[SUSE-SA:2009:024]
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
[VU#196617]
[FEDORA-2009-6982]
[FEDORA-2009-6973]
[FEDORA-2009-6972]
[https://bugzilla.redhat.com/show_bug.cgi?id=495896]
[ADV-2010-1040]
[ADV-2009-1077]
[ADV-2009-1076]
[ADV-2009-1066]
[ADV-2009-1065]
[1022073]
[34568]
[RHSA-2009:0480]
[RHSA-2009:0431]
[RHSA-2009:0430]
[RHSA-2009:0429]
[MDVSA-2011:175]
[MDVSA-2010:087]
[MDVSA-2009:101]
[DSA-1793]
[DSA-1790]
[SSA:2009-129-01]
[35685]
[35618]
[35065]
[35064]
[35037]
[34991]
[34963]
[34959]
[34852]
[34756]
[34755]
[34746]
[34481]
[34291]
[RHSA-2009:0458]
[http://poppler.freedesktop.org/releases.html]
[oval:org.mitre.oval:def:10735]
[SUSE-SR:2009:012]
[SUSE-SR:2009:010]
[SUSE-SA:2009:024]
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
[VU#196617]
[ADV-2009-1065]
[34568]
[RHSA-2009:0480]
[RHSA-2009:0430]
[RHSA-2009:0429]
[DSA-1793]
[DSA-1790]
[RHSA-2009:0458]
[http://poppler.freedesktop.org/releases.html]
[FEDORA-2009-6982]
[FEDORA-2009-6973]
[FEDORA-2009-6972]
[https://bugzilla.redhat.com/show_bug.cgi?id=495899]
[ADV-2010-1040]
[ADV-2009-1077]
[ADV-2009-1076]
[ADV-2009-1066]
[1022072]
[RHSA-2009:0431]
[MDVSA-2011:175]
[MDVSA-2010:087]
[MDVSA-2009:101]
[SSA:2009-129-01]
[35685]
[35618]
[35065]
[35064]
[35037]
[34991]
[34963]
[34959]
[34852]
[34756]
[34755]
[34746]
[34481]
[34291]
[oval:org.mitre.oval:def:10769]
[SUSE-SR:2009:012]
[SUSE-SR:2009:010]
[SUSE-SA:2009:024]
The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21.
[http://patchwork.ozlabs.org/patch/25238/]
[https://launchpad.net/bugs/cve/2009-1184]
[USN-793-1]
[[oss-security] 20090504 CVE-2009-1184 selinux: skipped node/port send checks in the compat_net=1 case]
[MDVSA-2009:135]
[MDVSA-2009:119]
[MDVSA-2009:118]
[DSA-1800]
[35656]
[35121]
[[linux-kernel] 20090502 Linux 2.6.28.10]
[[linux-kernel] 20090502 Linux 2.6.27.21]
[http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=910c9e41186762de3717baaf392ab5ff0c454496]
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
[34536]
[DSA-1772]
[FEDORA-2009-3711]
[FEDORA-2009-3712]
[https://launchpad.net/bugs/cve/2009-1185]
[https://bugzilla.redhat.com/show_bug.cgi?id=495051]
[ADV-2009-1865]
[ADV-2009-1053]
[http://www.vmware.com/security/advisories/VMSA-2009-0009.html]
[USN-758-1]
[1022067]
[20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl]
[20090417 rPSA-2009-0063-1 udev]
[RHSA-2009:0427]
[8572]
[MDVSA-2009:104]
[MDVSA-2009:103]
[GLSA-200904-18]
[http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0063]
[http://wiki.rpath.com/Advisories:rPSA-2009-0063]
[SSA:2009-111-01]
[35766]
[34801]
[34787]
[34785]
[34776]
[34771]
[34753]
[34750]
[34731]
[oval:org.mitre.oval:def:5975]
[oval:org.mitre.oval:def:10925]
[[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl]
[SUSE-SA:2009:025]
[SUSE-SA:2009:020]
[http://git.kernel.org/?p=linux/hotplug/udev.git;a=commitdiff;h=e86a923d508c2aed371cdd958ce82489cf2ab615]
[http://git.kernel.org/?p=linux/hotplug/udev.git;a=commitdiff;h=e2b362d9f23d4c63018709ab5f81a02f72b91e75]
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.
[FEDORA-2009-3711]
[FEDORA-2009-3712]
[https://launchpad.net/bugs/cve/2009-1186]
[https://bugzilla.redhat.com/show_bug.cgi?id=495052]
[ADV-2009-1053]
[USN-758-1]
[1022068]
[34539]
[20090417 rPSA-2009-0063-1 udev]
[MDVSA-2009:103]
[GLSA-200904-18]
[DSA-1772]
[http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0063]
[http://wiki.rpath.com/Advisories:rPSA-2009-0063]
[SSA:2009-111-01]
[34801]
[34787]
[34785]
[34776]
[34771]
[34753]
[34750]
[34731]
[SUSE-SA:2009:020]
[http://git.kernel.org/?p=linux/hotplug/udev.git;a=commitdiff;h=662c3110803bd8c1aedacc36788e6fd028944314]
Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).
[VU#196617]
[http://bugs.gentoo.org/show_bug.cgi?id=263028#c16]
[FEDORA-2009-6982]
[FEDORA-2009-6973]
[FEDORA-2009-6972]
[https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/361875]
[poppler-jbig2-cairooutputdev-code-excution(50184)]
[ADV-2010-1040]
[ADV-2009-1076]
[34568]
[20090417 rPSA-2009-0059-1 poppler]
[RHSA-2009:0480]
[MDVSA-2011:175]
[MDVSA-2010:087]
[http://wiki.rpath.com/Advisories:rPSA-2009-0059]
[35618]
[35064]
[34746]
[http://poppler.freedesktop.org/releases.html]
[oval:org.mitre.oval:def:10292]
Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
[VU#196617]
[http://bugs.gentoo.org/show_bug.cgi?id=263028#c16]
[FEDORA-2009-6982]
[FEDORA-2009-6973]
[FEDORA-2009-6972]
[RHSA-2009:1512]
[RHSA-2009:1503]
[RHSA-2009:1502]
[RHSA-2009:1501]
[https://bugzilla.redhat.com/show_bug.cgi?id=526915]
[https://bugzilla.redhat.com/show_bug.cgi?id=495907]
[https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/361875]
[poppler-jbig2-splashbitmap-code-execution(50185)]
[ADV-2010-1220]
[ADV-2010-1040]
[ADV-2010-0802]
[ADV-2009-2928]
[ADV-2009-1076]
[34568]
[20090417 rPSA-2009-0059-1 poppler]
[RHSA-2009:0480]
[MDVSA-2011:175]
[MDVSA-2010:087]
[DSA-2050]
[DSA-2028]
[http://wiki.rpath.com/Advisories:rPSA-2009-0059]
[39938]
[39327]
[37079]
[37077]
[37053]
[37043]
[37037]
[37028]
[35618]
[35064]
[34746]
[http://poppler.freedesktop.org/releases.html]
[oval:org.mitre.oval:def:9957]
[FEDORA-2010-1377]
[FEDORA-2010-1842]
[FEDORA-2010-1805]
The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
[http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a]
[RHSA-2010:0095]
[dbus-dbusmarshalvalidate-spoofing(50385)]
[ADV-2010-0528]
[31602]
[[oss-security] 20090416 CVE-2009-1189: invalid fix for CVE-2008-3834 (dbus)]
[38794]
[35810]
[32127]
[oval:org.mitre.oval:def:10308]
[[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates]
[http://bugs.freedesktop.org/show_bug.cgi?id=17803]
Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.
[https://bugzilla.redhat.com/show_bug.cgi?id=497161]
[springframework-data-dos(50083)]
[http://www.springsource.com/securityadvisory]
[20090424 CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability]
[http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf]
[34892]
mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
[34663]
[http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff]
[http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=766938&r2=767089]
[https://issues.apache.org/bugzilla/show_bug.cgi?id=46949]
[apache-modproxyajp-information-disclosure(50059)]
[ADV-2009-3184]
[ADV-2009-1147]
[USN-787-1]
[1022264]
[MDVSA-2009:102]
[http://support.apple.com/kb/HT3937]
[GLSA-200907-04]
[35721]
[35395]
[34827]
[oval:org.mitre.oval:def:8261]
[53921]
[APPLE-SA-2009-11-09-1]
The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.
[https://bugzilla.redhat.com/show_bug.cgi?id=497020]
[34673]
[http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc3]
[ADV-2009-3316]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-793-1]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[20090516 rPSA-2009-0084-1 kernel]
[RHSA-2009:1081]
[MDVSA-2009:135]
[MDVSA-2009:119]
[DSA-1800]
[DSA-1794]
[DSA-1787]
[http://wiki.rpath.com/Advisories:rPSA-2009-0084]
[37471]
[37351]
[35656]
[35387]
[35343]
[35121]
[35120]
[35011]
[34981]
[oval:org.mitre.oval:def:8003]
[oval:org.mitre.oval:def:10567]
[[oss-security] 20090422 CVE-2009-1192 kernel: agp: zero pages before sending to userspace]
[SUSE-SA:2009:056]
[SUSE-SA:2009:054]
[SUSE-SA:2009:032]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=59de2bebabc5027f93df999d59cc65df591c3e6e]
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.
[http://www.ocert.org/advisories/ocert-2009-001.html]
[https://launchpad.net/bugs/cve/2009-1194]
[https://bugzilla.redhat.com/show_bug.cgi?id=496887]
[https://bugzilla.mozilla.org/show_bug.cgi?id=480134]
[pango-pangoglyphstringsetsize-bo(50397)]
[ADV-2009-1972]
[ADV-2009-1269]
[USN-773-1]
[1022196]
[35758]
[34870]
[20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations]
[RHSA-2009:0476]
[[oss-security] 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations]
[http://www.mozilla.org/security/announce/2009/mfsa2009-36.html]
[DSA-1798]
[264308]
[36145]
[36005]
[35914]
[35685]
[35038]
[35027]
[35021]
[35018]
[oval:org.mitre.oval:def:10137]
[54279]
[SUSE-SA:2009:042]
[SUSE-SA:2009:039]
[SUSE-SR:2009:012]
[http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e]
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
[https://bugzilla.redhat.com/show_bug.cgi?id=489436]
[http://svn.apache.org/viewvc?view=rev&revision=772997]
[FEDORA-2009-8812]
[apache-allowoverrides-security-bypass(50808)]
[ADV-2009-3184]
[ADV-2009-1444]
[USN-787-1]
[1022296]
[35115]
[20091113 rPSA-2009-0142-2 httpd mod_ssl]
[20091112 rPSA-2009-0142-1 httpd mod_ssl]
[RHSA-2009:1156]
[RHSA-2009:1075]
[MDVSA-2009:124]
[DSA-1816]
[http://wiki.rpath.com/Advisories:rPSA-2009-0142]
[http://support.apple.com/kb/HT3937]
[GLSA-200907-04]
[37152]
[35721]
[35453]
[35395]
[35264]
[35261]
[oval:org.mitre.oval:def:8704]
[oval:org.mitre.oval:def:12377]
[oval:org.mitre.oval:def:11094]
[54733]
[SSRT100345]
[SSRT100345]
[[apache-httpd-dev] 20090423 Includes vs IncludesNoExec security issue - help needed]
[SUSE-SA:2009:050]
[APPLE-SA-2009-11-09-1]
The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw."
[https://bugzilla.redhat.com/show_bug.cgi?id=497135]
[cups-directory-services-dos(50944)]
[ADV-2009-1488]
[35194]
[RHSA-2009:1083]
[1022327]
[35340]
[oval:org.mitre.oval:def:11217]
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.
[https://www.trustwave.com/spiderlabs/advisories/TWSL2009-002.txt]
[ADV-2009-1713]
[1022457]
[35476]
[20090624 Trustwave's SpiderLabs Security Advisory TWSL2009-002]
[35511]
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705.
[ADV-2009-1713]
[1022457]
[35480]
[20090624 Trustwave's SpiderLabs Security Advisory TWSL2009-002]
[35511]
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.
[ADV-2009-1713]
[1022457]
[35475]
[20090624 Trustwave's SpiderLabs Security Advisory TWSL2009-002]
[35511]
Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php.
[http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup]
[http://info.tikiwiki.org/tiki-read_article.php?articleId=51]
[34108]
[34107]
[34106]
[34105]
[20090312 TikiWiki 2.2 XSS Vulnerability in URI]
[34273]
[http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=2359&trackerId=5&show=view&reloff=3&cant=1229&status=o&trackerId=5&sort_mode=created_desc]
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-4475. Reason: This candidate is a duplicate of CVE-2007-4475. Notes: All CVE users should reference CVE-2007-4475 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Unspecified vulnerability in futomi's CGI Cafe Access Analyzer CGI Professional Version 4.11.5 and earlier allows remote attackers to gain administrative privileges via unknown vectors.
[cgicafe-unspecified-unauth-access(49525)]
[ADV-2009-0888]
[34315]
[http://www.futomi.com/library/info/2009/20090331.html]
[34516]
[JVNDB-2009-000016]
[JVN#63511247]
Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.
[34316]
[253468]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-138897-01-1]
[solaris-dircmp-file-overwrite(49526)]
[ADV-2009-1105]
[http://support.avaya.com/elmodocs2/security/ASA-2009-140.htm]
[34813]
[34558]
[oval:org.mitre.oval:def:6183]
SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.
[DSA-1757]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521823]
[auth2db-unspecified-sql-injection(49518)]
[34287]
[http://www.auth2db.com.ar/?title=CHANGELOG]
[34488]
Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute.
[amaya-htmltag-bo(47399)]
[ADV-2009-0889]
[34295]
[8321]
[8314]
[34531]
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.
[FEDORA-2009-5382]
[FEDORA-2009-5339]
[FEDORA-2009-3599]
[wireshark-pndcp-format-string(49512)]
[http://www.wireshark.org/security/wnpa-sec-2009-02.html]
[34291]
[20090417 rPSA-2009-0062-1 tshark wireshark]
[RHSA-2009:1100]
[8308]
[MDVSA-2009:088]
[DSA-1785]
[http://wiki.rpath.com/Advisories:rPSA-2009-0062]
[35464]
[35416]
[35224]
[35133]
[34970]
[34778]
[34542]
[oval:org.mitre.oval:def:9526]
[oval:org.mitre.oval:def:5976]
[SUSE-SR:2009:011]
Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
[https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments]
[1021781]
Multiple insecure method vulnerabilities in PRECIS~2.DLL in the PrecisionID Datamatrix ActiveX control (DMATRIXLib.Datamatrix) allow remote attackers to overwrite arbitrary files via the (1) SaveBarCode and (2) SaveEnhWMF methods.
[34322]
[20090331 [DSECRG-09-030] PrecisionID Datamatrix ActiveX control - Arbitrary File overwriting]
[8332]
[http://dsecrg.com/pages/vul/DSECRG-09-030.html]
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.
[ADV-2009-0887]
[http://www.bugzilla.org/security/3.2.2/]
[FEDORA-2009-3410]
[FEDORA-2009-3405]
[https://bugzilla.mozilla.org/show_bug.cgi?id=476603]
[bugzilla-attachment-csrf(49524)]
[34308]
[34624]
[34547]
[34545]
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.
[https://bugzilla.redhat.com/show_bug.cgi?id=492104]
[https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993]
[screen-screenexchange-info-disclosure(49886)]
[34521]
[[oss-security] 20090325 CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen]
[http://savannah.gnu.org/bugs/?25296]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123]
Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.
[https://bugzilla.redhat.com/show_bug.cgi?id=492104]
[https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993]
[screen-screenexchange-symlink(49887)]
[34521]
[[oss-security] 20090325 CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen]
[http://savannah.gnu.org/bugs/?25296]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123]
Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA); as used in gunzip, gzip, pack, pcat, and unpack 7.x before 7.0.1701.48, 8.x before 8.0.1969.62, and 9.x before 9.0.3790.2076; allow remote attackers to execute arbitrary code via unknown vectors.
[win-unlzh-unpack-code-execution(49435)]
[ADV-2009-0849]
[34258]
[953602]
[1021937]
[34428]
Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow."
[win-gdi-emfplusfont-dos(49438)]
[ADV-2009-0832]
[34250]
[http://blogs.technet.com/srd/archive/2009/03/26/new-emf-gdiplus-dll-crash-not-exploitable-for-code-execution.aspx]
[http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html]
Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.
[256228]
[ADV-2009-0905]
[34153]
[34152]
[20090331 CORE-2009-0108: Multiple vulnerabilities in Sun Calendar Express Web Server]
[http://www.coresecurity.com/content/sun-calendar-express]
[1020321]
Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter.
[256228]
[ADV-2009-0905]
[34150]
[20090331 CORE-2009-0108: Multiple vulnerabilities in Sun Calendar Express Web Server]
[http://www.coresecurity.com/content/sun-calendar-express]
[255008]
Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the Host HTTP header.
[asa5520-webvpn-xss(49528)]
[ADV-2009-1169]
[1022122]
[34307]
[20090331 Cisco ASA5520 Web VPN Host Header XSS]
[20090424 RE: Cisco ASA5520 Web VPN Host Header XSS]
[http://tools.cisco.com/security/center/viewAlert.x?alertId=17950]
[20090331 Cisco ASA5520 Web VPN Host Header XSS]
Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the WE_LANGUAGE parameter.
[webedition-index-file-include(49530)]
[34323]
[20090331 webEdition 6.0.0.4 Local File Inclusion]
[8328]
[34518]
aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb.
[aspwebcalendar-calendar-info-disclosure(49885)]
[20090331 aspWebCalendar Free Edition bug]
SQL injection vulnerability in vsp-core/pub/themes/bismarck/gamestat.php in vsp stats processor 0.45 allows remote attackers to execute arbitrary SQL commands via the gameID parameter.
[8331]
Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.
[34533]
[http://packetstorm.linuxsecurity.com/0903-exploits/turnkeyebook-xss.txt]
core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter.
[34317]
[8324]
[34555]
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port 18624. NOTE: the vendor has disputed this issue, stating "Check Point Security Alert Team has analyzed this report. We've tried to reproduce the attack on all VPN-1 versions from NG FP2 and above with and without HFAs. The issue was not reproduced. We have conducted a thorough analysis of the relevant code and verified that we are secure against this attack. We consider this attack to pose no risk to Check Point customers." In addition, the original researcher, whose reliability is unknown as of 20090407, also states that the issue "was discovered during a pen-test where the client would not allow further analysis."
[1021948]
[34286]
[20090330 Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow]
[8313]
[20090330 Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow]
Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field (user_name parameter).
[arcadescript-register-xss(49472)]
[34275]
[8296]
[34506]
SQL injection vulnerability in Arcadwy Arcade Script allows remote attackers to execute arbitrary SQL commands via the user cookie parameter.
[http://z0rlu.blogspot.com/2009/03/arcadwy-arcade-script-auth-bypass.html]
[arcadescript-user-sql-injection(49500)]
[34284]
[8304]
[34506]
Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action.
[8324]
Unspecified vulnerability in the eClient in IBM DB2 Content Manager 8.4.1 before 8.4.1.1 has unknown impact and attack vectors.
[http://www-01.ibm.com/support/docview.wss?uid=swg27015162]
[ADV-2009-0910]
[34326]
[34544]
Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.
[https://bugzilla.mozilla.org/show_bug.cgi?id=485941]
[firefox-xml-dos(49521)]
[34522]
[8306]
[http://websecurity.com.ua/3216/]
[http://milw0rm.com/sploits/2009-Firefox-XUL-0day-PoC.rar]
Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements.
[safari-xml-dos(49527)]
[34318]
[8325]
[oval:org.mitre.oval:def:5559]
Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected.
[opera-xml-dos(49522)]
[34298]
[8320]
[http://websecurity.com.ua/3216/]
[oval:org.mitre.oval:def:5432]
[SUSE-SR:2009:015]
XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls.
[TA09-218A]
[ADV-2009-2172]
[ADV-2009-0822]
[1022671]
[34203]
[8266]
[http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181]
[http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.sh]
[http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.c]
[http://support.apple.com/kb/HT3757]
[36096]
[34424]
[APPLE-SA-2009-08-05-1]
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.
[34201]
[8262]
[http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181]
[http://www.digit-labs.org/files/exploits/xnu-appletalk-zip.c]
[34424]
Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.
[34202]
[8264]
[8263]
[http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181]
[http://www.digit-labs.org/files/exploits/xnu-profil-leak.c]
[http://www.digit-labs.org/files/exploits/xnu-macfsstat-leak.c]
[34424]
Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable.
[34202]
[8265]
[http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181]
[http://www.digit-labs.org/files/exploits/xnu-vfssysctl-dos.c]
[34424]
IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query.
[http://www-01.ibm.com/support/docview.wss?uid=swg21381257]
[JR31886]
[db2-predicate-information-disclosure(49864)]
[ADV-2009-0912]
Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive.
Per: http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417
Although the Virus Prevention System technology was, at one time, incorporated into the IBM Proventia Network MFS and the Proventia Network Mail appliances, this capability was removed in Jan 2008. For this reason, this vulnerability does not apply to these product lines.
The Virus Prevention System technology is currently incorporated into Proventia Desktop. However, the Proventia Desktop product is not affected by this evasion.
No other IBM ISS products currently incorporate the Virus Prevention System technology.
[34345]
[20090716 Re: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)]
[20090716 Re[2]: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)]
[20090715 Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)]
[20090402 [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)]
[http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417]
[http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html]
Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive.
[ADV-2009-0934]
[34344]
[20090402 [TZO-05-2009] Clamav 0.94 and below - Evasion /bypass]
[[oss-security] 20090407 Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive]
[MDVSA-2009:097]
[http://support.apple.com/kb/HT3865]
[36701]
[SUSE-SR:2009:009]
[APPLE-SA-2009-09-10-2]
[http://blog.zoller.lu/2009/04/clamav-094-and-below-evasion-and-bypass.html]
The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform.
[http://patchwork.kernel.org/patch/15549/]
[FEDORA-2009-5356]
[https://bugzilla.redhat.com/show_bug.cgi?id=502109]
[linux-kernel-eferlme-dos(49594)]
[ADV-2009-0924]
[USN-793-1]
[34331]
[20090516 rPSA-2009-0084-1 kernel]
[http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.29-git1.log]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.1]
[http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of,20090402,8311]
[DSA-1800]
[DSA-1787]
[http://wiki.rpath.com/Advisories:rPSA-2009-0084]
[http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-EFER-8585]
[35656]
[35394]
[35387]
[35226]
[35121]
[35120]
[34981]
[34478]
[[oss-security] 20090401 CVE request: kernel: KVM: VMX: Dont allow uninhibited access to EFER on i386]
[SUSE-SA:2009:032]
[SUSE-SA:2009:031]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=16175a796d061833aacfbd9672235f2d2725df65]
net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocking step in certain incorrect circumstances, which allows local users to cause a denial of service (panic) by reading zero bytes from the /proc/net/udp file and unspecified other files, related to the "udp seq_file infrastructure."
[34329]
[linux-kernel-procnetudp-dos(49595)]
[ADV-2009-0924]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.1]
[http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-proc-net-udp-8586]
[34478]
[[oss-security] 20090401 CVE request: kernel: udp: Wrong locking code in udp seq_file infrastructure]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=30842f2989aacfaba3ccb39829b3417be9313dbe]
Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916.
