Vulnerability Summary for the Week of January 14, 2008
Released
Jan 21, 2008
Document ID
SB08-021
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
">
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Agares Media -- phpAutoVideo | SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter. |
| 7.5 | CVE-2008-0262 MILW0RM MILW0RM BID XF | ||
| Apple -- Quicktime | Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with crafted Image Descriptor (IDSC) atoms, which triggers memory corruption. |
| 9.3 | CVE-2008-0033 APPLE OTHER-REF | ||
| Article Dashboard -- Article Dashboard | SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields. |
| 7.5 | CVE-2008-0286 BUGTRAQ BID | ||
| BinN -- SBuilder | SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter. |
| 7.5 | CVE-2008-0253 MILW0RM BID | ||
| CherryPy -- CherryPy | Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie. |
| 7.5 | CVE-2008-0252 OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| Cisco -- Unified CallManager Cisco -- Unified Communications Manager | Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request. |
| 10.0 | CVE-2008-0027 BUGTRAQ OTHER-REF CISCO BID XF | ||
| Debian -- apt-listchanges | Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory. |
| 7.2 | CVE-2008-0302 OTHER-REF OTHER-REF | ||
| DigitalHive -- DigitalHive | Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php. |
| 7.5 | CVE-2008-0290 MILW0RM BID XF | ||
| DomPHP -- DomPHP | SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter. |
| 7.5 | CVE-2008-0282 MILW0RM BID SECUNIA XF | ||
| Drupal -- Fileshare_Module | Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors. |
| 8.5 | CVE-2008-0277 OTHER-REF XF | ||
| eTicket -- eTicket | Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php. |
| 7.5 | CVE-2008-0267 BUGTRAQ BID SECUNIA XF | ||
| Evilsentinel -- Evilsentinel | admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes. |
| 7.5 | CVE-2008-0350 MILW0RM OTHER-REF SECUNIA | ||
| FaScript -- FaPersian Petition | SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2008-0325 MILW0RM BID | ||
| FaScript -- FaPersianHack | SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php. |
| 7.5 | CVE-2008-0326 MILW0RM BID | ||
| FaScript -- FaMp3 | SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2008-0327 MILW0RM BID | ||
| FaScript -- FaName | SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2008-0328 MILW0RM BID | ||
| FreeBSD -- FreeBSD | Off-by-one error in the inet_network function in libc in FreeBSD 6.2, 6.3, and 7.0-PRERELEASE and earlier allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. |
| 10.0 | CVE-2008-0122 FREEBSD | ||
| Funkwerk -- System Software | Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests. |
| 7.8 | CVE-2008-0331 OTHER-REF SECUNIA | ||
| GForge -- GForge | SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports. |
| 7.5 | CVE-2008-0173 DEBIAN BID FRSIRT | ||
| Hangzhou Rui-Qiang -- RichStrong CMS | SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| 7.5 | CVE-2008-0291 MILW0RM BID | ||
| ID-Commerce -- ID-Commerce | SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter. |
| 7.5 | CVE-2008-0281 FULLDISC FULLDISC FULLDISC BID XF | ||
| iGaming -- iGaming | SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter. |
| 7.5 | CVE-2008-0255 MILW0RM BID SECUNIA XF | ||
| ImageAlbum -- ImageAlbum | Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action. |
| 7.5 | CVE-2008-0288 BUGTRAQ MILW0RM BID | ||
| Linux -- Kernel | VFS in the Linux kernel before 2.6.23.14 performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass file permissions. |
| 7.2 | CVE-2008-0001 OTHER-REF BID | ||
| Linux -- Kernel | The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram). |
| 7.8 | CVE-2008-0352 MILW0RM OTHER-REF XF | ||
| Matteo Binda -- ASP Photo Gallery | Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp. |
| 7.5 | CVE-2008-0256 MILW0RM BID SECUNIA | ||
| Menalto -- Gallery Publish XP Module | Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors. |
| 10.0 | CVE-2007-6685 OTHER-REF | ||
| Menalto -- Gallery | The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller. |
| 10.0 | CVE-2007-6686 OTHER-REF | ||
| Menalto -- Gallery | Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder." |
| 10.0 | CVE-2007-6688 OTHER-REF | ||
| Menalto -- Gallery | Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module. |
| 7.5 | CVE-2007-6689 OTHER-REF | ||
| Menalto -- Gallery | The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors. |
| 10.0 | CVE-2007-6690 OTHER-REF | ||
| Menalto -- Gallery | Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules. |
| 10.0 | CVE-2007-6691 OTHER-REF | ||
| Menalto -- Gallery WebCam Module | Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request." |
| 10.0 | CVE-2007-6693 OTHER-REF | ||
| Microsoft -- Excel Microsoft -- Excel Viewer | Unspecified vulnerability in Microsoft Excel 2004 and earlier, and Microsoft Office Excel Viewer 2003, allows remote attackers to execute arbitrary code via an Excel file with a malformed header, which triggers memory corruption. NOTE: due to lack of details from the vendor, it is not clear whether this is the same issue as CVE-2007-3490. |
| 10.0 | CVE-2008-0081 OTHER-REF BID FRSIRT SECTRACK XF | ||
| Microsoft -- Visual InterDev | Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long Project line. |
| 9.3 | CVE-2008-0250 MILW0RM OTHER-REF BID | ||
| MiniWeb HTTP Server -- MiniWeb HTTP Server | Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI. |
| 7.5 | CVE-2008-0337 MILW0RM OTHER-REF SECUNIA | ||
| MTCMS -- MTCMS | SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter. |
| 7.5 | CVE-2008-0280 BUGTRAQ MILW0RM BID | ||
| Oracle -- Oracle Database | Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01. |
| 