[34471]
[[security-announce] 20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability]
[vmware-virtualmachine-code-execution(49834)]
[ADV-2009-0944]
[http://www.vmware.com/security/advisories/VMSA-2009-0006.html]
[1022031]
[20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability]
[oval:org.mitre.oval:def:6065]
[53634]
Multiple SQL injection vulnerabilities in the insert_to_pastebin function in php/cccp-admin/inc/functions.php in CCCP Community Clan Portal Pastebin before 2.80 allow remote attackers to execute arbitrary SQL commands via the (1) subject, (2) language, and (3) nickname parameters to php/cccp-pages/submit.php. NOTE: some of these details are obtained from third party information.
[http://jcsfog.cvs.sourceforge.net/viewvc/jcsfog/CCCP-Pastebin/php/cccp-admin/inc/functions.php?r1=1.10&r2=1.11]
[communitycode-submit-sql-injection(49426)]
[34264]
[http://sourceforge.net/project/shownotes.php?release_id=670960]
[34474]
Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) row_mysql_blocks_center_down[file] parameter to includes/block_center_down.php; (2) row_mysql_blocks_center_top[file] includes/parameter to block_center_top.php; (3) row_mysql_blocks_left[file] parameter to includes/block_left.php; (4) row_mysql_blocks_right[file] parameter to includes/block_right.php; and row_mysql_bloginfo[theme] parameter to (5) includes/window_down.php and (6) includes/window_top.php.
[blogplus-file-theme-file-include(49446)]
[34261]
[8290]
SQL injection vulnerability in login.php in Acute Control Panel 1.0.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
[acutecontrol-login-sql-injection(49444)]
[34265]
[8291]
[34485]
Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the theme_directory parameter to (1) container.php and (2) header.php in themes/.
[acutecontrol-themedirectory-file-include(49443)]
[34265]
[8291]
[34485]
Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map.
[http://drupal.org/node/414702]
[http://drupal.org/node/414644]
[34266]
[34497]
The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro.
[ADV-2011-0117]
[ADV-2009-0984]
[34404]
[http://www.openafs.org/security/OPENAFS-SA-2009-002.txt]
[http://www.openafs.org/security/openafs-sa-2009-002.patch]
[MDVSA-2009:099]
[DSA-1768]
[ID71123]
[http://www-01.ibm.com/support/docview.wss?uid=swg21396389]
[GLSA-201101-05]
[42896]
[36310]
[34684]
[34655]
Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays.
[http://www.openafs.org/security/openafs-sa-2009-001.patch]
[ADV-2011-0117]
[ADV-2009-0984]
[34407]
[http://www.openafs.org/security/OPENAFS-SA-2009-001.txt]
[MDVSA-2009:099]
[DSA-1768]
[GLSA-201101-05]
[42896]
[34684]
[34655]
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.
[VU#853097]
[https://bugzilla.redhat.com/show_bug.cgi?id=499694]
[RHSA-2009:1040]
[RHSA-2009:1039]
[FEDORA-2009-5275]
[FEDORA-2009-5273]
[FEDORA-2009-5674]
[https://support.ntp.org/bugs/show_bug.cgi?id=1151]
[https://launchpad.net/bugs/cve/2009-1252]
[ADV-2009-3316]
[ADV-2009-1361]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-777-1]
[1022243]
[35017]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[MDVSA-2009:117]
[GLSA-200905-08]
[DSA-1801]
[http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092]
[SSA:2009-154-01]
[FreeBSD-SA-09:11]
[37471]
[37470]
[35630]
[35416]
[35388]
[35336]
[35308]
[35253]
[35243]
[35169]
[35166]
[35138]
[35137]
[oval:org.mitre.oval:def:6307]
[oval:org.mitre.oval:def:11231]
[SUSE-SR:2009:011]
[NetBSD-SA2009-006]
James Stone Tunapie 2.1 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file.
[https://launchpad.net/bugs/cve/2009-1253]
[https://launchpad.net/bugs/314591]
[ADV-2009-0972]
[34417]
[DSA-1764]
[34643]
[53426]
James Stone Tunapie 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a stream URL.
[https://launchpad.net/bugs/cve/2009-1254]
[https://launchpad.net/bugs/314591]
[ADV-2009-0972]
[34418]
[DSA-1764]
[34643]
[53427]
The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.
[http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c]
[FEDORA-2009-4542]
[FEDORA-2009-4199]
[memcachedb-procselfmaps-info-disclosure(50221)]
[ADV-2009-1197]
[ADV-2009-1196]
[1022140]
[34756]
[20090428 Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness]
[http://www.positronsecurity.com/advisories/2009-001.html]
[MDVSA-2009:105]
[35175]
[34932]
[34915]
[54127]
[http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e]
[http://code.google.com/p/memcachedb/source/detail?r=98]
[http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98]
[20090428 Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness]
SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the ItemId parameter. NOTE: some of these details are obtained from third party information.
[flexcms-itemid-sql-injection(49680)]
[34394]
[8355]
Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted CCD file.
[magiciso-ccd-bo(49673)]
[ADV-2009-0940]
[34574]
[8343]
[34595]
[53262]
SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[rdautos-makeid-sql-injection(49671)]
[34364]
[34578]
[53138]
SQL injection vulnerability in inc/bb/topic.php in Insane Visions AdaptBB 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a topic action to index.php.
[adaptbb-topic-sql-injection(49681)]
[34371]
[8351]
Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file.
[ultraiso-ccd-img-bo(49672)]
[ADV-2009-0935]
[34363]
[8343]
[34581]
[53275]
Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk 9.1.22 (evaluation version) allow remote attackers to inject arbitrary web script or HTML via the (1) Report Name, (2) Asset No., and (3) Full Name fields in a Models action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[webhelpdesk-multiple-form-xss(49683)]
[34391]
[34596]
[53424]
[53423]
[53422]
Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.
[forticlient-vpn-format-string(49633)]
[ADV-2009-0941]
[1021966]
[34343]
[20090410 Re: Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3]
[20090402 Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3]
[http://www.layereddefense.com/FortiClient02Apr.html]
[34524]
[53266]
[20090402 Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3]
SQL injection vulnerability in sub_commententry.php in the BookJoomlas (com_bookjoomlas) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a comment action to index.php.
[bookjoomlas-index-sql-injection(49682)]
[ADV-2009-0952]
[34392]
[8353]
[53421]
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors.
[ADV-2009-0938]
[34374]
[http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-004/]
[http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.21/]
[34586]
[53278]
Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent.
[USN-793-1]
[34654]
[[oss-security] 20090408 CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size]
[MDVSA-2009:135]
[MDVSA-2009:119]
[DSA-1800]
[DSA-1794]
[DSA-1787]
[35656]
[35394]
[35390]
[35387]
[35185]
[35121]
[35011]
[34981]
[53631]
[53630]
[53571]
[SUSE-SA:2009:032]
[SUSE-SA:2009:031]
[SUSE-SA:2009:030]
[SUSE-SA:2009:028]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=83e0bbcbe2145f160fbaa109b0439dae7f4a38a9]
[http://bugzilla.kernel.org/show_bug.cgi?id=10423]
Unspecified vulnerability in Wireshark before 1.0.7-0.1-1 has unknown impact and attack vectors.
[wireshark-unspecified(50334)]
[20090417 rPSA-2009-0062-1 tshark wireshark]
[http://wiki.rpath.com/Advisories:rPSA-2009-0062]
[35416]
[34778]
[SUSE-SR:2009:011]
Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors.
[http://www.wireshark.org/security/wnpa-sec-2009-02.html]
[wireshark-ldap-home-dos(49814)]
[1022027]
[34457]
[20090417 rPSA-2009-0062-1 tshark wireshark]
[http://wiki.rpath.com/Advisories:rPSA-2009-0062]
[35416]
[34778]
[oval:org.mitre.oval:def:6099]
[SUSE-SR:2009:011]
The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet.
[FEDORA-2009-5382]
[FEDORA-2009-5339]
[FEDORA-2009-3599]
[https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3269]
[wireshark-cphap-dos(49815)]
[http://www.wireshark.org/security/wnpa-sec-2009-02.html]
[1022027]
[34457]
[20090417 rPSA-2009-0062-1 tshark wireshark]
[RHSA-2009:1100]
[MDVSA-2009:088]
[DSA-1942]
[DSA-1785]
[http://wiki.rpath.com/Advisories:rPSA-2009-0062]
[37477]
[35464]
[35416]
[35224]
[35133]
[34970]
[34778]
[oval:org.mitre.oval:def:5335]
[oval:org.mitre.oval:def:10876]
[SUSE-SR:2009:011]
Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
[FEDORA-2009-5382]
[FEDORA-2009-5339]
[FEDORA-2009-3599]
[wireshark-rf5file-dos(49816)]
[http://www.wireshark.org/security/wnpa-sec-2009-02.html]
[1022027]
[34457]
[20090417 rPSA-2009-0062-1 tshark wireshark]
[RHSA-2009:1100]
[MDVSA-2009:088]
[DSA-1785]
[http://wiki.rpath.com/Advisories:rPSA-2009-0062]
[35464]
[35416]
[35224]
[35133]
[34970]
[34778]
[oval:org.mitre.oval:def:5748]
[oval:org.mitre.oval:def:10642]
[SUSE-SR:2009:011]
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.
[https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462]
[clamav-untar-dos(49846)]
[ADV-2009-0934]
[USN-754-1]
[34357]
[[oss-security] 20090407 Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive]
[MDVSA-2009:097]
[DSA-1771]
[http://support.apple.com/kb/HT3865]
[36701]
[34716]
[53461]
[APPLE-SA-2009-09-10-2]
The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
[FEDORA-2009-3848]
[FEDORA-2009-3768]
[USN-761-1]
[USN-761-2]
[RHSA-2009:0350]
[http://www.php.net/releases/5_2_9.php]
[[oss-security] 20090401 CVE request: PHP 5.2.9]
[MDVSA-2009:090]
[DSA-1789]
[DSA-1775]
[http://support.apple.com/kb/HT3865]
[36701]
[35685]
[35306]
[35007]
[35003]
[34933]
[34830]
[34770]
[SUSE-SR:2009:012]
[APPLE-SA-2009-09-10-2]
[http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15]
The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction.
[http://www.php.net/releases/5_2_9.php]
[[oss-security] 20090409 Re: CVE request: PHP 5.2.9]
[[oss-security] 20090401 CVE request: PHP 5.2.9]
[http://support.apple.com/kb/HT3865]
[36701]
[35685]
[SSRT090062]
[SSRT090062]
[SUSE-SR:2009:012]
[APPLE-SA-2009-09-10-2]
[http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.1.2.48&r2=1.1.2.49]
pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.
[FEDORA-2009-3627]
[FEDORA-2009-3500]
[34986]
[34536]
[http://bugs.gentoo.org/show_bug.cgi?id=263579]
Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow.
[FEDORA-2009-3433]
[FEDORA-2009-3428]
[xinelib-demuxqt-bo(49714)]
[ADV-2009-0937]
[http://www.trapkit.de/advisories/TKADV2009-005.txt]
[1021989]
[34384]
[20090404 [TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow]
[MDVSA-2009:299]
[MDVSA-2009:298]
[http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=673233]
[35416]
[34712]
[34593]
[53288]
[SUSE-SR:2009:011]
[http://bugs.xine-project.org/show_bug.cgi?id=224]
Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
[https://issues.apache.org/struts/browse/TILES-351]
[34657]
[http://svn.apache.org/viewvc/tiles/framework/trunk/src/site/apt/security/security-bulletin-1.apt?revision=741913]
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications.
[255308]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-120094-22-1]
[ADV-2009-0978]
[34421]
[1022009]
SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2.
[gravityboardx-index-sql-injection(49678)]
[34370]
[8350]
Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php.
[gravityboardx-index-code-execution(49679)]
[34370]
[8350]
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component.
[34360]
[admin-search-unspecified-xss(49655)]
[content-categoryview-xss(49654)]
[34551]
[http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html]
[http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html]
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
[media-unspecified-csrf(49656)]
[34551]
[http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html]
Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[http://www.glfusion.org/article.php/glfusion113]
[34377]
[34575]
[53287]
SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter.
[34361]
[http://www.glfusion.org/wiki/doku.php?id=glfusion:whatsnew]
[glfusion-libsession-sql-injection(49652)]
[8347]
[34575]
[http://retrogod.altervista.org/9sg_glfuso_sql_cookies.html]
[53286]
[20090403 glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql]
glFusion before 1.1.3 performs authentication with a user-provided password hash instead of a password, which allows remote attackers to gain privileges by obtaining the hash and using it in the glf_password cookie, aka "User Masquerading." NOTE: this can be leveraged with a separate SQL injection vulnerability to steal hashes.
[http://www.glfusion.org/article.php/glfusion113]
[8347]
[http://www.glfusion.org/wiki/doku.php?id=glfusion:whatsnew]
[34575]
[http://retrogod.altervista.org/9sg_glfuso_sql_cookies.html]
[20090403 glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql]
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.
[FEDORA-2009-10857]
[FEDORA-2009-10730]
[https://bugzilla.redhat.com/show_bug.cgi?id=492136]
[USN-937-1]
[[oss-security] 20090401 CVE request -- bibtex, pam_ssh]
[34445]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520920]
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.
[34526]
[http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php]
[FEDORA-2009-3700]
[FEDORA-2009-3692]
[ADV-2009-1045]
[34741]
[34727]
[http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/setup/lib/ConfigFile.class.php?r1=12248&r2=12301&pathrev=12342]
The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities.
[http://www-01.ibm.com/support/docview.wss?uid=swg21381562]
[http://www-01.ibm.com/support/docview.wss?uid=swg21379915]
[ADV-2009-0986]
[34441]
[http://www-01.ibm.com/support/docview.wss?uid=swg21381566]
[http://www-01.ibm.com/support/docview.wss?uid=swg21379894]
[1022024]
[34657]
Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge Services Manager (SESM) allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: some of these details are obtained from third party information.
[sesm-unspecified-xss(50349)]
[http://www.xc0re.net/index.php?p=1_17_Cisco-Subscriber-Edge-Services-Manager-Multiple-Vulnerabilities]
[34454]
[1022030]
Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
[34447]
[20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities]
[http://www.louhinetworks.fi/advisory/ibm_090409.txt]
[1022025]
[53658]
[53657]
private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter.
[34447]
[20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities]
[http://www.louhinetworks.fi/advisory/ibm_090409.txt]
[1022025]
[53659]
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.
[34447]
[20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities]
[http://www.louhinetworks.fi/advisory/ibm_090409.txt]
[1022025]
[53660]
Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inbound data," as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd.
[http://www.tibco.com/services/support/advisories/default.jsp]
[smartsockets-udp-bo(50214)]
[ADV-2009-1198]
[http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp]
[http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt]
[http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt]
[http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt]
[34754]
[http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html]
[1022129]
[34911]
[20090428 TIBCO SmartSockets Stack Buffer Overflow Vulnerability]
UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process.
[PK75832]
[clearcase-ucmcq-information-disclosure(49836)]
[ADV-2009-1017]
[1022035]
[34483]
[34689]
The web login functionality (c/portal/login) in Novell Teaming 1.0 through SP3 (1.0.3) generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.
[http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002997&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737]
[https://www.sec-consult.com/files/20090415-0-novell-teaming.txt]
[ADV-2009-1048]
[1022063]
[34531]
[20090415 SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell Teaming]
[34714]
Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters.
[http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002999&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737]
[https://www.sec-consult.com/files/20090415-0-novell-teaming.txt]
[ADV-2009-1048]
[1022063]
[34531]
[20090415 SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell Teaming]
[34714]
Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors.
[https://launchpad.net/bugs/cve/2009-1295]
[https://bugs.launchpad.net/bugs/357024]
[USN-768-1]
[34776]
[35065]
[34952]
[34947]
[SUSE-SR:2009:010]
The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root.
[ecryptfs-passphrase-info-disclosure(51191)]
[USN-783-1]
[1022347]
[35383]
iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.
[SUSE-SR:2009:016]
The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux kernel 2.6.32-rc8, and 2.6.29 and later versions before 2.6.32, calls IP_INC_STATS_BH with an incorrect argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and hang) via long IP packets, possibly related to the ip_defrag function.
[FEDORA-2009-12825]
[FEDORA-2009-12786]
[https://bugzilla.redhat.com/show_bug.cgi?id=544144]
[USN-869-1]
[http://www.theregister.co.uk/2009/12/11/linux_kernel_bugs_patched/]
[20091216 rPSA-2009-0161-1 hwdata kernel]
[60788]
[MDVSA-2009:329]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32]
[http://wiki.rpath.com/Advisories:rPSA-2009-0161]
[http://twitter.com/spendergrsec/statuses/6339560349]
[38017]
[37624]
[SUSE-SA:2010:001]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=bbf31bf18d34caa87dd01f08bf713635593697f2]
The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.
[https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008]
[ADV-2010-1570]
[MDVSA-2010:124]
[DSA-2017]
[http://git.0pointer.de/?p=pulseaudio.git;a=patch;h=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615]
apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight.
[https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793]
[USN-762-1]
[[oss-security] 20090408 CVE request: apt]
[DSA-1779]
[34874]
[34832]
[34829]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213]
Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.
[ADV-2009-0936]
[34381]
[MDVSA-2009:093]
[GLSA-200904-15]
[http://sourceforge.net/project/shownotes.php?release_id=673696]
[[mpg123-devel] 20090405 mpg123 1.7.2 is out -- important security fix!]
[34748]
[34587]
[http://bugs.gentoo.org/show_bug.cgi?id=265342]
The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
[FEDORA-2009-3875]
[https://bugzilla.mozilla.org/show_bug.cgi?id=483444]
[https://bugzilla.mozilla.org/show_bug.cgi?id=477775]
[https://bugzilla.mozilla.org/show_bug.cgi?id=467881]
[https://bugzilla.mozilla.org/show_bug.cgi?id=462517]
[https://bugzilla.mozilla.org/show_bug.cgi?id=461053]
[https://bugzilla.mozilla.org/show_bug.cgi?id=454276]
[https://bugzilla.mozilla.org/show_bug.cgi?id=432114]
[https://bugzilla.mozilla.org/show_bug.cgi?id=431260]
[https://bugzilla.mozilla.org/show_bug.cgi?id=428113]
[ADV-2009-1125]
[USN-764-1]
[SSA:2009-178-01]
[1022090]
[34656]
[RHSA-2009:0436]
[http://www.mozilla.org/security/announce/2009/mfsa2009-14.html]
[MDVSA-2009:141]
[MDVSA-2009:111]
[DSA-1830]
[DSA-1797]
[264308]
[35602]
[35065]
[35042]
[34894]
[34843]
[34780]
[34758]
[oval:org.mitre.oval:def:7030]
[oval:org.mitre.oval:def:6170]
[oval:org.mitre.oval:def:6070]
[oval:org.mitre.oval:def:5527]
[oval:org.mitre.oval:def:10106]
[SUSE-SR:2009:010]
The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
[FEDORA-2009-3875]
[https://bugzilla.mozilla.org/show_bug.cgi?id=453736]
[ADV-2009-1125]
[USN-764-1]
[USN-782-1]
[SSA:2009-178-01]
[1022090]
[34656]
[RHSA-2009:1126]
[RHSA-2009:1125]
[RHSA-2009:0436]
[http://www.mozilla.org/security/announce/2009/mfsa2009-14.html]
[MDVSA-2009:141]
[MDVSA-2009:111]
[DSA-1830]
[DSA-1797]
[264308]
[35602]
[35536]
[35065]
[35042]
[34894]
[34844]
[34843]
[34780]
[34758]
[RHSA-2009:0437]
[oval:org.mitre.oval:def:9455]
[oval:org.mitre.oval:def:6646]
[oval:org.mitre.oval:def:6151]
[oval:org.mitre.oval:def:5992]
[oval:org.mitre.oval:def:5810]
[SUSE-SR:2009:010]
The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.
[FEDORA-2009-3875]
[https://bugzilla.mozilla.org/show_bug.cgi?id=475971]
[https://bugzilla.mozilla.org/show_bug.cgi?id=461158]
[ADV-2009-1125]
[USN-764-1]
[SSA:2009-178-01]
[1022090]
[34656]
[RHSA-2009:0436]
[http://www.mozilla.org/security/announce/2009/mfsa2009-14.html]
[MDVSA-2009:141]
[MDVSA-2009:111]
[DSA-1797]
[264308]
[35602]
[35065]
[35042]
[34894]
[34843]
[34780]
[34758]
[oval:org.mitre.oval:def:9535]
[oval:org.mitre.oval:def:7516]
[oval:org.mitre.oval:def:6015]
[oval:org.mitre.oval:def:5480]
[oval:org.mitre.oval:def:5319]
[SUSE-SR:2009:010]
The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.
[FEDORA-2009-3875]
[https://bugzilla.mozilla.org/show_bug.cgi?id=476049]
[ADV-2009-1125]
[USN-764-1]
[USN-782-1]
[SSA:2009-178-01]
[1022090]
[34656]
[RHSA-2009:1126]
[RHSA-2009:1125]
[RHSA-2009:0436]
[http://www.mozilla.org/security/announce/2009/mfsa2009-14.html]
[MDVSA-2009:141]
[MDVSA-2009:111]
[DSA-1797]
[264308]
[35602]
[35536]
[35065]
[35042]
[34894]
[34844]
[34843]
[34780]
[34758]
[RHSA-2009:0437]
[oval:org.mitre.oval:def:6921]
[oval:org.mitre.oval:def:6248]
[oval:org.mitre.oval:def:6232]
[oval:org.mitre.oval:def:6090]
[oval:org.mitre.oval:def:10110]
[SUSE-SR:2009:010]
The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.
[FEDORA-2009-3875]
[https://bugzilla.mozilla.org/show_bug.cgi?id=474536]
[ADV-2009-1125]
[USN-764-1]
[USN-782-1]
[1022095]
[34656]
[RHSA-2009:1126]
[RHSA-2009:1125]
[RHSA-2009:0436]
[http://www.mozilla.org/security/announce/2009/mfsa2009-16.html]
[MDVSA-2009:141]
[MDVSA-2009:111]
[DSA-1797]
[264308]
[35536]
[35065]
[35042]
[34894]
[34844]
[34843]
[34780]
[34758]
[RHSA-2009:0437]
[oval:org.mitre.oval:def:6710]
[oval:org.mitre.oval:def:6312]
[oval:org.mitre.oval:def:6194]
[oval:org.mitre.oval:def:6021]
[oval:org.mitre.oval:def:10150]
[SUSE-SR:2009:010]
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
[https://bugzilla.mozilla.org/show_bug.cgi?id=481342]
[FEDORA-2009-7614]
[FEDORA-2009-7567]
[FEDORA-2009-3875]
[ADV-2009-1125]
[USN-764-1]
[USN-782-1]
[SSA:2009-178-01]
[1022093]
[34656]
[RHSA-2009:1126]
[RHSA-2009:1125]
[RHSA-2009:0436]
[http://www.mozilla.org/security/announce/2009/mfsa2009-17.html]
[MDVSA-2009:141]
[MDVSA-2009:111]
[DSA-1830]
[DSA-1797]
[264308]
[SSA:2009-176-01]
[35882]
[35602]
[35561]
[35536]
[35065]
[35042]
[34894]
[34844]
[34843]
[34780]
[34758]
[RHSA-2009:0437]
[oval:org.mitre.oval:def:7008]
[oval:org.mitre.oval:def:6266]
[oval:org.mitre.oval:def:6154]
[oval:org.mitre.oval:def:5933]
[oval:org.mitre.oval:def:10972]
[SUSE-SR:2009:010]
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
[FEDORA-2009-3875]
[https://bugzilla.mozilla.org/show_bug.cgi?id=481558]
[ADV-2009-1125]
[USN-764-1]
[USN-782-1]
[http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/]
[1022097]
[34656]
[RHSA-2009:1126]
[RHSA-2009:0436]
[http://www.mozilla.org/security/announce/2009/mfsa2009-18.html]
[MDVSA-2009:141]
[MDVSA-2009:111]
[DSA-1797]
[264308]
[35536]
[35065]
[35042]
[34894]
[34843]
[34780]
[34758]
[oval:org.mitre.oval:def:7285]
[oval:org.mitre.oval:def:6296]
[oval:org.mitre.oval:def:6185]
[oval:org.mitre.oval:def:6173]
[oval:org.mitre.oval:def:10428]
[SUSE-SR:2009:010]
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
[FEDORA-2009-3875]
[https://bugzilla.mozilla.org/show_bug.cgi?id=482206]
[https://bugzilla.mozilla.org/show_bug.cgi?id=478433]
[ADV-2009-1125]
[USN-764-1]
[USN-782-1]
[1022094]
[34656]
[RHSA-2009:1126]
[RHSA-2009:1125]
[RHSA-2009:0436]
[http://www.mozilla.org/security/announce/2009/mfsa2009-19.html]
[MDVSA-2009:141]
[MDVSA-2009:111]
[DSA-1797]
[264308]
[35536]
[35065]
[35042]
[34894]
[34844]
[34843]
[34780]
[34758]
[RHSA-2009:0437]
[oval:org.mitre.oval:def:9494]
[oval:org.mitre.oval:def:6831]
[oval:org.mitre.oval:def:6139]
[oval:org.mitre.oval:def:5591]
[oval:org.mitre.oval:def:5265]
[SUSE-SR:2009:010]
Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.
[https://bugzilla.mozilla.org/show_bug.cgi?id=483086]
[FEDORA-2009-3875]
[ADV-2009-1125]
[USN-764-1]
[1022097]
[34656]
[RHSA-2009:0436]
[http://www.mozilla.org/security/announce/2009/mfsa2009-20.html]
[MDVSA-2009:111]
[264308]
[35065]
[34894]
[34843]
[34758]
[oval:org.mitre.oval:def:6242]
[oval:org.mitre.oval:def:11520]
[SUSE-SR:2009:010]
Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame.
[FEDORA-2009-7614]
[FEDORA-2009-7567]
[FEDORA-2009-3875]
[https://bugzilla.mozilla.org/show_bug.cgi?id=471962]
[ADV-2009-1125]
[USN-764-1]
[1022097]
[34656]
[RHSA-2009:0436]
[http://www.mozilla.org/security/announce/2009/mfsa2009-21.html]
[MDVSA-2009:111]
[DSA-1797]
[264308]
[SSA:2009-176-01]
[35882]
[35561]
[35065]
[35042]
[34894]
[34844]
[34843]
[34758]
[RHSA-2009:0437]
[oval:org.mitre.oval:def:7235]
[oval:org.mitre.oval:def:6222]
[oval:org.mitre.oval:def:6200]
[oval:org.mitre.oval:def:10939]
[SUSE-SR:2009:010]
Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected.
[https://bugzilla.mozilla.org/show_bug.cgi?id=475636]
[FEDORA-2009-3875]
[ADV-2009-1125]
[USN-764-1]
[1022096]
[34656]
[20090703 Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome]
[20090702 Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome]
[RHSA-2009:0436]
[http://www.mozilla.org/security/announce/2009/mfsa2009-22.html]
[MDVSA-2009:111]
[http://websecurity.com.ua/3386/]
[http://websecurity.com.ua/3275/]
[264308]
[35065]
[34894]
[34844]
[34843]
[34758]
[RHSA-2009:0437]
[oval:org.mitre.oval:def:9818]
[oval:org.mitre.oval:def:6731]
[oval:org.mitre.oval:def:6131]
[oval:org.mitre.oval:def:6064]
[SUSE-SR:2009:010]
[http://ha.ckers.org/blog/20070309/firefox-header-redirection-javascript-execution/]
The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
[RHSA-2009:0449]
[https://bugzilla.redhat.com/show_bug.cgi?id=497447]
[https://bugzilla.mozilla.org/show_bug.cgi?id=490233]
[https://bugzilla.mozilla.org/show_bug.cgi?id=489676]
[https://bugzilla.mozilla.org/show_bug.cgi?id=489647]
[ADV-2009-1180]
[USN-765-1]
[34743]
[http://www.mozilla.org/security/announce/2009/mfsa2009-23.html]
[MDVSA-2009:111]
[SSA:2009-118-01]
[1022127]
[1022126]
[34919]
[34910]
[34866]
[34851]
[oval:org.mitre.oval:def:10446]
body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension.
[webfileexplorer-body-code-execution(50389)]
[8382]
Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter to groups_profile.php, (2) cat_id and (3) razd_id parameters to adv_cat.php, and the (4) URL to blogs_full.php.
[ablespace-advcat-xss(44847)]
[34512]
[20090414 [DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities]
[8424]
[34663]
[http://dsecrg.com/pages/vul/show.php?id=137]
Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to events_view.php and the (2) id parameter to events_clndr_view.php.
[34512]
[20090414 [DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities]
[8424]
[34663]
[http://dsecrg.com/pages/vul/show.php?id=137]
Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userSID cookie parameter to droplets/functions/base.php and the (2) username parameter to admin/index.php.
[34516]
[8432]
[34720]
Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 through 3.2.6, 4.0.2, and possibly other versions before 3.4.0 allows remote attackers to include arbitrary files via directory traversal sequences in the t parameter.
[jamroom-index-file-include(49869)]
[34511]
[8423]
[http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1470]
Directory traversal vulnerability in includes/ini.inc.php in GuestCal 2.1 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the lang parameter to index.php.
[34519]
[8431]
[34721]
Multiple cross-site scripting (XSS) vulnerabilities in include/zstore.php in Zazzle Store Builder 1.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) gridPage and (2) gridSort parameters. NOTE: some of these details are obtained from third party information.
[34525]
[34009]
[http://holisticinfosec.org/content/view/102/45/]
Cross-site scripting (XSS) vulnerability in search.asp in ASP Product Catalog 1.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
[aspproduct-search-xss(49858)]
[34504]
[8418]
ASP Product Catalog 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for database/aspProductCatalog.mdb.
[aspproduct-aspproductcatalog-info-disc(49859)]
[8418]
SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
[webfileexplorer-body-sql-injection(49801)]
[34462]
[8382]
[34648]
Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
[asxmp3-m3u-bo(49840)]
[34494]
[8412]
[8407]
[34681]
Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
[ripper-m3u-bo(49844)]
[34494]
[8416]
[8402]
[34692]
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
[rmdownloader-m3u-bo(49843)]
[34494]
[8410]
[8404]
[34647]
Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
[wmdownloader-m3u-bo(49842)]
[34494]
[8411]
[8403]
[34674]
Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
[rmmp3-m3u-bo(49841)]
[34494]
[8413]
[8405]
[34653]
Stack-based buffer overflow in Mini-stream Shadow Stream Recorder 3.0.1.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
[34494]
[8426]
[34719]
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
[easyrmmp3-pls-bo(50326)]
[34514]
[8427]
Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid.
[34534]
[8445]
[53804]
The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors.
[ADV-2009-1059]
[34548]
[255848]
[34751]
[53800]
Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the web interface on the HP Deskjet 6840 printer with firmware XF1M131A allows remote attackers to inject arbitrary web script or HTML via the POST request body.
[deskjet-refreshrate-xss(49850)]
[34480]
[20090411 HP Deskjet 6800 XSS in Web Interface]
[34702]
[53769]
Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter.
[tivoli-cdpf-reason-xss(49872)]
[ADV-2009-1021]
[34513]
[53651]
[http://www.insight-tech.org/index.php?p=IBM-Tivoli-Continuous-Data-Protection-for-Files-version-3-1-4-0---XSS]
[1022060]
[34646]
Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr.
[ie-unprintable-dos(50350)]
[34478]
[20090411 [BMSA 2009-04] Remote DoS in Internet Explorer]
[20090411 [BMSA 2009-04] Remote DoS in Internet Explorer]
fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function.
[https://bugzilla.redhat.com/show_bug.cgi?id=494074]
[ADV-2009-3316]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-793-1]
[1022176]
[34390]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:1077]
[RHSA-2009:1024]
[[oss-security] 20090417 Re: CVE request: kernel: NFS: Fix an Oops in encode_lookup()]
[[oss-security] 20090406 CVE request: kernel: NFS: Fix an Oops in encode_lookup()]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23]
[DSA-1794]
[37471]
[35656]
[35324]
[35160]
[35015]
[35011]
[RHSA-2009:0473]
[oval:org.mitre.oval:def:8495]
[oval:org.mitre.oval:def:10859]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=54af3bb543c071769141387a42deaaab5074da55]
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.
[http://patchwork.kernel.org/patch/16544/]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=432870dab85a2f69dc417022646cb9a70acf7f94]
[FEDORA-2009-5356]
[RHSA-2009:1550]
[https://bugzilla.redhat.com/show_bug.cgi?id=493771]
[ADV-2009-3316]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-793-1]
[1022141]
[34405]
[20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[20090516 rPSA-2009-0084-1 kernel]
[RHSA-2009:1077]
[RHSA-2009:1024]
[RHSA-2009:0451]
[[oss-security] 20090417 Re: CVE request: kernel: exit_notify: kill the wrong capable(CAP_KILL) check]
[[oss-security] 20090407 CVE request: kernel: exit_notify: kill the wrong capable(CAP_KILL) check]
[MDVSA-2009:135]
[MDVSA-2009:119]
[http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc1]
[DSA-1800]
[DSA-1794]
[DSA-1787]
[http://wiki.rpath.com/Advisories:rPSA-2009-0084]
[37471]
[35656]
[35394]
[35390]
[35387]
[35324]
[35226]
[35185]
[35160]
[35121]
[35120]
[35015]
[35011]
[34981]
[34917]
[RHSA-2009:0473]
[oval:org.mitre.oval:def:8295]
[oval:org.mitre.oval:def:11206]
[oval:org.mitre.oval:def:10919]
[[linux-kernel] 20090225 Re: [PATCH 2/2] exit_notify: kill the wrong capable(CAP_KILL) check]
[SUSE-SA:2009:032]
[SUSE-SA:2009:031]
[SUSE-SA:2009:030]
[SUSE-SA:2009:028]
The kill_something_info function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via a kill command.
[https://bugzilla.redhat.com/show_bug.cgi?id=496031]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28]
[[linux-kernel] 20080723 Re: [PATCH 1/2] signals: kill(-1) should only signal processes in the same namespace]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d25141a818383b3c3b09f065698c544a7a0ec6e7]
[kernel-killsomethinginfo-security-bypass(50386)]
[USN-793-1]
[20090516 rPSA-2009-0084-1 kernel]
[RHSA-2009:1081]
[[oss-security] 20090421 Re: CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace]
[[oss-security] 20090417 Re: CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace]
[[oss-security] 20090416 CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace]
[DSA-1800]
[DSA-1787]
[http://wiki.rpath.com/Advisories:rPSA-2009-0084]
[35656]
[35343]
[35121]
[35120]
[34981]
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434.
[1022146]
[https://launchpad.net/bugs/cve/2009-1339]
[twiki-unspecified-csrf(50254)]
[ADV-2009-1217]
[[debian-bugs-rc] 20090430 Bug#526258: CVE-2009-1339: CSRF Vulnerability with Image Tag]
[http://twiki.org/p/pub/Codev/SecurityAlert-CVE-2009-1339/TWiki-4.3.0-c-diff-cve-2009-1339.txt]
[http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2009-1339]
[[twiki-announce] 20090430 Announcement: TWiki 4.3.1 Production Release]
[34880]
[http://bugs.debian.org/526258]
Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.
[https://launchpad.net/bugs/cve/2009-1341]
[libdbdpgperl-dequotebytea-dos(50387)]
[34757]
[RHSA-2009:1067]
[RHSA-2009:0479]
[DSA-1780]
[http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz]
[35685]
[35058]
[34909]
[http://rt.cpan.org/Public/Bug/Display.html?id=21392]
[oval:org.mitre.oval:def:9680]
[SUSE-SR:2009:012]
[http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes]
Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form.
[ADV-2009-1060]
[http://drupal.org/node/434836]
[34547]
[34739]
[53702]
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.5 and 6.x before 6.x-1.5, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via content titles.
[ADV-2009-1060]
[34545]
[http://drupal.org/node/434748]
[53704]
[34738]
Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality.
[ADV-2009-1060]
[34546]
[http://drupal.org/node/434682]
[34718]
[53703]
SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter.
[cpcommerce-document-sql-injection(49901)]
[1022082]
[34556]
[8455]
SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 allows remote attackers to execute arbitrary SQL commands via the id_establecimiento parameter.
[nethoteles-ficha-sql-injection(49897)]
[34561]
[8457]
[34743]
[53814]
Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name parameter (aka the username field) or (2) the login_pw parameter (aka the password field).
[34572]
[8461]
[24879]
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.
[https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT]
[34780]
[20090501 [TZO-18-2009] Mcafee multiple evasions/bypasses (RAR, ZIP)]
[34949]
[http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html]
Cross-site scripting (XSS) vulnerability in C2Net Stronghold 2.3 allows remote attackers to inject arbitrary web script or HTML via the URI.
[34606]
[20090418 Cross-site Scripting vulnerability in Stronghold/2.3 Apache/1.2.6 C2NetUS/2007]
Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer.
[http://www.zerodayinitiative.com/advisories/ZDI-09-016/]
[ADV-2009-0954]
[http://download.novell.com/Download?buildid=6ERQGPjRZ8o~]
[https://bugzilla.novell.com/show_bug.cgi?id=437511]
[1021990]
[34400]
[20090406 ZDI-09-016: Novell Client/NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution Vulnerability]
Heap-based buffer overflow in Apollo 37zz allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file.
[34554]
[8451]
[34050]
[53770]
Stack-based buffer overflow in Dawningsoft PowerCHM 5.7 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an HTML file with a link to a long URL, as demonstrated by a .rar URL.
[powerchm-url-bo(49882)]
[34517]
[8434]
Buffer overflow in the http_parse_hex function in libz/misc.c in Zervit Webserver 0.02 allows remote attackers to cause a denial of service (daemon crash) via a long URI, related to http.c.
[http://zervit.svn.sourceforge.net/viewvc/zervit/trunk/src/libz/misc.c?view=log]
[http://zervit.svn.sourceforge.net/viewvc/zervit/trunk/src/libz/misc.c?r1=17&r2=19]
[34530]
[20090414 Zervit Webserver Buffer Overflow]
[8447]
[34735]
[53768]
Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
[mongoose-directory-traversal(49878)]
[34510]
[20090413 MonGoose 2.4 Directory Traversal Vulnerability]
[8428]
Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename.
[ADV-2009-1056]
[34543]
[1022065]
[IZ48562]
[IZ48561]
[IZ48502]
[IZ48501]
[IZ48500]
[IZ48499]
[IZ48496]
[IZ48495]
[34662]
[oval:org.mitre.oval:def:6402]
[20090415 IBM AIX muxatmd Buffer Overflow Vulnerability]
[http://aix.software.ibm.com/aix/efixes/security/muxatmd_advisory.asc]
Stack-based buffer overflow in Elecard AVC HD Player allows remote attackers to execute arbitrary code via a long MP3 filename in a playlist (.xpl) file.
[34560]
[8452]
CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter.
[ADV-2009-1122]
[255928]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-121581-20-1]
[1022108]
[sjs-delegated-login-response-splitting(50004)]
[34643]
[20090421 CORE-2009-0114 - HTTP Response Splitting vulnerability in Sun Delegated Administrator]
[http://www.coresecurity.com/content/sun-delegated-administrator]
[1020305]
[34760]
[53920]
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
[https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012]
[apt-aptget-gpgv-security-bypass(50086)]
[USN-762-1]
[34630]
[DSA-1779]
[34874]
[34832]
[34829]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091]
Unspecified vulnerability in the SCTP sockets implementation in Sun OpenSolaris snv_106 through snv_107 allows local users to cause a denial of service (panic) via unknown vectors.
[257331]
[ADV-2009-1120]
[34628]
The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel before 2.6.29, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via vectors involving IPv6 packets.
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f53a38131a4e7a053c0aa060aba0411242fb6b9]
[http://xorl.wordpress.com/2009/04/21/linux-kernel-net_ns-ipv6-null-pointer-dereference/]
[USN-793-1]
[34602]
[MDVSA-2009:135]
[35656]
[35387]
[SUSE-SA:2009:032]
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[34773]
SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[chcounter-administration-sql-injection(50353)]
[24879]
Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.
[FEDORA-2009-5517]
[FEDORA-2009-5524]
[FEDORA-2009-5518]
[https://launchpad.net/bugs/cve/2009-1364]
[https://bugzilla.redhat.com/show_bug.cgi?id=496864]
[libwmf-gdlibrary-code-execution(50290)]
[ADV-2009-1228]
[USN-769-1]
[1022154]
[34792]
[MDVSA-2009:106]
[DSA-1796]
[http://wvware.cvs.sourceforge.net/viewvc/wvware/libwmf2/src/extra/Makefile.am?hideattic=0&view=log]
[GLSA-200907-01]
[35686]
[35416]
[35190]
[35025]
[35001]
[34964]
[34901]
[RHSA-2009:0457]
[oval:org.mitre.oval:def:10959]
[SUSE-SR:2009:011]
Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0.4 and 3.5.x before 3.5.2, as used in Flash Media Interactive Server and Flash Media Streaming Server, allows remote attackers to execute arbitrary remote procedures within an ActionScript file on the server via RPC requests.
[34790]
[http://www.adobe.com/support/security/bulletins/apsb09-05.html]
[ADV-2009-1234]
[1022148]
[34878]
Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "name/value pairs" and "paypal IPN functionality."
[34484]
[http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno25/tabid/1260/Default.aspx]
[34686]
Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a.
[mozilocms-indexphp-xss(49812)]
[34474]
[8394]
[http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changelog]
Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3.
[http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changelog]
[mozilocms-index-file-include(49813)]
[34474]
[8394]
moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message.
[mozilocms-index-path-disclosure(49811)]
[8394]
Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video Converter 3.1.53.0704n and 5.1.23.0402 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .cue file.
[vcw-cue-bo(49807)]
[34472]
[8390]
[34660]
The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.
[ADV-2009-0985]
[34446]
[https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552]
[https://launchpad.net/bugs/360502]
[USN-756-1]
[1022028]
[MDVSA-2009:097]
[DSA-1771]
[http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032]
[http://support.apple.com/kb/HT3865]
[36701]
[34716]
[34654]
[34612]
[53602]
[APPLE-SA-2009-09-10-2]
Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL.
[ADV-2009-0985]
[https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1553]
[1022028]
[34446]
[MDVSA-2009:097]
[http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032]
[http://support.apple.com/kb/HT3865]
[36701]
[34612]
[53603]
[APPLE-SA-2009-09-10-2]
Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.
[35067]
[http://www.pidgin.im/news/security/?id=29]
[FEDORA-2009-5597]
[FEDORA-2009-5583]
[FEDORA-2009-5552]
[https://bugzilla.redhat.com/show_bug.cgi?id=500488]
[pidgin-xmppsocks5-bo(50682)]
[ADV-2009-1396]
[USN-781-2]
[USN-781-1]
[RHSA-2009:1060]
[RHSA-2009:1059]
[MDVSA-2009:173]
[MDVSA-2009:140]
[GLSA-200905-07]
[35330]
[35329]
[35294]
[35215]
[35202]
[35194]
[35188]
[oval:org.mitre.oval:def:9005]
[DSA-1805]
Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.
[35067]
[http://www.pidgin.im/news/security/?id=30]
[FEDORA-2009-5597]
[FEDORA-2009-5583]
[FEDORA-2009-5552]
[https://bugzilla.redhat.com/show_bug.cgi?id=500490]
[pidgin-decryptout-bo(50684)]
[ADV-2009-1396]
[USN-781-1]
[RHSA-2009:1060]
[MDVSA-2009:173]
[GLSA-200905-07]
[35329]
[35294]
[35202]
[35194]
[35188]
[oval:org.mitre.oval:def:11654]
The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol.
[35067]
[http://www.pidgin.im/news/security/?id=31]
[FEDORA-2009-5597]
[FEDORA-2009-5583]
[FEDORA-2009-5552]
[https://bugzilla.redhat.com/show_bug.cgi?id=500491]
[pidgin-purplecircbuffer-dos(50683)]
[ADV-2009-1396]
[USN-781-1]
[RHSA-2009:1060]
[MDVSA-2009:173]
[GLSA-200905-07]
[35329]
[35294]
[35215]
[35202]
[35194]
[35188]
[oval:org.mitre.oval:def:10829]
[54649]
[DSA-1805]
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.
[https://bugzilla.redhat.com/show_bug.cgi?id=500493]
[FEDORA-2009-5597]
[FEDORA-2009-5583]
[FEDORA-2009-5552]
[pidgin-msn-slp-bo(50680)]
[ADV-2009-1396]
[USN-781-2]
[USN-781-1]
[35067]
[RHSA-2009:1060]
[RHSA-2009:1059]
[http://www.pidgin.im/news/security/?id=32]
[MDVSA-2009:173]
[MDVSA-2009:140]
[GLSA-200905-07]
[37071]
[35330]
[35329]
[35294]
[35215]
[35202]
[35194]
[35188]
[oval:org.mitre.oval:def:10476]
[DSA-1805]
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
[http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest]
[[openssl-dev] 20090516 [openssl.org #1930] [PATCH] DTLS record buffer limitation bug]
[http://cvs.openssl.org/chngview?cn=18187]
[https://launchpad.net/bugs/cve/2009-1377]
[https://kb.bluecoat.com/index?page=content&id=SA50]
[ADV-2010-0528]
[ADV-2009-1377]
[USN-792-1]
[1022241]
[35001]
[[oss-security] 20090518 Two OpenSSL DTLS remote DoS]
[MDVSA-2009:120]
[http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html]
[http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net]
[SSA:2010-060-02]
[GLSA-200912-01]
[42733]
[42724]
[38834]
[38794]
[38761]
[37003]
[35729]
[35571]
[35461]
[35416]
[35128]
[oval:org.mitre.oval:def:9663]
[oval:org.mitre.oval:def:6683]
[[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates]
[SUSE-SR:2009:011]
[SSRT100079]
[SSRT100079]
[NetBSD-SA2009-009]
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
[http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest]
[[openssl-dev] 20090516 [openssl.org #1931] [PATCH] DTLS fragment handling memory leak]
[http://cvs.openssl.org/chngview?cn=18188]
[https://launchpad.net/bugs/cve/2009-1378]
[https://kb.bluecoat.com/index?page=content&id=SA50]
[ADV-2010-0528]
[ADV-2009-1377]
[USN-792-1]
[1022241]
[35001]
[[oss-security] 20090518 Two OpenSSL DTLS remote DoS]
[8720]
[MDVSA-2009:120]
[http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html]
[http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net]
[SSA:2010-060-02]
[GLSA-200912-01]
[42733]
[42724]
[38834]
[38794]
[38761]
[37003]
[35729]
[35571]
[35461]
[35416]
[35128]
[oval:org.mitre.oval:def:7229]
[oval:org.mitre.oval:def:11309]
[[openssl-dev] 20090518 Re: [openssl.org #1931] [PATCH] DTLS fragment handling memory leak]
[[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates]
[SUSE-SR:2009:011]
[HPSBMA02492]
[HPSBMA02492]
[NetBSD-SA2009-009]
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
[https://launchpad.net/bugs/cve/2009-1379]
[https://kb.bluecoat.com/index?page=content&id=SA50]
[openssl-dtls1retrievebufferedfragment-dos(50661)]
[ADV-2010-0528]
[ADV-2009-1377]
[USN-792-1]
[1022241]
[35138]
[[oss-security] 20090518 Re: Two OpenSSL DTLS remote DoS]
[http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html]
[http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net]
[SSA:2010-060-02]
[GLSA-200912-01]
[42733]
[42724]
[38834]
[38794]
[38761]
[37003]
[35729]
[35571]
[35461]
[35416]
[http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest]
[oval:org.mitre.oval:def:9744]
[oval:org.mitre.oval:def:6848]
[[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates]
[SUSE-SR:2009:011]
[SSRT100079]
[SSRT100079]
[NetBSD-SA2009-009]
Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key property and the position of quote and colon characters.
[https://bugzilla.redhat.com/show_bug.cgi?id=511224]
[RHSA-2009:1650]
[RHSA-2009:1649]
[RHSA-2009:1637]
[RHSA-2009:1636]
[https://jira.jboss.org/jira/browse/JBPAPP-1983]
[jboss-enterprise-jmxconsole-xss(54698)]
[37276]
[1023315]
[37671]
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.
[20090521 [SECURITY] [DSA 1802-2] New squirrelmail packages correct incomplete fix]
[FEDORA-2009-5350]
[FEDORA-2009-5471]
[MDVSA-2009:122]
[DSA-1802]
[35140]
[http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff]
Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when downloaded before 20090713, allow remote attackers to execute arbitrary code via a TeX file with long (1) picture, (2) circle, or (3) input tags.
[ADV-2009-1875]
[http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578]
[mimetex-mimetex-bo(51794)]
[ADV-2010-0877]
[20090713 [oCERT-2009-010] mimeTeX and mathTeX buffer overflows and commandinjection]
[http://www.ocert.org/advisories/ocert-2009-010.html]
[35816]
[35752]
[http://scary.beasts.org/security/CESA-2009-009.html]
[FEDORA-2010-6546]
The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag.
[mathtex-getdirective-command-execution(51795)]
[ADV-2009-1875]
[20090713 [oCERT-2009-010] mimeTeX and mathTeX buffer overflows and commandinjection]
[http://www.ocert.org/advisories/ocert-2009-010.html]
[35816]
[http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578]
pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
[https://bugzilla.redhat.com/show_bug.cgi?id=502602]
[ADV-2009-1448]
[http://www.vmware.com/security/advisories/VMSA-2011-0003.html]
[35112]
[20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX]
[[oss-security] 20090527 CVE assignment notification (pam_krb5 CVE-2009-1384)]
[MDVSA-2010:054]
[43314]
[35230]
[oval:org.mitre.oval:def:9652]
[oval:org.mitre.oval:def:7081]
[54791]
Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size.
[https://bugzilla.redhat.com/show_bug.cgi?id=502981]
[http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc8]
[http://sourceforge.net/project/shownotes.php?release_id=504022&group_id=42302]
[FEDORA-2009-6846]
[FEDORA-2009-6768]
[FEDORA-2009-6883]
[RHSA-2009:1550]
[ADV-2009-3316]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-793-1]
[35185]
[20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[20090724 rPSA-2009-0111-1 kernel]
[RHSA-2009:1193]
[RHSA-2009:1157]
[[oss-security] 20090603 CVE-2009-1385 kernel: e1000_clean_rx_irq() denial of service]
[MDVSA-2009:148]
[MDVSA-2009:135]
[http://www.intel.com/support/network/sb/CS-030543.htm]
[DSA-1865]
[DSA-1844]
[http://wiki.rpath.com/Advisories:rPSA-2009-0111]
[37471]
[36327]
[36131]
[36051]
[35847]
[35656]
[35623]
[35566]
[35265]
[oval:org.mitre.oval:def:8340]
[oval:org.mitre.oval:def:11681]
[oval:org.mitre.oval:def:11598]
[54892]
[SUSE-SA:2009:038]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ea30e11970a96cfe5e32c03a29332554573b4a10]
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
[http://cvs.openssl.org/chngview?cn=17369]
[openssl-changecipherspec-dos(50963)]
[ADV-2010-0528]
[USN-792-1]
[35174]
[[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS]
[8873]
[38834]
[38794]
[35729]
[35685]
[35571]
[http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest]
[oval:org.mitre.oval:def:7469]
[oval:org.mitre.oval:def:11179]
[[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates]
[SUSE-SR:2009:012]
[SSRT100079]
[SSRT100079]
[NetBSD-SA2009-009]
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
[http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest]
[http://cvs.openssl.org/chngview?cn=17958]
[ADV-2010-0528]
[USN-792-1]
[[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS]
[http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html]
[http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net]
[GLSA-200912-01]
[38834]
[38794]
[37003]
[35729]
[35685]
[35571]
[oval:org.mitre.oval:def:7592]
[oval:org.mitre.oval:def:10740]
[[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates]
[SUSE-SR:2009:012]
[SSRT100079]
[SSRT100079]
[NetBSD-SA2009-009]
The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread.
[https://bugzilla.redhat.com/show_bug.cgi?id=504263]
[https://bugzilla.redhat.com/attachment.cgi?id=346742]
[https://bugzilla.redhat.com/attachment.cgi?id=346615]
[[oss-security] 20090702 CVE-2009-1388 kernel: do_coredump() vs ptrace_start() deadlock]
[ADV-2009-3316]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[35559]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[RHSA-2009:1193]
[37471]
[36131]
[oval:org.mitre.oval:def:8680]
[oval:org.mitre.oval:def:8625]
[55679]
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet.
[FEDORA-2009-6846]
[FEDORA-2009-6768]
[FEDORA-2009-6883]
[https://bugzilla.redhat.com/show_bug.cgi?id=504726]
[linux-kernel-rtl8169nic-dos(51051)]
[ADV-2010-1857]
[ADV-2010-0219]
[ADV-2009-3316]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-807-1]
[1023507]
[35281]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[20090724 rPSA-2009-0111-1 kernel]
[RHSA-2009:1193]
[RHSA-2009:1157]
[[oss-security] 20090610 CVE-2009-1389 kernel: r8169: fix crash when large packets are received]
[MDVSA-2009:148]
[DSA-1865]
[DSA-1844]
[http://wiki.rpath.com/Advisories:rPSA-2009-0111]
[http://support.citrix.com/article/CTX123453]
[http://support.avaya.com/css/P8/documents/100067254]
[40645]
[37471]
[37298]
[36327]
[36131]
[36051]
[36045]
[35847]
[35566]
[35265]
[oval:org.mitre.oval:def:8108]
[oval:org.mitre.oval:def:10415]
[[linux-netdev] 20090214 r8169: instant crash if receiving packet larger than MTU]
[[linux-kernel] 20090608 [Security, resend] Instant crash with rtl8169 and large packets]
[SUSE-SA:2010:031]
[SUSE-SA:2009:038]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=fdd7b4c3302c93f6833e338903ea77245eb510b4]
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
[mutt-x509-security-bypass(51068)]
[35288]
[[oss-security] 20090610 Mutt 1.5.19 SSL chain verification flaw]
[http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a]
[FEDORA-2009-6465]
[http://dev.mutt.org/hg/mutt/rev/8f11dd00c770]
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.
[perl-compressrawzlib-inflate-bo(51062)]
[ADV-2009-1571]
[35307]
[FEDORA-2009-7680]
[https://bugzilla.redhat.com/show_bug.cgi?id=504386]
[https://bugs.gentoo.org/show_bug.cgi?id=273141]
[USN-794-1]
[MDVSA-2009:157]
[http://thread.gmane.org/gmane.mail.virus.amavis.user/33635]
[GLSA-200908-07]
[35876]
[35689]
[35685]
[35422]
[55041]
[SUSE-SR:2009:012]
[http://article.gmane.org/gmane.mail.virus.amavis.user/33638]
[http://article.gmane.org/gmane.mail.virus.amavis.user/33635]
The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.
[RHSA-2009:1095]
[ADV-2009-1572]
[1022376]
[RHSA-2009:1096]
[FEDORA-2009-6411]
[FEDORA-2009-6366]
[https://bugzilla.redhat.com/show_bug.cgi?id=503568]
[https://bugzilla.mozilla.org/show_bug.cgi?id=490513]
[https://bugzilla.mozilla.org/show_bug.cgi?id=490425]
[https://bugzilla.mozilla.org/show_bug.cgi?id=490410]
[https://bugzilla.mozilla.org/show_bug.cgi?id=489041]
[https://bugzilla.mozilla.org/show_bug.cgi?id=486398]
[https://bugzilla.mozilla.org/show_bug.cgi?id=472776]
[https://bugzilla.mozilla.org/show_bug.cgi?id=451341]
[https://bugzilla.mozilla.org/show_bug.cgi?id=432068]
[https://bugzilla.mozilla.org/show_bug.cgi?id=431086]
[https://bugzilla.mozilla.org/show_bug.cgi?id=429969]
[https://bugzilla.mozilla.org/show_bug.cgi?id=380359]
[ADV-2009-2152]
[USN-782-1]
[SSA:2009-178-01]
[1022397]
[35370]
[35326]
[RHSA-2009:1126]
[RHSA-2009:1125]
[http://www.mozilla.org/security/announce/2009/mfsa2009-24.html]
[MDVSA-2009:141]
[DSA-1830]
[DSA-1820]
[1020800]
[265068]
[SSA:2009-176-01]
[SSA:2009-167-01]
[35602]
[35561]
[35536]
[35468]
[35440]
[35439]
[35431]
[35428]
[35415]
[35331]
[oval:org.mitre.oval:def:9501]
[55147]
[55146]
[55145]
[55144]
Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe.
[1022455]
[35496]
[20090625 iDefense Security Advisory 06.25.09: Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow Vulnerability]
[http://www.netopia.com/software/products/tb2/]
[35533]
[20090625 Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow Vulnerability]
SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
[creloaded-productinfo-sql-injection(49987)]
[34640]
[8501]
SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user (Username) parameter.
[pastelcms-admin-sql-injection(49985)]
[34635]
[8502]
[34853]
Directory traversal vulnerability in index.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set_lng parameter.
[pastelcms-setlng-file-include(49986)]
[34635]
[8502]
[34853]
Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the include parameter.
[totalcalendar-cmsdetect-file-include(49980)]
[34634]
[8503]
[34824]
Directory traversal vulnerability in config.php in NotFTP 1.3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a certain languages[][file] parameter.
[notftp-config-file-include(49988)]
[34636]
[8504]
Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using (1) email, (2) img, and (3) url tags.
[http://www.webspell.org/index.php?site=news_comments&newsID=126&lang=uk]
[http://www.webspell.org/index.php?site=files&file=25]
[34595]
[webspell-bbcode-xss(49937)]
[20090416 webSPELL 4.2.0c XSS (BYPASS BBCODE) COOKIES STEALING VULNERABILITY]
[8453]
[34764]
[53782]
SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320.
[e107-hide-sql-injection(49981)]
[34614]
[8495]
[34823]
[53812]
SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
[quickcmslite-index-sql-injection(49989)]
[34647]
[8505]
SQL injection vulnerability in events/inc/events.inc.php in the Events plugin for Seditio CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the c parameter to plug.php.
[seditio-events-eventsinc-sql-injection(49975)]
[ADV-2009-1112]
[34608]
[8482]
[34812]
[53827]
Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions.
[googlechrome-chromehtml-command-execution(50449)]
[http://googlechromereleases.blogspot.com/2009/04/stable-update-security-fix.html]
[http://code.google.com/p/chromium/issues/detail?id=9860]
[http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc]
Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript execution in the context of an arbitrary web site. NOTE: this can be leveraged for a remote attack by exploiting a chromehtml: argument-injection vulnerability.
[googlechrome-settimeout-xss(50447)]
[http://code.google.com/p/chromium/issues/detail?id=9860]
[http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc]
Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors.
[googlechrome-globalobject-xss(50446)]
[http://code.google.com/p/chromium/issues/detail?id=9860]
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.
[[gnutls-devel] 20090430 Double free and free of invalid pointer on certain errors [GNUTLS-SA-2009-1] [CVE-2009-1415]]
[gnutls-libgnutls-dos(50445)]
[gnutls-dsa-dos(50260)]
[gnutls-dsa-code-execution(50257)]
[ADV-2009-1218]
[1022157]
[34783]
[MDVSA-2009:116]
[http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488]
[GLSA-200905-04]
[35211]
[34842]
[[gnutls-devel] 20090423 Re: some crashes on using DSA keys]
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.
[[gnutls-devel] 20090430 All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2] [CVE-2009-1416]]
[ADV-2009-1218]
[1022158]
[34783]
[MDVSA-2009:116]
[GLSA-200905-04]
[35211]
[34842]
[[help-gnutls] 20090420 Encryption using DSA keys]
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.
[[gnutls-devel] 20090430 Certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3] [CVE-2009-1417]]
[gnutls-gnutlscli-spoofing(50261)]
[ADV-2009-1218]
[1022159]
[34783]
[MDVSA-2009:116]
[GLSA-200905-04]
[35211]
[34842]
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Per: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01745065
"SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP System Management Homepage (SMH) before v3.0.1.73 running on Linux and Windows Server 2003, 2008."
[1022242]
[HPSBMA02428]
[HPSBMA02428]
[smh-win-unspecified-xss(50633)]
[35031]
[35108]
[JVNDB-2009-000029]
[JVN#02331156]
Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.0.0 through 2.52, 7.50, and 7.51 on Windows allows remote attackers to access DDMI agents via unknown vectors.
[SSRT090084]
[SSRT090084]
[ADV-2009-1514]
[1022339]
[35250]
[35270]
Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when used with SNMP (aka HPOvNNM.HPOVSNMP) before 1.30.009 and MIB (aka HPOvNNM.HPOVMIB) before 1.30.009, allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.
[35267]
[1022360]
[SSRT080094]
[SSRT080094]
[ADV-2009-1549]
[35408]
[20090626 HP Network Node Manager rping Stack Buffer Overflow Vulnerability]
Unspecified vulnerability in NFS / ONCplus B.11.31_06 and B.11.31_07 on HP HP-UX B.11.31 allows local users to cause a denial of service via unknown attack vectors.
Per: http://www.vupen.com/english/advisories/2009/1755
"Affected Products
HP-UX B.11.31 running NFS / ONCplus version B.11.31_07 and B.11.31_06 "
[ADV-2009-1755]
[35547]
[1022493]
[35644]
[SSRT090106]
[SSRT090106]
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors, aka PR_41209.
[SSRT090111]
[SSRT090111]
[ADV-2009-1869]
[1022536]
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors, aka PR_39898, a different vulnerability than CVE-2009-1424 and CVE-2009-1425.
[SSRT090111]
[SSRT090111]
[procurve-vpn-dos(51689)]
[ADV-2009-1869]
[1022536]
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors, aka PR_39412, a different vulnerability than CVE-2009-1423 and CVE-2009-1425.
[SSRT090111]
[SSRT090111]
[ADV-2009-1869]
[1022536]
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service by triggering a stop or crash in httpd, aka PR_18770, a different vulnerability than CVE-2009-1423 and CVE-2009-1424.
[ADV-2009-1869]
[35653]
[SSRT090111]
[SSRT090111]
[procurve-httpd-dos(51691)]
[1022536]
[http://cdn.procurve.com/training/Manuals/TMSzlModule-RelNotes-90603-59900224.pdf]
Unspecified vulnerability on HP ProLiant DL and ML 100 Series G5, G5p, and G6 servers with ProLiant Onboard Administrator Powered by LO100i (formerly Lights Out 100) 3.07 and earlier allows remote attackers to cause a denial of service via unknown vectors.
[SSRT090092]
[SSRT090092]
[1022617]
[35990]
Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors related to the ttrace system call.
[ADV-2009-2230]
[1022706]
[36017]
[36261]
[oval:org.mitre.oval:def:6215]
[SSRT090141]
[SSRT090141]
Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors."
[http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_01]
[multiple-symantec-log-xss(50170)]
[ADV-2009-1203]
[1022135]
[1022134]
[1022133]
[34669]
[34936]
[54132]
The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary commands via a crafted packet whose contents are interpreted as a command to be launched in a new process by the CreateProcessA function.
[symantec-cba-command-execution(50176)]
[ADV-2009-1204]
[http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02]
[1022132]
[1022131]
[1022130]
[34671]
[8346]
[34856]
[54157]
Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attackers to execute arbitrary code via (1) a crafted packet or (2) data that ostensibly arrives from the MsgSys.exe process.
[symantec-msgsys-bo(50178)]
[symantec-iao-bo(50177)]
[http://www.zerodayinitiative.com/advisories/ZDI-09-018/]
[ADV-2009-1204]
[http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02]
[1022132]
[1022131]
[1022130]
[34674]
[34672]
[20090428 ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability]
[34856]
XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code by placing the code on a (1) share or (2) WebDAV server, and then sending the UNC share pathname to this service.
Per vendor: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02
"Symantec System Center Impact
Symantec System Center (SSS) is a Microsoft Management Console (MMC) plug-in which allows an administrator to manage all Symantec AntiVirus platforms from a single, centralized location. Alert Management System 2 (AMS2) is an alerting feature of System Center that listens for specific events and sends notifications as specified by the administrator.
AMS2 is installed by default with Symantec System Center 9.0. AMS2 is an optional component in Symantec System Center 10.0 or 10.1. These vulnerabilities will only impact systems if AMS has been installed.
Symantec AntiVirus Server Impact
AMS2 is installed by default with Symantec AntiVirus Server 9.0. AMS2 is an optional component in Symantec AntiVirus Server 10.0 or 10.1. These vulnerabilities will only impact systems if AMS has been installed.
Symantec AntiVirus and Symantec Endpoint Protection Central Quarantine Server Impact
AMS2 is installed by default by Central Quarantine Server. These vulnerabilities will only impact systems if Quarantine Server has been installed.
Symantec is not aware of any customers impacted by these issues, or of any attempts to exploit them. However, we recommend that any affected customers update their product immediately to protect against potential attempts to exploit these issues.
Certain localized language versions of SCS 2.0/SAV 9.x were not patched due to compatibility issues on the localized platforms. As a result, customers who are running the following versions are strongly recommended to update to a non-vulnerable SCS 2.0/SAV 9 International English version or upgrade to a non-vulnerable version of SEP 11.x:
Symantec Client Security 2.0/Symantec AntiVirus Corporate Edition 9.x (Chinese Simplified and Chinese Traditional)
Symantec Client Security 2.0/Symantec AntiVirus Business Pack 9.x (Chinese Simplified and Chinese Traditional)
Symantec Client Security 2.0/Symantec AntiVirus Business Pack 9.x (Korean)
Symantec Client Security 2.0/Symantec AntiVirus Business Pack 9.x (Japanese licensed)"
[symantec-xfr-code-execution(50179)]
[ADV-2009-1204]
[http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02]
[1022132]
[1022131]
[1022130]
[34675]
[34856]
[20090429 Symantec System Center Alert Management System Console Arbitrary Program Execution Design Error Vulnerability]
Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled.
[multiple-symantec-login-spoofing(50172)]
[ADV-2009-1204]
[ADV-2009-1202]
[http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00]
[34668]
[1022138]
[1022137]
[1022136]
[34935]
[34856]
SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter.
[http://open.silverstripe.com/ticket/3721]
[34485]
[34633]
[53589]
[http://open.silverstripe.com/wiki/ChangeLog/2.3.1]
Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339.
[[foswiki-announce] 20090427 Security Alert CVE-2009-1434: Foswiki Page View Cross-Site Request Forgery (CSRF)]
[http://foswiki.org/Support/SecurityAlert-CVE-2009-1434]
[https://launchpad.net/bugs/cve/2009-1434]
[foswiki-unspecified-csrf(50256)]
[34863]
[54148]
NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application crash) via directories with long pathnames. NOTE: some of these details are obtained from third party information.
[ADV-2009-1146]
[1022109]
[34642]
[20090421 Re: Trend Micro OfficeScan Client - DOS]
[20090421 Trend Micro OfficeScan Client - DOS]
[34737]
[53890]
[http://es.geocities.com/jplopezy/officescan.zip]
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file.
[34666]
[1022113]
[FreeBSD-SA-09:07]
[34810]
[53918]
Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.1 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: this may overlap CVE-2008-3408.
[coolplayerportable-m3u-bo(49984)]
[8520]
[8519]
[8489]
[34816]
[53885]
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.
[ADV-2009-1104]
[30801]
[http://sourceforge.net/project/shownotes.php?release_id=677065&group_id=1275]
[53801]
[https://bugzilla.redhat.com/show_bug.cgi?id=496834]
[libmodplug-csoundfilereadmed-bo(50388)]
[USN-771-1]
[FEDORA-2009-4068]
[FEDORA-2009-4064]
[[oss-security] 20090421 CVE Request -- libmodplug]
[MDVSA-2009:128]
[DSA-1851]
[DSA-1850]
[GLSA-200907-07]
[36183]
[36158]
[35736]
[35685]
[35026]
[34930]
[34797]
[http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&r2=1.2]
[SUSE-SR:2009:012]
[http://bugs.gentoo.org/show_bug.cgi?id=266913]
Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.
[FEDORA-2009-5383]
[FEDORA-2009-5356]
[https://bugzilla.redhat.com/show_bug.cgi?id=494275]
[https://bugzilla.novell.com/show_bug.cgi?id=492282]
[http://xorl.wordpress.com/2009/04/07/linux-kernel-tree-connect-cifs-remote-buffer-overflow/]
[ADV-2009-3316]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-793-1]
[34453]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[20090516 rPSA-2009-0084-1 kernel]
[RHSA-2009:1081]
[[oss-security] 20090407 Re: CVE request? buffer overflow in CIFS in 2.6.*]
[[oss-security] 20090407 Re: CVE request? buffer overflow in CIFS in 2.6.*]
[[oss-security] 20090405 CVE request? buffer overflow in CIFS in 2.6.*]
[DSA-1800]
[DSA-1794]
[DSA-1787]
[http://wiki.rpath.com/Advisories:rPSA-2009-0084]
[37471]
[35656]
[35394]
[35390]
[35387]
[35343]
[35226]
[35217]
[35185]
[35121]
[35120]
[35011]
[34981]
[oval:org.mitre.oval:def:8265]
[oval:org.mitre.oval:def:10321]
[[linux-cifs-client] 20090406 [PATCH] cifs: Fix insufficient memory allocation for nativeFileSystem field]
[SUSE-SA:2009:032]
[SUSE-SA:2009:031]
[SUSE-SA:2009:030]
[SUSE-SA:2009:028]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b363b3304bcf68c4541683b2eff70b29f0446a5b]
[http://blog.fefe.de/?ts=b72905a8]
Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule 2.2.4 allows remote attackers to conduct argument injection attacks into a command for mplayer via a crafted filename.
[amule-downloadlistctrl-command-execution(50205)]
[34683]
[[oss-security] 20090422 CVE id request: amule]
[DSA-1821]
[34839]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078]
Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel.
[chrome-paramtraitsskbitmapread-bo(50362)]
[ADV-2009-1266]
[1022174]
[34859]
[35014]
[54288]
[http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html]
[http://code.google.com/p/chromium/issues/detail?id=10869]
Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.
[http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html]
[ADV-2009-1266]
[1022175]
[34859]
[35014]
[54248]
[http://code.google.com/p/skia/source/detail?r=159]
[http://code.google.com/p/chromium/issues/detail?id=10736]
Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors.
[ADV-2009-1152]
[http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=133&cntnt01returnid=51]
[34694]
[34763]
PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter.
[34687]
[8516]
[54121]
Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta allow remote attackers to (1) read arbitrary files via directory traversal sequences in the lang parameter to libraries/helpdocs/help.php and (2) include and execute arbitrary local files via directory traversal sequences in the error parameter to index.php.
[34687]
[8516]
[54120]
[54119]
Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details are obtained from third party information.
[ADV-2009-1149]
[34679]
[8514]
[25844]
[54115]
Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
[ecart-image-file-upload(49956)]
[34590]
[8474]
[34736]
Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net APRICOT, probably 1.20, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
[apricot-apricot-xss(49948)]
[JVNDB-2009-000019]
[JVN#82744714]
Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.1 allows remote attackers to execute arbitrary code via a skin file (skin.ini) with a large PlaylistSkin parameter. NOTE: this may overlap CVE-2008-5735.
[coolplayerportable-skin-bo(50448)]
[8527]
[34816]
[54113]
PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the _page_content parameter.
[7936]
Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB 0.3.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
[7936]
Multiple PHP remote file inclusion vulnerabilities in theme/format.php in SMA-DB 0.3.13 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _page_css and (2) _page_javascript parameters. NOTE: the _page_content vector is already is covered by CVE-2009-1450.
[smadb-formatphp-file-include(49928)]
[34569]
[8460]
SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 rc4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the txtUsername parameter (aka the Username field). NOTE: some of these details are obtained from third party information.
[34581]
[20090417 Tiny Blogr 1.0.0 rc4 Authentication Bypass]
[8464]
[34768]
Cross-site scripting (XSS) vulnerability in tasks.php in WebCollab before 2.50 (aka Billy Goat) allows remote attackers to inject arbitrary web script or HTML via the selection parameter in a todo action.
[http://sourceforge.net/project/shownotes.php?release_id=676245&group_id=75945]
[http://holisticinfosec.org/content/view/108/45/]
[webcollab-tasks-xss(49939)]
[34576]
[53780]
[34568]
Multiple cross-site request forgery (CSRF) vulnerabilities in WebCollab before 2.50 (aka Billy Goat) allow remote attackers to hijack the authentication of administrators for requests that change an arbitrary password or have other unspecified impact.
[http://sourceforge.net/project/shownotes.php?release_id=676245&group_id=75945]
[http://holisticinfosec.org/content/view/108/45/]
[webcollab-unspecifed-csrf(49940)]
[53781]
[34568]
Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
[34588]
[20090417 Malleo 1.2.3 Local File Inclusion Vulnerability]
[34766]
Cross-site scripting (XSS) vulnerability in player.php in Nuke Evolution Xtreme 2.x allows remote attackers to inject arbitrary web script or HTML via the defaultVisualExt parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[nex-player-xss(49944)]
[34594]
[34783]
[53779]
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in razorCMS before 0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the slab parameter in an edit action, (2) the catname parameter in a showcats action, and (3) the cat parameter in a reordercat action.
[razorcms-index-xss(49945)]
[34566]
[34744]
[http://razorcms.co.uk/support/viewtopic.php?f=13&t=325]
[53776]
[20090416 [follow-up] razorCMS - Multiple Vulnerabilities]
[20090416 razorCMS - Multiple Vulnerabilities]
Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code.
[razorcms-unspecified-csrf(49947)]
[34566]
[34744]
[http://razorcms.co.uk/support/viewtopic.php?f=13&t=325]
[53778]
[20090416 [follow-up] razorCMS - Multiple Vulnerabilities]
[20090416 razorCMS - Multiple Vulnerabilities]
razorCMS before 0.4 uses weak permissions for (1) admin/core/admin_config.php, which allows local users to obtain the administrator's password hash and FTP user credentials; and (2) the root directory, (3) datastore/, and (4) admin/core/, which allows local users to have an unspecified impact.
[razorcms-adminconfig-info-disclosure(49946)]
[34566]
[34744]
[http://razorcms.co.uk/support/viewtopic.php?f=13&t=325]
[53777]
[20090416 [follow-up] razorCMS - Multiple Vulnerabilities]
[20090416 razorCMS - Multiple Vulnerabilities]
Cross-site scripting (XSS) vulnerability in the Create New Page form in razorCMS 0.3 RC2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Page Title field.
[razorcms-createnewpage-xss(50357)]
[34854]
[http://razorcms.co.uk/support/viewtopic.php?f=13&t=325]
[20090416 [follow-up] razorCMS - Multiple Vulnerabilities]
The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
[razorcms-security-manager-unspecified(50358)]
[34566]
[http://razorcms.co.uk/support/viewtopic.php?f=13&t=325]
[20090416 [follow-up] razorCMS - Multiple Vulnerabilities]
[20090416 razorCMS - Multiple Vulnerabilities]
Static code injection vulnerability in razorCMS before 0.4 allows remote attackers to inject arbitrary PHP code into any page by saving content as a .php file.
[razorcms-phpfile-code-execution(50359)]
[34566]
[http://razorcms.co.uk/support/viewtopic.php?f=13&t=325]
[20090416 [follow-up] razorCMS - Multiple Vulnerabilities]
[20090416 razorCMS - Multiple Vulnerabilities]
Multiple cross-site request forgery (CSRF) vulnerabilities in index.aas in Application Access Server (A-A-S) 2.0.48 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary programs via a command job, (2) stop services via a setservice job, or (3) terminate processes via a killprocess job.
[http://www.syhunt.com/advisories/aashack.txt]
[http://www.syhunt.com/advisories/?id=aas-multiple]
[34911]
[20090512 Syhunt: A-A-S (Application Access Server) Multiple Security Vulnerabilities]
[1022204]
[35034]
Application Access Server (A-A-S) 2.0.48 has "wildbat" as its default password for the admin account, which makes it easier for remote attackers to obtain access.
[aas-default-password(50589)]
[http://www.syhunt.com/advisories/?id=aas-multiple]
[34911]
[20090512 Syhunt: A-A-S (Application Access Server) Multiple Security Vulnerabilities]
[1022204]
Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file.
[aas-aas-info-disclosure(50590)]
[http://www.syhunt.com/advisories/?id=aas-multiple]
[34911]
[20090512 Syhunt: A-A-S (Application Access Server) Multiple Security Vulnerabilities]
[1022204]
Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php; or the (2) title, (3) link, or (4) description element in an RSS feed, related to the getHTML function in server/inc/rss/item.php.
[http://www.redteam-pentesting.de/advisories/rt-sa-2009-002]
[merak-webmail-xss(50331)]
[ADV-2009-1253]
[1022168]
[1022167]
[34825]
[20090505 [RT-SA-2009-002] IceWarp WebMail Server: User-assisted Cross Site Scripting in RSS Feed Reader]
[20090505 [RT-SA-2009-001] IceWarp WebMail Server: Cross Site Scripting in Email View]
[http://www.redteam-pentesting.de/advisories/rt-sa-2009-001]
[54227]
[54226]
Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query.
[ADV-2009-1253]
[1022169]
[34820]
[20090505 [RT-SA-2009-003] IceWarp WebMail Server: SQL Injection in Groupware Component]
[http://www.redteam-pentesting.de/advisories/rt-sa-2009-003]
[54228]
CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user's correct credentials, and requests that the user compose a reply that includes this message.
[merak-forgot-password-header-injection(50332)]
[ADV-2009-1253]
[1022166]
[34827]
[20090505 [RT-SA-2009-004] IceWarp WebMail Server: Client-Side Specification of "Forgot Password" eMail Content]
[http://www.redteam-pentesting.de/advisories/rt-sa-2009-004]
[54229]
The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has a hardcoded AES encryption key, which makes it easier for man-in-the-middle attackers to (1) execute arbitrary Java code, or (2) gain access to machines connected to the switch, by hijacking a session.
[35108]
[20090526 Multiple vulnerabilities in several ATEN IP KVM Switches]
The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified "client-side calculations."
[aten-kvm-client-weak-security(50849)]
[35108]
[20090526 Multiple vulnerabilities in several ATEN IP KVM Switches]
[35241]
The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not (1) encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not (2) set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
[aten-kvm-mouse-weak-security(50850)]
[35108]
[20090526 Multiple vulnerabilities in several ATEN IP KVM Switches]
[35241]
Buffer overflow in lib/load_http.c in ippool in Darren Reed IPFilter (aka IP Filter) 4.1.31 allows local users to gain privileges via vectors involving a long hostname in a URL.
[ipfilter-loadhttp-bo(50716)]
[1022272]
[35076]
[20090522 IPFilter (ippool) 4.1.31 lib/load_http.c buffer overflow]
[http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c.diff?r1=1.1&r2=1.2&f=h]
[http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c]
The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the PN9108 power-control unit have a hardcoded SSL private key, which makes it easier for remote attackers to decrypt https sessions by extracting this key from their own switch and then sniffing network traffic to a switch owned by a different customer.
[aten-kvm-ssl-weak-security(50851)]
[35108]
[20090526 Multiple vulnerabilities in several ATEN IP KVM Switches]
Multiple unspecified vulnerabilities in the DTrace ioctl handlers in Sun Solaris 10, and OpenSolaris before snv_114, allow local users to cause a denial of service (panic) via unknown vectors.
[257708]
[solaris-dtrace-ioctl-dos(50220)]
[ADV-2009-1378]
[ADV-2009-1199]
[1022143]
[34753]
[http://support.avaya.com/elmodocs2/security/ASA-2009-171.htm]
[35098]
[34836]
[54138]
Directory traversal vulnerability in client/desktop/default.htm in Boxalino before 09.05.25-0421 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
[boxalino-default-directory-traversal(53932)]
[20091020 [CVE-2009-1479] Boxalino - Directory Traversal Vulnerability]
[http://www.csnc.ch/misc/files/advisories/CVE-2009-1479-Boxalino-Directory_Traversal.txt]
SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors.
[34707]
[20090424 Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities]
[8533]
SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the cname parameter in a checkAlias action, as exploited in the wild in April 2009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[pjblog3-action-sql-injection(50082)]
[34701]
[34897]
[53939]
[http://downloads.securityfocus.com/vulnerabilities/exploits/34701.vbs]
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
[http://moinmo.in/SecurityFixes]
[moinmoin-errormsg-xss(50356)]
[ADV-2009-1119]
[USN-774-1]
[34631]
[DSA-1791]
[35024]
[34945]
[34821]
[http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1]
Unrestricted file upload vulnerability in upload-file.php in Adam Patterson Studio Lounge Address Book 2.5, as reachable from index2.php, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in profiles/.
[addressbook-uploadfile-file-upload(49972)]
[ADV-2009-1111]
[34652]
[53813]
[8481]
[34761]
Cross-site scripting (XSS) vulnerability in the web mail interface feature in AXIGEN Mail Server 6.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving e-mail messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[34716]
[34402]
The logging feature in eMule Plus before 1.2e allows remote attackers to cause a denial of service (infinite loop) via unspecified attack vectors.
[emuleplus-logging-dos(50081)]
[http://sourceforge.net/project/shownotes.php?release_id=676726]
[34799]
Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the with parameter.
[8549]
[34904]
SQL injection vulnerability in pages/login.php in FunGamez RC1 allows remote attackers to execute arbitrary SQL commands via the login_user (aka username) parameter. NOTE: some of these details are obtained from third party information.
[fungamez-login-sql-injection(50090)]
[ADV-2009-1117]
[34610]
[8493]
[20090420 Multiple Remote Vulnerabilities--SQLi-(INSECURE-COOKIE-HANDLING)-LFI-->]
Directory traversal vulnerability in admin/load.php in FunGamez RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to index.php.
[fungamez-index-file-include(50091)]
[ADV-2009-1117]
[34610]
[8493]
[20090420 Multiple Remote Vulnerabilities--SQLi-(INSECURE-COOKIE-HANDLING)-LFI-->]
includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter.
[fungamez-user-auth-bypass(50424)]
[ADV-2009-1117]
[8493]
[20090420 Multiple Remote Vulnerabilities--SQLi-(INSECURE-COOKIE-HANDLING)-LFI-->]
Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.
[http://www.sendmail.org/releases/8.13.2]
[sendmail-xheader-bo(50355)]
[http://www.nmrc.org/~thegnome/blog/apr09/]
McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
[groupshield-xheaders-security-bypass(50354)]
[http://www.nmrc.org/~thegnome/blog/apr09/]
The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.
[TA09-133B]
[VU#970180]
[reader-getannots-code-execution(50145)]
[ADV-2009-1317]
[ADV-2009-1189]
[1022139]
[34736]
[RHSA-2009:0478]
[8569]
[http://www.adobe.com/support/security/bulletins/apsb09-06.html]
[http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953]
[259028]
[GLSA-200907-06]
[35734]
[35416]
[35358]
[35152]
[35096]
[35055]
[34924]
[http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt]
[54130]
[SUSE-SR:2009:011]
[SUSE-SA:2009:027]
[http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html]
[http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html]
[http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html]
The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.
[TA09-133B]
[VU#970180]
[reader-spellcustom-code-execution(50146)]
[ADV-2009-1317]
[ADV-2009-1189]
[1022139]
[34740]
[RHSA-2009:0478]
[8570]
[http://www.adobe.com/support/security/bulletins/apsb09-06.html]
[http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953]
[259028]
[GLSA-200907-06]
[35734]
[35416]
[35358]
[35152]
[35096]
[35055]
[34924]
[http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt]
[54129]
[SUSE-SR:2009:011]
[SUSE-SA:2009:027]
[http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html]
[http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html]
The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port.
[http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e]
[http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c]
[http://code.google.com/p/memcachedb/source/detail?r=98]
[memcached-processstat-info-disclosure(50444)]
[http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz]
[http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98]
Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb.
[8374]
[34648]
Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
[34431]
[8367]
Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Player (GOM Player) 2.1.16.4635 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in an SRT file.
[34427]
[20090408 [Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability]
[8370]
[http://security.bkis.vn/?p=501]
[34639]
[53361]
Directory traversal vulnerability in inc/profilemain.php in Game Maker 2k Internet Discussion Boards (iDB) 0.2.5 Pre-Alpha SVN 243 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter in a settings action to profile.php.
[idb-profilemain-file-include(49697)]
[34397]
[8357]
SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor.
[34433]
[8366]
SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter.
[34767]
[20090429 SQL INJECTION (SQLi) VULNERABILITY--ProjectCMS v1.0 Beta Final-->]
[8565]
Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image.
[34774]
[http://drupal.org/node/448958]
[ADV-2009-1213]
[34953]
Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
[34771]
[8566]
[34940]
Multiple SQL injection vulnerabilities in login.php in Tiger Document Management System (DMS) allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
[34775]
[8571]
[34784]
Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."
[8529]
SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field.
[34777]
[http://drupal.org/node/449014]
[newspage-keywords-sql-injection(50248)]
[ADV-2009-1214]
[34954]
[54151]
SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to banner-details.php.
[34769]
[8563]
The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node.
[34778]
[http://drupal.org/node/449030]
[ADV-2009-1212]
[34955]
SQL injection vulnerability in the xforum_validateUser function in Common.php in X-Forum 0.6.2 allows remote attackers to execute arbitrary SQL commands, as demonstrated via the cookie_username parameter to Configure.php.
[xforum-cookieusername-sql-injection(49537)]
[34302]
[8317]
SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
[34338]
[8341]
[34529]
Multiple directory traversal vulnerabilities in KoschtIT Image Gallery 1.82 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the file parameter to (1) ki_makepic.php and (2) ki_nojsdisplayimage.php in ki_base/.
[34335]
[8334]
GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value.
[34586]
[8466]
Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php.
[xforum-config-code-execution(50390)]
[8317]
Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name.
[ADV-2009-1200]
[34747]
[http://sourceforge.net/tracker/?func=detail&aid=2777467&group_id=1275&atid=301275]
[http://sourceforge.net/project/shownotes.php?release_id=678622&group_id=1275]
[http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms;a=commitdiff;h=c4ebb701be6ee9a296a44fdac5a20b7739ff0595]
[USN-771-1]
[[oss-security] 20090429 Re: CVE Request -- libmodplug]
[MDVSA-2009:128]
[DSA-1850]
[GLSA-200907-07]
[36158]
[35736]
[35026]
[34927]
[54109]
[http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_pat.cpp?r1=1.3&r2=1.4]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526084]
Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value.
[34786]
[8573]
Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information.
[34745]
[54100]
[MDVSA-2009:129]
[34881]
[[file] 20090501 file 5.01 is now available]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603]
[ftp://ftp.astron.com/pub/file/file-5.01.tar.gz]
Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly demonstrated by a web application that accepts untrusted input for this method.
[34739]
[8542]
Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods.
[nortonghost-easysetupint-dos(50098)]
[http://www.shinnai.net/xplits/TXT_Gl6RHStS23c9DANArcJE.html]
[1022120]
[34696]
[8523]
Cross-site request forgery (CSRF) vulnerability in Beltane before 2.3.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[34973]
[54167]
Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter.
[34802]
[8593]
Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17 allows attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors.
[ibm-tsm-webgui-bo(50328)]
[ADV-2009-1235]
[IC59994]
[http://www-01.ibm.com/support/docview.wss?uid=swg21384389]
[32604]
Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage Manager (TSM) client 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.5, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17, and the TSM Express client 5.3.3.0 through 5.3.6.5, allows attackers to read or modify arbitrary files via unknown vectors.
[IC59779]
[http://www-01.ibm.com/support/docview.wss?uid=swg21384389]
[ibm-tsm-javagui-security-bypass(50329)]
[ADV-2009-1235]
[32604]
The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors.
[IC59781]
[http://www-01.ibm.com/support/docview.wss?uid=swg21384389]
[ibm-tsm-ssl-mitm(50330)]
[ADV-2009-1235]
[32604]
[54235]
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
[VU#402580]
[FEDORA-2009-5513]
[FEDORA-2009-5509]
[FEDORA-2009-5500]
[https://bugzilla.redhat.com/show_bug.cgi?id=499867]
[ADV-2010-1792]
[ADV-2009-1900]
[1022563]
[35675]
[34800]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html]
[http://www.kb.cert.org/vuls/id/CRDY-7RKQCY]
[40553]
[35776]
[35225]
[35143]
[34975]
[http://jira.codehaus.org/browse/JETTY-1004]
[HPSBMA02553]
[HPSBMA02553]
Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.
[http://jira.codehaus.org/browse/JETTY-980]
[https://bugzilla.redhat.com/show_bug.cgi?id=499867]
[ADV-2010-1792]
[34800]
[40553]
[34975]
[HPSBMA02553]
[HPSBMA02553]
CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.
[directadmin-cmddb-command-execution(50167)]
[http://www.directadmin.com/features.php?id=968]
[34861]
[54015]
[20090422 DirectAdmin < 1.33.4 Local file overwrite & Local root escalation]
JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.
[http://www.directadmin.com/features.php?id=968]
[34861]
[54014]
[20090422 DirectAdmin < 1.33.4 Local file overwrite & Local root escalation]
Race condition in the ptrace_attach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACE_ATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect cred_exec_mutex object.
[ADV-2009-1236]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cad81bc2529ab8c62b6fdc83a1c0c7f4a87209eb]
[linux-kernel-ptraceattach-code-execution(50293)]
[34799]
[20090516 rPSA-2009-0084-1 kernel]
[54188]
[[oss-security] 20090504 CVE request: kernel: ptrace_attach: fix the usage of ->cred_exec_mutex]
[http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc4]
[http://wiki.rpath.com/Advisories:rPSA-2009-0084]
[35120]
[34977]
Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka "HTML Object Memory Corruption Vulnerability."
[TA09-160A]
[MS09-019]
[http://www.zerodayinitiative.com/advisories/ZDI-09-037]
[ADV-2009-1538]
[1022350]
[35222]
[20090610 ZDI-09-037: Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability]
[oval:org.mitre.oval:def:6260]
[54947]
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability."
[TA09-160A]
[MS09-019]
[http://www.zerodayinitiative.com/advisories/ZDI-09-036]
[ADV-2009-1538]
[1022350]
[35223]
[20090610 ZDI-09-036: Microsoft Internet Explorer setCapture Memory Corruption Vulnerability]
[oval:org.mitre.oval:def:6295]
[54948]
Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability."
[TA09-160A]
[MS09-019]
[http://www.zerodayinitiative.com/advisories/ZDI-09-038]
[ADV-2009-1538]
[1022350]
[20090610 ZDI-09-038: Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability]
[oval:org.mitre.oval:def:6294]
[54949]
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Object Memory Corruption Vulnerability."
[TA09-160A]
[MS09-019]
[http://www.zerodayinitiative.com/advisories/ZDI-09-039]
[ADV-2009-1538]
[1022350]
[35234]
[20090610 ZDI-09-039: Microsoft Internet Explorer onreadystatechange Memory Corruption Vulnerability]
[oval:org.mitre.oval:def:6308]
[54950]
Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references" that trigger an access of an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Objects Memory Corruption Vulnerability" or "HTML Object Memory Corruption Vulnerability."
[TA09-160A]
[MS09-019]
[http://www.zerodayinitiative.com/advisories/ZDI-09-041]
[ADV-2009-1538]
[1022350]
[20090610 ZDI-09-041: Microsoft Internet Explorer 8 Rows Property Dangling Pointer Code Execution Vulnerability]
[oval:org.mitre.oval:def:6244]
[54951]
Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
[TA09-160A]
[MS09-024]
[ADV-2009-1543]
[1022355]
[1022354]
[35184]
[35371]
[oval:org.mitre.oval:def:6292]
[54939]
[JVN#70858401]
[http://blogs.technet.com/srd/archive/2009/06/09/ms09-024.aspx]
Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
[TA09-223A]
[35992]
[MS09-043]
[1022708]
[oval:org.mitre.oval:def:6326]
[56916]
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.
[TA09-160A]
[MS09-020]
[20090616 IIS WebDav Vulnerability CVE ID]
[http://view.samurajdata.se/psview.php?id=023287d6&page=1]
[oval:org.mitre.oval:def:6029]
[http://isc.sans.org/diary.html?n&storyid=6397]
[http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html]
[http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf]
[20090515 Re: IIS6 + webdav and unicode rides again in 2009]
[20090515 Re: IIS6 + webdav and unicode rides again in 2009]
[20090515 IIS6 + webdav and unicode rides again in 2009]
ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
[TA09-223A]
[ADV-2009-2231]
[35985]
[MS09-036]
[1022715]
[36127]
[oval:org.mitre.oval:def:6393]
[56905]
[http://blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net-denial-of-service-vulnerability.aspx]
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
Per: http://www.microsoft.com/technet/security/advisory/971778.mspx
"Microsoft is aware of limited, active attacks that use this exploit code. While our investigation is ongoing, our investigation so far has shown that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not vulnerable."
[TA09-195A]
[MS09-028]
[http://www.microsoft.com/technet/security/advisory/971778.mspx]
[ADV-2009-1886]
[ADV-2009-1445]
[1022299]
[35139]
[35268]
[oval:org.mitre.oval:def:6237]
[54797]
[http://isc.sans.org/diary.html?storyid=6481]
[http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx]
[http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx]
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
[TA09-195A]
[MS09-028]
[ADV-2009-1886]
[35600]
[oval:org.mitre.oval:def:5963]
[55844]
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
[TA09-195A]
[MS09-028]
[ADV-2009-1886]
[oval:org.mitre.oval:def:6341]
[55845]
The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
[TA09-195A]
[MS09-033]
[ADV-2009-1890]
[1022544]
[35808]
[oval:org.mitre.oval:def:6166]
Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
[TA09-223A]
[MS09-041]
[oval:org.mitre.oval:def:6286]
Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
[TA09-223A]
[ADV-2009-2233]
[35967]
[MS09-038]
[1022711]
[36206]
[oval:org.mitre.oval:def:5412]
Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
[TA09-223A]
[ADV-2009-2233]
[35970]
[MS09-038]
[1022711]
[36206]
[oval:org.mitre.oval:def:5930]
[56909]
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."
[TA09-286A]
[MS09-054]
[oval:org.mitre.oval:def:6454]
SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a read action.
[ADV-2009-1246]
[34811]
[8600]
[34998]
[54221]
AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto."
[ADV-2009-1245]
[34808]
[8599]
[34968]
[54216]
Zakkis Technology ABC Advertise 1.0 does not properly restrict access to admin.inc.php, which allows remote attackers to obtain the administrator login name and password via a direct request.
[abcadvertise-admininc-info-disclosure(50183)]
[8555]
Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) qte_web_path parameter to qte_web.php and the (2) qte_root parameter to bin/qte_init.php.
[ADV-2009-1247]
[8602]
[34997]
[54218]
[54217]
Unspecified vulnerability in the IGMP driver in SCO Unixware Release 7.1.4 Maintenance Pack 4 allows attackers to cause a denial of service (system panic) via unspecified vectors.
[unixware-igmp-unspecified-dos(50255)]
[34781]
[ftp://ftp.sco.com/pub/unixware7/714/security/p535283/p535283.txt]
[34951]
[54168]
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.
[[cvs] 20090322 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/docroot/configuration/]
[[cvs] 20090320 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/docroot/]
[[cvs] 20090320 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/java/com/sun/enterprise/tools/admingui/handlers/CommonHandlers.java]
[glassfish-jsa-admininterface-xss(50453)]
[ADV-2009-1255]
[34914]
[34824]
[20090505 [DSECRG-09-034] Sun Glassfish Enterprise Server - Multiple Linked XSS vulnerabilies]
[[dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities]
[[dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities]
[258528]
[54257]
[54256]
[54255]
[54254]
[54253]
[54252]
[54251]
[54250]
[54249]
[JVNDB-2009-000027]
[JVN#73653977]
[http://dsecrg.com/pages/vul/show.php?id=134]
Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF.
[[cvs] 20090321 CVS update: /woodstock/webui/src/runtime/com/sun/webui/theme/ThemeServlet.java]
[woodstock-404page-xss(50336)]
[34829]
[20090505 [DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability]
[[dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities]
[[dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities]
[35006]
[54220]
[http://dsecrg.com/pages/vul/show.php?id=138]
The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by reading the SetupWizard.exe process memory, a related issue to CVE-2008-4390.
[ADV-2009-1173]
[34596]
[http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-1/]
[34767]
img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507.
[ADV-2009-1173]
[34629]
[http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-2/]
[34767]
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi.
[wvc54gca-nextfile-xss(50224)]
[ADV-2009-1173]
[34714]
[http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-4/]
[34767]
Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
[wvc54gca-admfile-dir-traversal(50231)]
[ADV-2009-1173]
[34713]
[http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/]
Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files via an absolute pathname in the this_file parameter. NOTE: traversal via a .. (dot dot) is probably also possible.
[wvc54gca-admfile-dir-traversal(50231)]
[ADV-2009-1173]
[34713]
[http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/]
The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in (1) pass_wd.htm and (2) Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code.
[wvc54gca-pass-wsecurity-info-disclosure(50410)]
[ADV-2009-1173]
[http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-4/]
Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters.
[ADV-2009-1172]
[34616]
[http://www.falandodeseguranca.com/?p=17]
[34805]
[http://packetstormsecurity.org/0904-exploits/linksysadmin-passwd.txt]
[20090418 Linksys WRT54GC - Admin Password Change (POC)]
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.
[http://www.vmware.com/security/advisories/VMSA-2010-0007.html]
[1023838]
[39363]
[http://secunia.com/secunia_research/2009-36/]
[39215]
[39206]
[36712]
[63614]
[[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues]
[20100409 VMware VMnc Codec Heap Overflow Vulnerability]
[20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues]
[20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues]
vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors."
[http://www.vmware.com/security/advisories/VMSA-2010-0007.html]
[[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues]
[1023838]
[39364]
[63615]
[http://secunia.com/secunia_research/2009-37/]
[39215]
[39206]
[36712]
[20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues]
[20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues]
Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio Creator 2010 before SP1, might allow remote attackers to execute arbitrary code via an image with crafted dimensions.
[roxio-image-code-execution(54496)]
[ADV-2009-3375]
[37183]
[20091202 Secunia Research: Roxio Creator Image Rendering Integer Overflow Vulnerability]
[http://secunia.com/secunia_research/2009-38/]
[36069]
Multiple stack-based buffer overflows in the Lateral Arts Photobox uploader ActiveX control 1.x before 1.3, and 2.2.0.6, allow remote attackers to execute arbitrary code via a long URL string for the (1) LogURL, (2) ConnectURL, (3) SkinURL, (4) AlbumCreateURL, (5) ErrorURL, or (6) httpsinglehost property value.
[ADV-2009-3377]
[ADV-2009-3376]
[37187]
[20091202 Secunia Research: Lateral Arts Photobox uploader ActiveX Control Buffer Overflow]
[http://secunia.com/secunia_research/2009-41/]
[37492]
[37138]
Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30, and possibly other versions before 5.32, allows remote attackers to execute arbitrary code via a long target-frame parameter.
[ADV-2009-3429]
[37242]
[http://download.novell.com/Download?buildid=29T3EFRky18~]
[20091208 Secunia Research: Novell iPrint Client "target-frame" Parameter Buffer Overflow]
[http://secunia.com/secunia_research/2009-40/]
[37169]
Multiple stack-based buffer overflows in Novell iPrint Client 4.38, 5.30, and possibly other versions before 5.32 allow remote attackers to execute arbitrary code via vectors related to (1) Date and (2) Time.
[ADV-2009-3429]
[37242]
[http://download.novell.com/Download?buildid=29T3EFRky18~]
[20091208 Secunia Research: Novell iPrint Client Date/Time Parsing Buffer Overflow]
[http://secunia.com/secunia_research/2009-44/]
[37169]
[35004]
Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.
[ADV-2009-3228]
[http://git.gnome.org/cgit/gimp/commit/?h=gimp-2-6&id=df2b0aca2e7cdb95ebfd3454c65aaba0a83e9bbe]
[https://bugzilla.gnome.org/show_bug.cgi?id=600484]
[gimp-readimage-bo(54254)]
[ADV-2010-1021]
[ADV-2009-3564]
[37006]
[20091112 Secunia Research: Gimp BMP Image Parsing Integer Overflow Vulnerability]
[RHSA-2011:0838]
[RHSA-2011:0837]
[59930]
[http://secunia.com/secunia_research/2009-42/]
[37232]
[oval:org.mitre.oval:def:8290]
[SUSE-SR:2010:009]
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.
[https://bugzilla.mozilla.org/show_bug.cgi?id=526500]
[mozilla-htmlparser-code-exec(56361)]
[ADV-2010-0650]
[ADV-2010-0405]
[USN-896-1]
[USN-895-1]
[20100218 Secunia Research: Mozilla Firefox Memory Corruption Vulnerability]
[RHSA-2010:0154]
[RHSA-2010:0153]
[RHSA-2010:0113]
[RHSA-2010:0112]
[http://www.mozilla.org/security/announce/2010/mfsa2010-03.html]
[MDVSA-2010:051]
[MDVSA-2010:042]
[DSA-1999]
[http://secunia.com/secunia_research/2009-45/]
[38847]
[38772]
[38770]
[37242]
[oval:org.mitre.oval:def:8615]
[oval:org.mitre.oval:def:11227]
[SUSE-SA:2010:015]
[FEDORA-2010-3267]
[FEDORA-2010-3230]
[FEDORA-2010-1727]
[FEDORA-2010-1936]
[FEDORA-2010-1932]
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
[DSA-1788]
[[quagga-dev] 20090203 [quagga-dev 6391] [PATCH] BGP 4-byte ASN bug fixes]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311]
[FEDORA-2009-5324]
[FEDORA-2009-5284]
[quagga-systemnumber-dos(50317)]
[USN-775-1]
[1022164]
[34817]
[54200]
[[oss-security] 20090501 Re: CVE request (sort of): Quagga BGP crasher]
[[oss-security] 20090501 CVE request (sort of): Quagga BGP crasher]
[MDVSA-2009:109]
[http://thread.gmane.org/gmane.network.quagga.devel/6513]
[35685]
[35203]
[35061]
[34999]
[SUSE-SR:2009:012]
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
[xvfbrun-magiccookie-info-disclosure(50348)]
[ADV-2010-1185]
[USN-939-1]
[34828]
[[oss-security] 20090505 Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)]
[[oss-security] 20090505 CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)]
[39834]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678]
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
[https://bugzilla.redhat.com/show_bug.cgi?id=497990]
[[oss-security] 20090504 Re: ipsec-tools 0.7.2]
[[oss-security] 20090429 ipsec-tools 0.7.2]
[FEDORA-2009-4394]
[FEDORA-2009-4298]
[FEDORA-2009-4291]
[ipsectools-isakmpfrag-dos(50412)]
[ADV-2009-3184]
[USN-785-1]
[34765]
[RHSA-2009:1036]
[MDVSA-2009:112]
[DSA-1804]
[http://support.apple.com/kb/HT4298]
[http://support.apple.com/kb/HT3937]
[http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611]
[GLSA-200905-03]
[35685]
[35404]
[35212]
[35159]
[35153]
[35113]
[oval:org.mitre.oval:def:9624]
[SUSE-SR:2009:012]
[APPLE-SA-2010-12-16-1]
[APPLE-SA-2009-11-09-1]
Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7.
[ADV-2009-1216]
[http://www.vbdrupal.org/forum/showthread.php?p=9953#post9953]
[54152]
[http://drupal.org/node/449078]
[FEDORA-2009-4203]
[FEDORA-2009-4175]
[drupal-utf7-xss(50250)]
[DSA-1792]
[34980]
[34950]
[34948]
Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an attacker-controlled site, possibly related to multiple / (slash) characters that are not properly handled by includes/bootstrap.inc, as demonstrated using the search box. NOTE: this vulnerability can be leveraged to conduct cross-site request forgery (CSRF) attacks.
[FEDORA-2009-4203]
[FEDORA-2009-4175]
[http://www.vbdrupal.org/forum/showthread.php?p=9953#post9953]
[http://drupal.org/node/449078]
[http://drupal.org/files/sa-core-2009-005/SA-CORE-2009-005-5.16.patch]
[ADV-2009-1216]
[54153]
[DSA-1792]
[34980]
[34950]
[34948]
Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file.
[https://bugzilla.redhat.com/show_bug.cgi?id=499174]
[https://bugzilla.redhat.com/show_bug.cgi?id=189666]
[http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?r1=1.18&r2=1.19]
[cscope-findc-bo(50366)]
[RHSA-2009:1101]
[[oss-security] 20090506 Re: Old cscope buffer overflow]
[[oss-security] 20090506 Re: Old cscope buffer overflow]
[[oss-security] 20090505 Old cscope buffer overflow]
[GLSA-200905-02]
[35213]
[oval:org.mitre.oval:def:9837]
[http://cvs.fedoraproject.org/viewvc/rpms/cscope/devel/cscope-15.5-putstring-overflow.patch]
[http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?view=log#rev1.19]
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING).
[FEDORA-2009-4880]
[FEDORA-2009-4870]
[squirrelmail-decryptheaders-xss(50460)]
[ADV-2009-1296]
[http://www.squirrelmail.org/security/issue/2009-05-09]
[http://www.squirrelmail.org/security/issue/2009-05-08]
[34916]
[MDVSA-2009:110]
[http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13672]
[http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13670]
[http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/global.php?r1=13670&r2=13669&pathrev=13670]
[http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog]
[http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/contrib/decrypt_headers.php?r1=13672&r2=13671&pathrev=13672]
[FEDORA-2009-4875]
[https://gna.org/forum/forum.php?forum_id=2146]
[https://bugzilla.redhat.com/show_bug.cgi?id=500363]
[squirrelmail-phpself-xss(50459)]
[ADV-2010-1481]
[ADV-2009-3315]
[RHSA-2009:1066]
[DSA-1802]
[http://support.apple.com/kb/HT4188]
[40220]
[37415]
[35259]
[35140]
[35073]
[35052]
[oval:org.mitre.oval:def:11624]
[60468]
[APPLE-SA-2010-06-15-1]
[http://download.gna.org/nasmail/nasmail-1.7.zip]
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.
[FEDORA-2009-4880]
[FEDORA-2009-4870]
[ADV-2009-1296]
[http://www.squirrelmail.org/security/issue/2009-05-10]
[34916]
[MDVSA-2009:110]
[http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674]
[http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674&r2=13673&pathrev=13674]
[http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog]
[FEDORA-2009-4875]
[https://gna.org/forum/forum.php?forum_id=2146]
[https://bugzilla.redhat.com/show_bug.cgi?id=500360]
[squirrelmail-mapypalias-code-execution(50461)]
[ADV-2010-1481]
[ADV-2009-3315]
[RHSA-2009:1066]
[DSA-1802]
[http://support.apple.com/kb/HT4188]
[40220]
[37415]
[35259]
[35140]
[35073]
[35052]
[oval:org.mitre.oval:def:10986]
[APPLE-SA-2010-06-15-1]
[http://download.gna.org/nasmail/nasmail-1.7.zip]
Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.
[ADV-2009-1296]
[http://www.squirrelmail.org/security/issue/2009-05-11]
[34916]
[http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676]
[FEDORA-2009-4880]
[FEDORA-2009-4875]
[FEDORA-2009-4870]
[https://bugzilla.redhat.com/show_bug.cgi?id=500358]
[squirrelmail-baseuri-session-hijacking(50462)]
[ADV-2010-1481]
[MDVSA-2009:110]
[DSA-1802]
[http://support.apple.com/kb/HT4188]
[http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog]
[40220]
[35140]
[35073]
[35052]
[oval:org.mitre.oval:def:10107]
[APPLE-SA-2010-06-15-1]
functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message.
[https://bugzilla.redhat.com/show_bug.cgi?id=500356]
[FEDORA-2009-4880]
[FEDORA-2009-4875]
[FEDORA-2009-4870]
[squirrelmail-css-xss(50463)]
[ADV-2010-1481]
[ADV-2009-1296]
[http://www.squirrelmail.org/security/issue/2009-05-12]
[34916]
[RHSA-2009:1066]
[MDVSA-2009:110]
[DSA-1802]
[http://support.apple.com/kb/HT4188]
[http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667]
[http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667]
[http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog]
[40220]
[35259]
[35140]
[35073]
[35052]
[oval:org.mitre.oval:def:10441]
[APPLE-SA-2010-06-15-1]
Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php.
[milliondollar-adminhome-auth-bypass(50306)]
[34809]
[8605]
[34994]
[54204]
Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php.
[tematres-term-xss(50343)]
[34830]
[20090505 MULTIPLE REMOTE VULNERABILITIES--TemaTres 1.0.3-->]
[8615]
[34990]
[34983]
[54247]
Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php.
[34830]
[20090505 MULTIPLE REMOTE VULNERABILITIES--TemaTres 1.0.3-->]
[20090505 BLIND SQL INJECTION EXPLOIT--TemaTres 1.0.3-->]
[8616]
[8615]
[34983]
[54246]
[54245]
Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_correo_electronico and (2) id_password parameters to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[34983]
[54244]
Stack-based buffer overflow in the NZB importer feature in GrabIt 1.7.2 Beta 3 and earlier allows remote attackers to execute arbitrary code via a crafted DTD reference in a DOCTYPE element in an NZB file.
[http://www.shemes.com/index.php?p=whatsnew]
[grabit-nzb-bo(50310)]
[ADV-2009-1243]
[1022161]
[34807]
[20090503 Grabit <= 1.7.2 beta 3 NZB file parsing stack overflow]
[8612]
[34893]
[54205]
[http://blog.teusink.net/2009/05/grabit-172-beta-3-nzb-file-parsing.html]
index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values.
[phpsitelock-index-security-bypass(50304)]
[ADV-2009-1249]
[8604]
[34995]
[54203]
Cross-site scripting (XSS) vulnerability in CGI RESCUE MiniBBS 8t before 8.95t, 8 before 8.95, 9 before 9.08, and 10 before 10.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[JVNDB-2009-000022]
[JVN#11396739]
[minibbs-unspecified-xss(50219)]
[34718]
[http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081213132937]
[34887]
Unspecified vulnerability in CGI RESCUE MiniBBS22 before 1.01 allows remote attackers to send email to arbitrary recipients via unknown vectors.
[http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081213132937]
[JVNDB-2009-000021]
[JVN#36982346]
Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows remote attackers to send email to arbitrary recipients via a web form.
[54097]
[JVN#76370393]
[http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081213132937]
[34869]
[JVNDB-2009-000023]
CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 allows remote attackers to inject arbitrary HTTP headers, and conduct cross-site scripting (XSS) or HTTP response splitting attacks, via CRLF sequences in an unspecified web form.
[http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20090209180123]
[JVN#28020230]
[35047]
[34862]
[JVNDB-2009-000024]
Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long banner. NOTE: this might overlap CVE-2003-1368.
[32bit-cwd-banner-bo(50337)]
[ADV-2009-1263]
[34822]
[8614]
[8611]
[34993]
[54219]
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element.
[profense-blacklist-security-bypass(50663)]
[[websecurity] 20090519 [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2009-001 and EnableSecurity Advisory ES-20090500]
[35053]
[20090520 Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.]
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL.
[profense-whitelist-security-bypass(50662)]
[[websecurity] 20090519 [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2009-001 and EnableSecurity Advisory ES-20090500]
[35053]
[20090520 Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.]
[http://resources.enablesecurity.com/advisories/ES-20090500-profense.txt]
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.
[ADV-2009-1237]
[34804]
[http://www.igniterealtime.org/issues/browse/JM-1531]
[http://www.igniterealtime.org/community/message/190280]
[http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html]
[openfire-jabberiqauth-security-bypass(50292)]
[34976]
[54189]
Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet.
[34804]
[http://www.igniterealtime.org/issues/browse/JM-1532]
[http://www.igniterealtime.org/community/message/190280]
[openfire-nopassword-security-bypass(50291)]
[54189]
[34984]
Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
[20090503 [SecNiche WhitePaper ] - PDF Silent HTTP Form Repurposing Attacks]
[http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf]
Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
[20090503 [SecNiche WhitePaper ] - PDF Silent HTTP Form Repurposing Attacks]
[http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf]
Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
[20090503 [SecNiche WhitePaper ] - PDF Silent HTTP Form Repurposing Attacks]
[http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf]
Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
[20090503 [SecNiche WhitePaper ] - PDF Silent HTTP Form Repurposing Attacks]
[http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf]
The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory.
Per https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/365823
A clean install of clamav-milter (0.95.1+dfsg-1ubuntu1.1) causes the root directory to become owned by the clamav user.
This was witnessed breaking ssh chroot environment.
TEST CASE:
- purge any existing clamav-milter installation, make sure you don't have any old /etc/init.d/clamav-milter init script around
- check root directory's owner (should be root:root)
- sudo apt-get install clamav-milter (the last one in Jaunty is 0.95.1+dfsg-1ubuntu1.1)
- after installing the package, clamav-milter will start automatically (at least 'init.d/clamav-milter start' will execute)
- check the root directory's owner:
[clamav-clamavmilter-security-bypass(50311)]
[34818]
[https://launchpad.net/bugs/365823]
[USN-770-1]
[35000]
Pablo Software Solutions Quick 'n Easy Mail Server 3.3 allows remote attackers to cause a denial of service (daemon outage or CPU consumption) via multiple long SMTP commands, as demonstrated by HELO commands.
[quickneasymailserver-helo-dos(50299)]
[34814]
[8606]
[34992]
[54215]
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.
[[oss-security] 20090508 OpenSC 0.11.8 released with security update]
[FEDORA-2009-4883]
[FEDORA-2009-4919]
[FEDORA-2009-4967]
[FEDORA-2009-4928]
[ADV-2009-1295]
[[opensc-announce] 20090508 OpenSC 0.11.8 released with security update]
[MDVSA-2009:123]
[GLSA-200908-01]
[36074]
[35309]
[35293]
[35035]
Unspecified vulnerability in LimeSurvey before 1.82 allows remote attackers to execute commands and obtain sensitive data via unknown attack vectors related to /admin/remotecontrol/.
[ADV-2009-1219]
[http://www.limesurvey.org/content/view/169/1/lang,en/]
[34785]
[34946]
Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: some of these details are obtained from third party information.
[ADV-2009-1186]
[ADV-2009-1185]
[34916]
[20090424 SumatraPDF <= 0.9.3 Heap Overflow PoC]
Multiple stack-based and heap-based buffer overflows in Dafolo DafoloControl ActiveX control (DafoloFFControl.dll) 1.108.6.195 allow remote attackers to execute arbitrary code via long (1) baseurl, (2) kommune, (3) felter, (4) afdeling, (5) Flags, (6) HelpURL, (7) caburl, or (8) filename properties; or (9) a long argument to the Open method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[dafolo-filenames-bo(50423)]
[dafolo-helpurl-caburl-bo(50422)]
[dafolo-stringparsing-bo(50421)]
[dafolo-baseurl-bo(50420)]
[34900]
[35017]
Cross-site scripting (XSS) vulnerability in the administrator panel in phpForm.net LinkBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the username in a registration, which is not properly handled when the administrator accesses the Users menu.
[linkbase-usersmenu-xss(50338)]
[34844]
[8618]
Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly earlier versions allow user-assisted remote attackers to execute arbitrary code via a .MCP project file with long (1) FILE_INFO, (2) CAT_FILTERS, and possibly other fields.
[mplabide-catfilters-bo(50419)]
[mplabide-fileinfo-bo(50418)]
[34897]
[20090511 [Bkis-08-2009] Microchip MPLAB IDE Buffer Overflow Vulnerability]
[http://security.bkis.vn/?p=654]
[35054]
[54370]
Unrestricted file upload vulnerability in admin/uploadform.asp in Battle Blog 1.25 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
[battleblog-uploadform-file-upload(50400)]
[ADV-2009-1280]
[34887]
[8647]
[35023]
admin/changepassword.php in Job Script Job Board Software 2.0 allows remote attackers to change the administrator password and gain administrator privileges via a direct request.
[jobscript-changepassword-security-bypass(50380)]
[34874]
[8639]
[35029]
[54281]
Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 257 reply to a CWD command.
[ADV-2009-1263]
[34838]
[34822]
[8621]
[8613]
Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected.
[34789]
[8579]
[http://www.cisrt.org/enblog/read.php?245]
[34944]
Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter.
[8577]
[8576]
[34943]
Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these details are obtained from third party information.
[8577]
[34943]
Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request.
[8577]
Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.
[http://forum.coppermine-gallery.net/index.php/topic,59247.0.html]
[34782]
[34961]
[54145]
[http://forum.coppermine-gallery.net/index.php/topic,59237.0.html]
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.
[34735]
[8550]
[34903]
Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.
[34735]
[8552]
[34802]
Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.
[34735]
[8551]
[34818]
Multiple cross-site scripting (XSS) vulnerabilities in input.php in MataChat allow remote attackers to inject arbitrary web script or HTML via the (1) nickname and (2) color parameters.
[34722]
[20090425 MataChat Cross-Site Scripting Vulnerabilities]
Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the route parameter.
[34724]
[8539]
[34313]
SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote attackers to execute arbitrary SQL commands via the order_sn parameter in an order_query action.
[34733]
[8548]
Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to inject arbitrary web script or HTML via the PID parameter.
[34732]
[8545]
Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the show parameter.
[34732]
[8545]
Directory traversal vulnerability in index.php in Thickbox Gallery 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ln parameter.
[34741]
[8546]
[34906]
SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 20090427, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category parameter.
[34729]
[8547]
[http://sourceforge.net/project/shownotes.php?release_id=678562&group_id=243152]
Stack-based buffer overflow in Streaming Download Project (SDP) Downloader 2.3.0 allows remote attackers to execute arbitrary code via a long .asf URL in the HREF attribute of a REF element in a .asx file.
[ADV-2009-1171]
[34712]
[8536]
[8531]
[34883]
[54090]
Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet.
[20090625 Unisys Business Information Server Stack Buffer Overflow]
[ftp://ftp.support.unisys.com/pub/mapper/NT/BIS10.1/Readme.txt]
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
[ajaxterm-ajaxterm-session-hijacking(50464)]
[34903]
[20090511 [oCERT-2009-004] AjaxTerm session id collision]
[[oss-security] 20090511 [oCERT-2009-004] AjaxTerm session id collision]
[http://www.ocert.org/advisories/ocert-2009-004.html]
[42784]
[FEDORA-2010-18867]
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
[[nfsv4] 20061117 [Patch] Re: Status of execute permissions in NFSv4 ACLs ?]
[http://bugzilla.linux-nfs.org/show_bug.cgi?id=131]
[https://bugzilla.redhat.com/show_bug.cgi?id=500297]
[ADV-2009-3316]
[ADV-2009-1331]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-793-1]
[34934]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[20090724 rPSA-2009-0111-1 kernel]
[RHSA-2009:1157]
[[oss-security] 20090513 CVE request: kernel: problem with NFS v4 client handling of MAY_EXEC in nfs_permission]
[MDVSA-2009:148]
[MDVSA-2009:135]
[DSA-1865]
[DSA-1844]
[DSA-1809]
[http://wiki.rpath.com/Advisories:rPSA-2009-0111]
[37471]
[36327]
[36051]
[35847]
[35656]
[35394]
[35298]
[35106]
[oval:org.mitre.oval:def:9990]
[oval:org.mitre.oval:def:8543]
[SUSE-SA:2009:038]
[SUSE-SA:2009:031]
[[nfsv4] 20061116 Status of execute permissions in NFSv4 ACLs ?]
[[linux-nfs] 20090509 [NFS] [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.]
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.
[https://bugzilla.redhat.com/show_bug.cgi?id=498648]
[34921]
[[oss-security] 20090512 CVE Request (evolution)]
[http://bugzilla.gnome.org/show_bug.cgi?id=581604]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409]
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c.
[[ipsec-tools-announce] 20090422 Ipsec-tools 0.7.2 released]
[https://trac.ipsec-tools.net/ticket/303]
[ADV-2009-3184]
[USN-785-1]
[34765]
[RHSA-2009:1036]
[[oss-security] 20090512 Re: ipsec-tools 0.7.2]
[MDVSA-2009:114]
[DSA-1804]
[http://support.apple.com/kb/HT3937]
[http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611]
[GLSA-200905-03]
[35685]
[35404]
[35212]
[35159]
[35153]
[oval:org.mitre.oval:def:10581]
[[oss-security] 20090429 ipsec-tools 0.7.2]
[SUSE-SR:2009:012]
[APPLE-SA-2009-11-09-1]
[http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6&r2=1.6.6.1&f=h]
[http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c]
[http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4&r2=1.11.6.5&f=h]
[http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c]
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.
[FEDORA-2009-5356]
[https://bugzilla.redhat.com/show_bug.cgi?id=496572]
[[oss-security] 20090515 Re: Re: Update - Re: CVE request? buffer overflow in CIFS in 2.6.*]
[[oss-security] 20090514 Re: Update - Re: CVE request? buffer overflow in CIFS in 2.6.*]
[[oss-security] 20090514 Update - Re: CVE request? buffer overflow in CIFS in 2.6.*]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=27b87fe52baba0a55e9723030e76fce94fabcea4]
[http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=968460ebd8006d55661dec0fb86712b40d71c413]
[http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=7b0c8fcff47a885743125dd843db64af41af5a61]
[FEDORA-2009-5383]
[ADV-2009-3316]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-793-1]
[34612]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[20090724 rPSA-2009-0111-1 kernel]
[RHSA-2009:1157]
[MDVSA-2009:148]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.4]
[DSA-1865]
[DSA-1844]
[DSA-1809]
[http://wiki.rpath.com/Advisories:rPSA-2009-0111]
[37471]
[37351]
[36327]
[36051]
[35847]
[35656]
[35298]
[35226]
[35217]
[oval:org.mitre.oval:def:9525]
[oval:org.mitre.oval:def:8588]
[[oss-security] 20090429 Re: CVE request? buffer overflow in CIFS in 2.6.*]
[[oss-security] 20090429 Re: CVE request? buffer overflow in CIFS in 2.6.*]
[SUSE-SA:2010:012]
[SUSE-SA:2009:056]
[SUSE-SA:2009:054]
The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors.
[https://bugzilla.novell.com/show_bug.cgi?id=472979]
[groupwise-session-unauth-access(50688)]
[ADV-2009-1393]
[35066]
[http://www.novell.com/support/viewContent.do?externalId=7003266&sliceId=1]
[35177]
Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values.
[http://www.novell.com/support/search.do?cmd=displayKC&externalId=7003271]
[https://bugzilla.novell.com/show_bug.cgi?id=484942]
[https://bugzilla.novell.com/show_bug.cgi?id=474500]
[https://bugzilla.novell.com/show_bug.cgi?id=472987]
[groupwise-unspecified-xss(50691)]
[groupwise-styleexpressions-xss(50689)]
[groupwise-webaccess-loginpage-xss(50672)]
[ADV-2009-1393]
[35066]
[35061]
[20090528 Novell Groupwise fails to properly sanitize emails.]
[20090521 Novell GroupWise Web Access Multiple XSS]
[http://www.novell.com/support/viewContent.do?externalId=7003268&sliceId=1]
[http://www.novell.com/support/viewContent.do?externalId=7003267&sliceId=1]
[1022267]
[35177]
[http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt]
Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command.
[https://bugzilla.novell.com/show_bug.cgi?id=482914]
[https://bugzilla.novell.com/show_bug.cgi?id=478892]
[gia-email-code-execution(50693)]
[gia-smtp-code-execution(50692)]
[http://www.vupen.com/exploits/Novell_GroupWise_GWIA_SMTP_Command_Remote_Buffer_Overflow_PoC_Exploit_1393140.php]
[http://www.vupen.com/exploits/Novell_GroupWise_GWIA_Email_Address_Remote_Buffer_Overflow_Exploit_1393141.php]
[ADV-2009-1393]
[1022276]
[35065]
[35064]
[20090522 Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities]
[http://www.novell.com/support/viewContent.do?externalId=7003273&sliceId=1]
[http://www.novell.com/support/viewContent.do?externalId=7003272&sliceId=1]
[35177]
[54645]
[54644]
profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters.
[simplecustomer-profile-security-bypass(50379)]
[34872]
[8638]
[35030]
[54280]
Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login.
[jcp-jobcareeradmin-sec-bypass(50370)]
[34865]
[8627]
[34996]
[54278]
Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery for Novell 4.03 allows user-assisted attackers to execute arbitrary code via a crafted .NKNT file.
[34846]
[http://www.insight-tech.org/xploits/KernelrecoveryforNovell(Traditionalvolumes)v.4.03CodeExecutionandDoS.py]
[http://www.insight-tech.org/index.php?p=Kernel-recovery-for-Novell-Traditional-volumes-v-4-03-Code-Execution-and-DoS]
[34798]
Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery for Macintosh 4.04 allows user-assisted attackers to execute arbitrary code via a crafted .AMHH file.
[nucleus-amhh-bo(50345)]
[34846]
[http://www.insight-tech.org/xploits/KernelrecoveryforMacintoshv.4.04BufferOverflow.py]
[http://www.insight-tech.org/index.php?p=Kernel-recovery-for-Macintosh-v-4-04-Buffer-Overflow]
[34860]
[54224]
Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
[ripper-ram-asx-bo(50375)]
[34864]
[34860]
[8632]
[8631]
Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
[asxmp3-ram-asxf-bo(50374)]
[34864]
[34860]
[8630]
[8629]
Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows remote attackers to execute arbitrary code via a crafted .m3u file.
[soritong-m3u-bo(50398)]
[34863]
[8624]
Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 allows remote attackers to execute arbitrary code via a crafted .pla file.
[sorinara-pla-bo(50369)]
[34861]
[8640]
[8625]
Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
[easyrmmp3-ram-asx-bo(50376)]
[34864]
[34860]
[8634]
[8633]
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long rtsp URL in a .ram file.
[34860]
[8628]
Heap-based buffer overflow in popcorn.exe in Ultrafunk Popcorn 1.87 allows remote POP3 servers to cause a denial of service (application crash) via a long string in a +OK response. NOTE: some of these details are obtained from third party information.
[ADV-2009-1170]
[34699]
[8526]
The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services.
[35685]
[SUSE-SR:2009:012]
Directory traversal vulnerability in arch.php in beLive 0.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the arch parameter.
[34968]
[8680]
[35059]
Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html.
[34967]
[20090514 MULTIPLE SQL INJECTION VULNERABILITIES --Shutter v-0.1.1-->]
[8679]
[35049]
SQL injection vulnerability in admin/member_details.php in 2daybiz Business Community Script allows remote attackers to execute arbitrary SQL commands via the mid parameter.
[34976]
[8689]
[35071]
[54494]
admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request.
[34976]
[8689]
[35071]
[54493]
Directory traversal vulnerability in examples/tbs_us_examples_0view.php in TinyButStrong 3.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the script parameter.
[tinybutstrong-script-file-include(50506)]
[ADV-2009-1304]
[8667]
Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy Scripts Answer and Question Script allows remote attackers to inject arbitrary web script or HTML via the questionid parameter.
[34975]
[8690]
[35067]
[54501]
Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password.
[34975]
[8690]
[35067]
[54502]
Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka "command injection vulnerability."
[http://www.xerox.com/downloads/usa/en/c/cert_XRX09-02_v1.0.pdf]
[ADV-2009-1328]
[workcentre-unspecified-cmd-execution(50558)]
[1022238]
[34984]
[35101]
[54457]
Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
[http://sourceforge.net/project/shownotes.php?release_id=681352&group_id=160495]
[starrating-unspecified-sql-injection(50417)]
[34899]
[35053]
[54369]
Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user (username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
[webbase-admin-sql-injection(50399)]
[34886]
[8643]
[35033]
[54372]
Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/.
[elitius-uploadimage-file-upload(50305)]
[ADV-2009-1248]
[34813]
[8603]
Stack-based buffer overflow in URUWorks ViPlay3 3.0 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file entry in a .vpl file.
[viplay3-vpl-bo(50403)]
[34877]
[8644]
SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.
[ADV-2009-1288]
[34907]
[microtopic-rating-sql-injection(50428)]
[20090511 (POST var 'rating') BLIND SQL INJECTION--microTopic v1 Initial Release-->]
[8655]
[http://sourceforge.net/project/shownotes.php?group_id=261386&release_id=680474]
[35051]
Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) Password fields, as reachable from admin/index.php.
[recipescript-login-sql-injection(50407)]
[34885]
[8642]
Unrestricted file upload vulnerability in myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads/[username] directory.
[8690]
myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters.
[8690]
myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields.
[answerquestion-userid-security-bypass(50627)]
[8690]
[54586]
Multiple unspecified vulnerabilities in CycloMedia CycloScopeLite 2.50.3.0 allow remote attackers to execute arbitrary code via the ReturnConnection method in (1) CM_ADOConnection.dll, (2) CM_AddressInfoDBC.dll, and (3) CM_RecordingLocationDBC.dll, related to improper dereferencing. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[34912]
[35046]
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a crafted .m3u file.
[8662]
[8661]
[8660]
TYPSoft FTP Server 1.11 allows remote attackers to cause a denial of service (CPU consumption) by sending an ABOR (abort) command without an active file transfer.
[1022202]
[34901]
[8650]
The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information.
Per http://secunia.com/advisories/35072
"The vulnerability is confirmed in version 2.6.22 on Windows. Other versions may also be affected."
[FEDORA-2009-5520]
[FEDORA-2009-5516]
[FEDORA-2009-5525]
[smarty-smartyfunctionmath-cmd-execution(50457)]
[USN-791-3]
[34918]
[8659]
[35219]
[35072]
[54380]
user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information.
[tcpdb-userpage-security-bypass(50371)]
[34866]
[8626]
[34966]
[54282]
Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, or (5) launch method.
[http://www.shinnai.net/xplits/TXT_mhxRKrtrPLyAHRFNm7QR.html]
[34931]
[8665]
The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method.
[sun-jre-activex-code-execution(50629)]
[http://www.shinnai.net/xplits/TXT_mhxRKrtrPLyAHRFNm7QR.html]
[34931]
[8665]
The kernel in Sun Solaris 9 allows local users to cause a denial of service (panic) by calling fstat with a first argument of AT_FDCWD.
[ADV-2009-1315]
[257988]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-40-1]
[solaris-fstat-dos(50557)]
[ADV-2009-1388]
[1022232]
[34979]
[http://support.avaya.com/elmodocs2/security/ASA-2009-188.htm]
[35119]
[35103]
[oval:org.mitre.oval:def:6256]
[54464]
Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a [TOOL_SETTINGS] section in a .mcp file, possibly a related issue to CVE-2009-1608.
[8656]
[35054]
Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 227 reply to a PASV command.
[32bit-pasv-bo(50644)]
[32bit-cwd-banner-bo(50337)]
[34838]
[8623]
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1535. Reason: This candidate is a duplicate of CVE-2009-1535. Notes: All CVE users should reference CVE-2009-1535 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Per http://www.microsoft.com/technet/security/advisory/971492.mspx
Affected Software
Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 5.1
Microsoft Internet Information Services 6.0
Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow (1) remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking boards/boards_rss.php, and might allow (2) remote attackers to inject arbitrary PHP code into files via the HTTP Host header in a request to boards/boards_rss.php.
[bitweaver-savefeed-code-execution(50631)]
[34910]
[20090512 Bitweaver <= 2.6 /boards/boards_rss.php / saveFeed() remote code execution exploit]
[8659]
[35057]
Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the version parameter to boards/boards_rss.php.
[34910]
[20090512 Bitweaver <= 2.6 /boards/boards_rss.php / saveFeed() remote code execution exploit]
[8659]
[35057]
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy.
[http://support.apple.com/kb/HT3639]
[ipod-iphone-profile-security-bypass(51212)]
[ADV-2009-1621]
[35436]
[35414]
[55239]
[APPLE-SA-2009-06-17-1]
Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history.
[http://support.apple.com/kb/HT3639]
[ADV-2009-1621]
[35448]
[35414]
[55240]
[APPLE-SA-2009-06-17-1]
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.
[ADV-2009-1522]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[ADV-2009-1621]
[35317]
[35260]
[DSA-1950]
[http://support.apple.com/kb/HT3639]
[43068]
[37746]
[35379]
[54981]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.
[ADV-2009-1522]
[35260]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[1022346]
[35353]
[35379]
[54982]
The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue."
[http://support.apple.com/kb/HT3639]
[ADV-2009-1621]
[35414]
[APPLE-SA-2009-06-17-1]
[JVNDB-2009-000040]
[JVN#87239696]
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document.
[ADV-2009-1522]
[http://support.apple.com/kb/HT3613]
[1022344]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[ADV-2009-1621]
[35260]
[DSA-1950]
[http://support.apple.com/kb/HT3639]
[43068]
[37746]
[35379]
[54987]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document.
[ADV-2009-1522]
[http://support.apple.com/kb/HT3613]
[1022344]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[ADV-2009-1621]
[35319]
[35260]
[http://support.apple.com/kb/HT3639]
[43068]
[35379]
[54983]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
[ADV-2009-1522]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[ADV-2009-1621]
[35311]
[35260]
[http://support.apple.com/kb/HT3639]
[1022345]
[43068]
[35379]
[54984]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."
[ADV-2009-1522]
[1022345]
[FEDORA-2009-8020]
[FEDORA-2009-8046]
[FEDORA-2009-8049]
[FEDORA-2009-8039]
[ADV-2011-0212]
[ADV-2009-1621]
[USN-857-1]
[USN-836-1]
[USN-822-1]
[35309]
[35260]
[MDVSA-2009:330]
[DSA-1950]
[http://support.apple.com/kb/HT3639]
[http://support.apple.com/kb/HT3613]
[43068]
[37746]
[36790]
[36062]
[36057]
[35379]
[oval:org.mitre.oval:def:10260]
[54985]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
[APPLE-SA-2009-06-08-1]
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method."
[ADV-2009-1522]
[http://support.apple.com/kb/HT3613]
[1022344]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[ADV-2009-1621]
[35320]
[35260]
[http://support.apple.com/kb/HT3639]
[43068]
[35379]
[54986]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement.
[ADV-2009-1522]
[35260]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[ADV-2009-1621]
[35332]
[http://support.apple.com/kb/HT3639]
[1022344]
[43068]
[35379]
[54988]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."
[ADV-2009-1522]
[35260]
[http://support.apple.com/kb/HT3639]
[http://support.apple.com/kb/HT3613]
[1022345]
[APPLE-SA-2009-06-17-1]
[APPLE-SA-2009-06-08-1]
[FEDORA-2009-8020]
[FEDORA-2009-8046]
[FEDORA-2009-8049]
[FEDORA-2009-8039]
[ADV-2011-0212]
[ADV-2009-1621]
[USN-857-1]
[USN-836-1]
[USN-822-1]
[MDVSA-2009:330]
[DSA-1950]
[43068]
[37746]
[36790]
[36062]
[36057]
[35379]
[oval:org.mitre.oval:def:11009]
[54990]
[SUSE-SR:2011:002]
[20090608 Multiple Vendor WebKit Error Handling Use After Free Vulnerability]
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript prototypes in other domains.
[ADV-2009-1522]
[35260]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[ADV-2009-1621]
[35330]
[http://support.apple.com/kb/HT3639]
[1022344]
[43068]
[35379]
[54989]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
[https://bugs.webkit.org/show_bug.cgi?id=23319]
[ADV-2011-0212]
[ADV-2009-1621]
[35446]
[35414]
[20090716 Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....]
[20090715 Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....]
[20090715 Re:[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....]
[20090715 [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....]
[9160]
[http://www.g-sec.lu/one-bug-to-rule-them-all.html]
[DSA-1950]
[http://support.apple.com/kb/HT3639]
[43068]
[37746]
[36977]
[55242]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
[http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121]
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."
[ADV-2009-1522]
[35260]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[ADV-2009-1621]
[35331]
[DSA-1950]
[http://support.apple.com/kb/HT3639]
[43068]
[37746]
[35379]
[55004]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue."
[ADV-2009-1522]
[ADV-2011-0212]
[ADV-2009-1621]
[35322]
[35260]
[DSA-1950]
[http://support.apple.com/kb/HT3639]
[http://support.apple.com/kb/HT3613]
[43068]
[37746]
[35379]
[55005]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
[APPLE-SA-2009-06-08-1]
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition.
[ADV-2009-1522]
[http://support.apple.com/kb/HT3613]
[1022344]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[ADV-2009-1621]
[35328]
[35260]
[DSA-1950]
[http://support.apple.com/kb/HT3639]
[43068]
[37746]
[35379]
[54991]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.
[ADV-2009-1522]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[ADV-2009-1621]
[35260]
[http://support.apple.com/kb/HT3639]
[43068]
[35379]
[55027]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header.
[ADV-2009-1522]
[http://support.apple.com/kb/HT3613]
[1022344]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[ADV-2009-1621]
[35260]
[DSA-1950]
[http://support.apple.com/kb/HT3639]
[43068]
[37746]
[35379]
[54992]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
[http://www.zerodayinitiative.com/advisories/ZDI-09-032/]
[ADV-2009-1522]
[http://support.apple.com/kb/HT3613]
[1022345]
[APPLE-SA-2009-06-08-1]
[FEDORA-2009-8020]
[FEDORA-2009-8046]
[FEDORA-2009-8049]
[FEDORA-2009-8039]
[ADV-2011-0212]
[ADV-2009-1621]
[USN-857-1]
[USN-836-1]
[USN-822-1]
[35318]
[35260]
[20090614 [TZO-37-2009] Apple Safari <v4 Remote code execution]
[20090608 ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability]
[RHSA-2009:1128]
[MDVSA-2009:330]
[DSA-1950]
[http://support.apple.com/kb/HT3639]
[43068]
[37746]
[36790]
[36062]
[36057]
[35588]
[35379]
[oval:org.mitre.oval:def:9484]
[55006]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
[http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html]
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
[ADV-2009-1522]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[ADV-2009-1621]
[USN-857-1]
[35321]
[35260]
[8907]
[http://support.apple.com/kb/HT3639]
[43068]
[35379]
[http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html]
[http://scary.beasts.org/security/CESA-2009-006.html]
[54972]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.
[ADV-2009-1522]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[ADV-2009-1621]
[35260]
[http://support.apple.com/kb/HT3639]
[43068]
[35379]
[54973]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.
[http://www.zerodayinitiative.com/advisories/ZDI-09-033/]
[ADV-2009-1522]
[http://support.apple.com/kb/HT3613]
[1022345]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[ADV-2009-1621]
[35325]
[35260]
[20090608 ZDI-09-033: Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability]
[http://support.apple.com/kb/HT3639]
[43068]
[35379]
[55008]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.
[ADV-2009-1522]
[http://support.apple.com/kb/HT3613]
[1022344]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[ADV-2009-1621]
[35327]
[35260]
[http://support.apple.com/kb/HT3639]
[43068]
[35379]
[54993]
[SUSE-SR:2011:002]
[APPLE-SA-2009-06-17-1]
WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document.
[ADV-2009-1522]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[35333]
[35260]
[43068]
[35379]
[55009]
[SUSE-SR:2011:002]
CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.
[ADV-2009-1522]
[http://support.apple.com/kb/HT3613]
[1022343]
[APPLE-SA-2009-06-08-1]
[35344]
[35260]
[35379]
[55010]
CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.
[ADV-2009-1522]
[35260]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[35308]
[35379]
[54974]
The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie.
[ADV-2009-1522]
[35260]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[35346]
[35379]
[54997]
Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.
[ADV-2009-1522]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[ADV-2010-3046]
[35352]
[35260]
[http://support.apple.com/kb/HT4456]
[42314]
[35379]
[55012]
[APPLE-SA-2010-11-22-1]
Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.
[ADV-2009-1522]
[35260]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[35351]
[1022345]
[35379]
[55011]
Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[http://www.zerodayinitiative.com/advisories/ZDI-09-034/]
[ADV-2011-0212]
[ADV-2009-1522]
[USN-823-1]
[35334]
[35260]
[RHSA-2009:1130]
[MDVSA-2010:182]
[1022345]
[43068]
[36461]
[35576]
[35379]
[oval:org.mitre.oval:def:10162]
[55013]
[SUSE-SR:2011:002]
WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.
[ADV-2009-1522]
[35260]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[safari-uielements-spoofing(51263)]
[ADV-2011-0212]
[35340]
[DSA-1950]
[43068]
[37746]
[35379]
[55014]
[SUSE-SR:2011:002]
WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
[ADV-2009-1522]
[35260]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[safari-attrdom-code-execution(51265)]
[ADV-2011-0212]
[USN-857-1]
[USN-836-1]
[35310]
[DSA-1950]
[1022345]
[43068]
[37746]
[36790]
[35379]
[55015]
[SUSE-SR:2011:002]
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.
[ADV-2009-1522]
[35260]
[http://support.apple.com/kb/HT3613]
[1022345]
[APPLE-SA-2009-06-08-1]
[safari-applets-code-execution(51266)]
[ADV-2011-0212]
[USN-857-1]
[USN-836-1]
[35350]
[DSA-1950]
[43068]
[37746]
[36790]
[35379]
[55022]
[SUSE-SR:2011:002]
The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[safari-document-information-disclosure(51267)]
[ADV-2011-0212]
[ADV-2009-1522]
[USN-857-1]
[35260]
[43068]
[35379]
[54975]
[SUSE-SR:2011:002]
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes.
[ADV-2009-1522]
[35260]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[safari-webinspector-xss(51268)]
[ADV-2011-0212]
[35348]
[DSA-1950]
[1022344]
[43068]
[37746]
[35379]
[55023]
[SUSE-SR:2011:002]
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges.
[ADV-2009-1522]
[http://support.apple.com/kb/HT3613]
[1022344]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[35349]
[35260]
[43068]
[35379]
[54996]
[SUSE-SR:2011:002]
CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.
[ADV-2009-1522]
[35260]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[35347]
[1022342]
[35379]
Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.
[35182]
[20090602 TPTI-09-04: Apple Terminal xterm Resize Escape Sequence Memory Corruption Vulnerability]
[http://support.apple.com/kb/HT3549]
[1022322]
[macos-terminal-bo(50982)]
[http://dvlabs.tippingpoint.com/advisory/TPTI-09-04]
WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.
[ADV-2009-1522]
[35260]
[http://support.apple.com/kb/HT3613]
[APPLE-SA-2009-06-08-1]
[ADV-2011-0212]
[43068]
[35379]
[SUSE-SR:2011:002]
The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer.
[35401]
[35381]
[http://support.apple.com/kb/HT3632]
[APPLE-SA-2009-06-15-1]
[hotspot-ccolouruiresource-code-execution(51185)]
[http://www.zerodayinitiative.com/advisories/ZDI-09-043]
[20090616 ZDI-09-043: Apple Java CColorUIResource Pointer Derference Code Execution Vulnerability]
Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information.
[TA09-218A]
[35838]
[DSA-1842]
[http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz]
[http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz]
[http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff]
[FEDORA-2009-8136]
[FEDORA-2009-8132]
[ADV-2009-2172]
[ADV-2009-2035]
[1022674]
[MDVSA-2009:191]
[MDVSA-2009:190]
[http://support.apple.com/kb/HT3757]
[36123]
[36096]
[36032]
[36030]
[APPLE-SA-2009-08-05-1]
The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.
[TA09-218A]
[35838]
[http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz]
[http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz]
[http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff]
[FEDORA-2009-8136]
[FEDORA-2009-8132]
[ADV-2009-2172]
[ADV-2009-2035]
[1022674]
[MDVSA-2009:191]
[MDVSA-2009:190]
[DSA-1842]
[http://support.apple.com/kb/HT3757]
[36123]
[36096]
[36032]
[36030]
[APPLE-SA-2009-08-05-1]
Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
[TA09-218A]
[35838]
[DSA-1842]
[http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz]
[ADV-2009-2172]
[ADV-2009-2035]
[1022674]
[MDVSA-2009:191]
[http://support.apple.com/kb/HT3757]
[36096]
[36032]
[APPLE-SA-2009-08-05-1]
CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062.
[TA09-218A]
[ADV-2009-2172]
[35954]
[http://support.apple.com/kb/HT3757]
[APPLE-SA-2009-08-05-1]
[macosx-cfnetwork-weak-security(52418)]
[http://support.apple.com/kb/HT4225]
[36096]
[56846]
[APPLE-SA-2010-06-21-1]
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.
[http://support.apple.com/kb/HT3666]
[APPLE-SA-2009-07-08-1]
[ADV-2011-0212]
[ADV-2009-1827]
[1022525]
[35441]
[http://support.apple.com/kb/HT3860]
[43068]
[36677]
[35758]
[oval:org.mitre.oval:def:6208]
[55738]
[SUSE-SR:2011:002]
[APPLE-SA-2009-09-09-1]
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
[35607]
[http://support.apple.com/kb/HT3666]
[APPLE-SA-2009-07-08-1]
[FEDORA-2009-8020]
[FEDORA-2009-8046]
[FEDORA-2009-8049]
[FEDORA-2009-8039]
[FEDORA-2009-8802]
[FEDORA-2009-8800]
[https://bugzilla.redhat.com/show_bug.cgi?id=513813]
[ADV-2011-0212]
[ADV-2009-1827]
[USN-857-1]
[USN-836-1]
[1022526]
[MDVSA-2009:330]
[DSA-1950]
[http://websvn.kde.org/?view=rev&revision=1002164]
[http://websvn.kde.org/?view=rev&revision=1002163]
[http://websvn.kde.org/?view=rev&revision=1002162]
[http://support.apple.com/kb/HT3860]
[43068]
[37746]
[36790]
[36677]
[36347]
[36062]
[36057]
[35758]
[oval:org.mitre.oval:def:5777]
[55739]
[SUSE-SR:2011:002]
[APPLE-SA-2009-09-09-1]
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
[TA09-218A]
[35954]
[http://support.apple.com/kb/HT3757]
[APPLE-SA-2009-08-05-1]
[safari-colorsync-profile-bo(59162)]
[macosx-colorsync-profile-bo(52419)]
[ADV-2010-1512]
[ADV-2010-1373]
[ADV-2009-2172]
[1022674]
[http://support.apple.com/kb/HT4220]
[http://support.apple.com/kb/HT4196]
[40196]
[40105]
[36096]
[oval:org.mitre.oval:def:7499]
[56845]
[APPLE-SA-2010-06-07-1]
[APPLE-SA-2010-06-16-1]
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.
[TA09-218A]
[ADV-2009-2172]
[35954]
[http://support.apple.com/kb/HT3757]
[APPLE-SA-2009-08-05-1]
[macosx-coretype-code-execution(52420)]
[36096]
[56844]
Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.
[TA09-218A]
[ADV-2009-2172]
[35954]
[http://support.apple.com/kb/HT3757]
[APPLE-SA-2009-08-05-1]
[macosx-imageraw-bo(52423)]
[1022674]
[36096]
[56843]
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.
[34155]
[34154]
[20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express]
[258068]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1]
[communications-express-search-xss(50658)]
[ADV-2009-1389]
[http://www.coresecurity.com/content/sun-communications-express]
[1022266]
[32474]
[20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express]
[54610]
[54609]
Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT command.
[netdecision-tftp-dir-traversal(50574)]
[35002]
[http://www.princeofnigeria.org/blogs/index.php/2009/05/17/netdecision-tftp-server-4-2-tftp-directo?blog=1]
[35131]
SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded supervisor cookie.
[mlffat-index-sql-injection(50526)]
[ADV-2009-1308]
[34982]
[http://www.sebug.net/exploit/11292/]
[http://securityreason.com/exploitalert/6198]
Cross-site scripting (XSS) vulnerability in admin/usermanager in IPplan 4.91a allows remote attackers to inject arbitrary web script or HTML via the grp parameter.
[35037]
[DSA-1827]
[35714]
[34985]
[54600]
[http://holisticinfosec.org/content/view/113/45/]
Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows remote attackers to hijack the authentication of administrators for requests that (1) change the password, (2) add users, or (3) delete users via unknown vectors.
[ipplan-unspecified-csrf(50632)]
[34985]
[54601]
[http://holisticinfosec.org/content/view/113/45/]
SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter.
[35033]
[8737]
[35149]
[54598]
Cross-site scripting (XSS) vulnerability in search.php in VidSharePro allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. NOTE: some of these details are obtained from third party information.
[vidshare-listingvideo-sql-injection(50635)]
[35033]
[8737]
[35149]
[54599]
SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php.
[gsticketsystem-index-sql-injection(50624)]
[35025]
[8731]
Directory traversal vulnerability in bom.php in MyPic 2.1 allows remote attackers to list files in arbitrary directories via a .. (dot dot) in the dir parameter.
[mypic-dir-directory-traversal(50621)]
[35030]
[54565]
[35092]
[http://hi.baidu.com/hirfire/blog/item/c3c0f6dda3ca47d18d10291a.html]
Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in "aggregator items."
[http://drupal.org/node/461706]
[http://drupal.org/node/453098]
[feedblock-unspecified-xss(50521)]
[ADV-2009-1319]
[34953]
[54429]
[35044]
PAD Site Scripts 3.6 allows remote attackers to bypass authentication and gain privileges as other users, including administrative privileges, by setting the authuser cookie parameter to a valid username.
[padsite-cookie-security-bypass(50622)]
[35027]
[8735]
[35155]
[54593]
Multiple heap-based buffer overflows in the D-Link MPEG4 Viewer ActiveX Control (csviewer.ocx) 2.11.918.2006 allow remote attackers to execute arbitrary code via a long argument to the (1) SetFilePath and (2) SetClientCookie methods. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[mpeg4viewer-csviewer-bo(50556)]
[34990]
[35066]
[54458]
Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
[35035]
[8741]
[35167]
[54597]
code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function.
[pc4uploader-code-sql-injection(50586)]
[ADV-2009-1364]
[35004]
[8709]
[35122]
[54572]
Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to create and overwrite arbitrary files via a filename containing a ..\ (dot dot backslash) sequence in a Hollywood FX Compressed Archive (.hfz) file. NOTE: this can be leveraged for code execution by decompressing a file to a Startup folder. NOTE: some of these details are obtained from third party information.
[pinnaclestudio-hfz-directory-traversal(50510)]
[34936]
[20090513 Pinnacle Studio 12 "Hollywood FX Compressed Archive" (.hfz) directory traversal vulnerability poc]
[8670]
[35078]
[http://retrogod.altervista.org/9sg_pinnacle_studio_12_hfz.htm]
[54430]
InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to cause a denial of service (application crash) via a crafted Hollywood FX Compressed Archive (.hfz) file.
[pinnaclestudio-hfz-dos(50856)]
[35137]
[8670]
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access.
[profense-default-password(50852)]
[20090520 Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.]
SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
[35016]
[8727]
[54658]
SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action.
[35049]
[8751]
[35139]
Multiple directory traversal vulnerabilities in index.php in Catviz 0.4.0 Beta 1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) webpages_form or (2) userman_form parameter.
[35042]
[8745]
[54657]
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Catviz 0.4.0 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) userman_form and (2) webpages_form parameters.
[35042]
[8745]
[54656]
Unrestricted file upload vulnerability in VidSharePro allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
[vidshare-unspecified-file-upload(50625)]
[35024]
[8730]
[54611]
SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
[realtywebbase-listlist-sql-injection(50646)]
[35043]
[8748]
[54655]
exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote attackers to gain privileges a direct request. NOTE: some of these details are obtained from third party information.
[oms-configure-addmessage2-security-bypass(50647)]
[8744]
[35172]
Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file."
[http://packages.debian.org/changelogs/pool/main/c/coccinelle/coccinelle_0.1.7.deb-3/changelog]
[FEDORA-2009-5368]
[34848]
[[oss-security] 20090506 CVE id request: coccinelle]
[35459]
[35012]
The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application.
[http://www.ocert.org/advisories/ocert-2009-006.html]
[http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=5d6d773fab559fdc12e553d60d789f3991ac552c]
[35090]
[20090522 [oCERT-2009-006] Android improper package verification when using shared uids]
[[oss-security] 20090522 [oCERT-2009-006] Android improper package verification when using shared uids]
Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow.
[http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418]
[[oss-security] 20090519 CVE id request: nsd]
SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments.
[FEDORA-2009-13552]
[FEDORA-2009-13551]
[slim-xauthority-info-disclosure(50611)]
[35015]
[[oss-security] 20090518 CVE id request: slim]
[38070]
[35132]
[54583]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306]
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
[http://www.transmissionbt.com/index.php]
[[oss-security] 20090521 CVE request: transmission <1.61 CSRF]
The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges."
[34957]
[[oss-security] 20090514 CVE Request: XEN local denial of service]
[DSA-1809]
[35298]
[35093]
[oval:org.mitre.oval:def:10313]
[[Xen-devel] 20090513 [PATCH] linux/i386: hypervisor_callback adjustments]
Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
[34584]
[[oss-security] 20090520 CVE request: ctorrent]
[http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch]
[FEDORA-2009-8969]
[FEDORA-2009-8897]
[https://bugzilla.redhat.com/show_bug.cgi?id=501813]
[ctorrent-btfiles-bo(49959)]
[ADV-2009-1092]
[8470]
[DSA-1817]
[http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959]
[36471]
[35499]
[34752]
Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file.
[libtorrent-path-element-dir-traversal(51008)]
[ADV-2009-1534]
[35262]
[20090608 Rasterbar libtorrent arbitrary file overwrite vulnerability]
[http://sourceforge.net/project/shownotes.php?group_id=79942&release_id=686456]
[http://census-labs.com/news/2009/06/08/libtorrent-rasterbar/]
[MDVSA-2009:139]
[DSA-1815]
[GLSA-200907-14]
[35848]
[35277]
The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error.
[http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209502]
[http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-01-ca-arcserve-backup-message-engine-denial-of-service-vulnerabilities.aspx]
[ca-arcserve-ascore-dos(51169)]
[ADV-2009-1608]
[1022405]
[35396]
[20090616 CA20090615-01: CA ARCserve Backup Message Engine Denial of Service Vulnerabilities (Updated)]
[20090616 CA20090615-01: CA ARCserve Backup Message Engine Denial of Service Vulnerabilities]
[http://www.ivizsecurity.com/security-advisory-iviz-sr-09004.html]
[http://www.ivizsecurity.com/security-advisory-iviz-sr-09003.html]
[35473]
Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User.Theme.index) parameter.
[http://www.novell.com/support/search.do?cmd=displayKC&externalId=7003271]
[https://bugzilla.novell.com/show_bug.cgi?id=484942]
[ADV-2009-1393]
[35061]
[20090521 Novell GroupWise Web Access Multiple XSS]
[1022267]
[35177]
[http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt]
Unspecified vulnerability in the Solaris Secure Digital slot driver (aka sdhost) in Sun OpenSolaris snv_105 through snv_108 on the x86 platform allows local users to gain privileges or cause a denial of service (filesystem or memory corruption) via unknown vectors.
[solaris-slotdriver-code-execution(50687)]
[ADV-2009-1410]
[1022271]
[35069]
[259408]
SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action.
[maxcms-ajax-sql-injection(50553)]
[34981]
[8726]
Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194.
[35007]
[8715]
[35145]
SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
[20090604 SQL INJECTION VULNERABILITY--LightOpen CMS Devel 0.1-->]
[8724]
admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter.
[tmc-edituser-security-bypass(50561)]
[34977]
[8691]
[35090]
Directory traversal vulnerability in download.php in Rama Zaiten CMS 0.9.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
[ramacms-download-file-include(50572)]
[ADV-2009-1343]
[34995]
[8700]
[35116]
[54546]
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.
[http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=133&cntnt01returnid=69]
[FEDORA-2009-5773]
[FEDORA-2009-5769]
[FEDORA-2009-5764]
[35023]
[35313]
[35157]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344]
Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
[ADV-2009-1367]
[35011]
[8714]
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters.
[ADV-2009-1367]
[35011]
[8714]
Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the re_route parameter to the login script.
[35022]
[35079]
[http://pridels-team.blogspot.com/2009/05/activecollab-xss-and-full-path.html]
activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid re_route parameter to the login script, which reveals the installation path in an error message.
[35022]
[35079]
[http://pridels-team.blogspot.com/2009/05/activecollab-xss-and-full-path.html]
Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal with that parameter might depend on a modified example/index.php. NOTE: some of these details are obtained from third party information.
[strawberry-index-file-include(50562)]
[34971]
[8681]
[28330]
Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open Virtual Desktop 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/applications.php, (2) admin/appsgroup.php, (3) admin/users.php, (4) admin/usersgroup.php, and (5) admin/tasks.php; (6) show parameter to admin/logs.php; and (7) mode parameter to admin/configuration-partial.php. NOTE: some of these details are obtained from third party information.
[http://www.ulteo.com/home/en/ovdi/openvirtualdesktop/downloadnow?autolang=en]
[34927]
[http://www.insight-tech.org/index.php?p=Ulteo-Open-Virtual-Desktop-v1-0-multiple-XSS]
[34923]
Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the (1) request and (2) return_link_url parameters.
[http://www.ush.it/team/ush/hack-formmail_192/adv.txt]
[34929]
[20090512 FormMail 1.92 Multiple Vulnerabilities]
[35068]
CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter.
[http://www.ush.it/team/ush/hack-formmail_192/adv.txt]
[34929]
[20090512 FormMail 1.92 Multiple Vulnerabilities]
[35068]
SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
[http://www.bigace.de/Security-Fix-for-2.5.html]
[http://www.bigace.de/BIGACE-2.6.html]
[34920]
[20090512 User options changer (SQLi) EXPLOIT --Bigace CMS -stable release- 2.5-->]
[8664]
[35063]
PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the form_include_template parameter.
[ADV-2009-1287]
[34909]
[8658]
admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.
[ADV-2009-1287]
[34909]
[8658]
Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to inject arbitrary PHP code into phpre_config.php via the form_aula parameter.
[ADV-2009-1287]
[34909]
[8658]
Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive.
[http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html]
[fsecure-rar-zip-security-bypass(50346)]
[ADV-2009-1262]
[1022172]
[1022171]
[1022170]
[34849]
[35008]
Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.
[fprot-cab-security-bypass(50427)]
[34896]
[20090509 [TZO-21-2009] Fprot CAB bypass / evasion]
[http://blog.zoller.lu/2009/04/advisory-f-prot-frisk-cab-bypass.html]
The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition für Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to bypass malware detection via a crafted (1) RAR and (2) ZIP archive.
[avg-zip-security-bypass(50426)]
[34895]
[20090509 [TZO-20-2009] AVG ZIP evasion / bypass]
[http://blog.zoller.lu/2009/04/avg-zip-evasion-bypass.html]
Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop 1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter to header.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[http://www.ulteo.com/home/en/ovdi/openvirtualdesktop/downloadnow?autolang=en]
[34923]
The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.
[1022261]
[http://aix.software.ibm.com/aix/efixes/security/libc_advisory.asc]
[aix-mallocdebug-privilege-escalation(50636)]
[ADV-2009-1380]
[35034]
[54617]
[9306]
[IZ50517]
[IZ50500]
[IZ50447]
[IZ50445]
[IZ50139]
[IZ50129]
[IZ50121]
[35146]
[oval:org.mitre.oval:def:6276]
[20090520 IBM AIX libc MALLOCDEBUG File Overwrite Vulnerability]
Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) allow remote attackers to bypass authentication and gain administrative access via the (1) username and (2) password parameters.
[ADV-2009-1365]
[35003]
[8710]
[35125]
Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.
[libsndfile-aiff-voc-bo(50541)]
[ADV-2009-1348]
[ADV-2009-1324]
[34978]
[http://www.mega-nerd.com/libsndfile/]
[http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/]
[libsndfile-voc-bo(50827)]
[MDVSA-2009:132]
[DSA-1814]
[http://trapkit.de/advisories/TKADV2009-006.txt]
[GLSA-200905-09]
[35443]
[35247]
[35126]
[35076]
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.
[ADV-2009-1340]
[http://cvs.eggheads.org/viewvc/viewvc.cgi/eggdrop1.6/doc/Changes1.6?revision=1.20&view=markup]
[FEDORA-2009-5572]
[FEDORA-2009-5568]
[eggdrop-servmsg-dos(50547)]
[34985]
[20090515 eggdrop/windrop remote crash vulnerability]
[8695]
[MDVSA-2009:126]
[DSA-1826]
[35690]
[35158]
[35104]
[54460]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528778]
[20090514 eggdrop/windrop remote crash vulnerability]
Cross-site scripting (XSS) vulnerability in CGI RESCUE Trees before 2.11 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
[34999]
[rescuetrees-unspecified-xss(50579)]
[http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20090512155247]
[35123]
[54545]
[JVNDB-2009-000028]
[JVN#28521500]
Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.
[libsndfile-aiff-voc-bo(50541)]
[ADV-2009-1324]
[34978]
[http://www.mega-nerd.com/libsndfile/]
[http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/]
[MDVSA-2009:132]
[DSA-1814]
[GLSA-200905-09]
[35443]
[35247]
[35076]
The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument).
[35105]
[20090528 CORE-2009-0401 - StoneTrip S3DPlayers remote command injection]
[http://www.coresecurity.com/content/StoneTrip-S3DPlayers]
[35256]
Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page.
[35082]
[256588]
[http://sunsolve.sun.com/search/document.do?assetkey=1-21-118950-38-1]
[javasystem-portalserver-xss(50704)]
[ADV-2009-1411]
[1022273]
[35221]
[54705]
Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact.
[VU#166739]
[37744]
[http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887]
[http://holisticinfosec.org/content/view/111/45/]
Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406.
[VU#166739]
[37744]
[http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887]
[http://holisticinfosec.org/content/view/111/45/]
Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) gallery_category or (2) gallery_show parameter to example.php.
[stgallery-example-sql-injection(50378)]
[34875]
[8636]
[20090507 SQL INJECTION VULNERABILITIES--ST-Gallery version 0.1 alpha]
Stack-based buffer overflow in the Chinagames CGAgent ActiveX control 1.x in CGAgent.dll, as distributed in Chinagames iGame 2009, allows remote attackers to execute arbitrary code via a long argument to the CreateChinagames method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information.
[34871]
[http://www.cisrt.org/enblog/read.php?245]
[35005]
[http://hi.baidu.com/wi4r/blog/item/8b1c06fb2e3de8819f514671.html]
[http://downloads.securityfocus.com/vulnerabilities/exploits/34871.html]
[http://bbs.pediy.com/showthread.php?t=87615]
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information.
[34857]
[freepbx-reports-xss(50361)]
[34772]
[54261]
[54260]
[54259]
[http://freepbx.org/trac/ticket/3660]
Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.
[34857]
[34772]
[54262]
[http://freepbx.org/trac/ticket/3660]
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
[34857]
[54263]
[34772]
[http://freepbx.org/trac/ticket/3660]
Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
[videoscript-index-sql-injection(50373)]
[34868]
[8635]
Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1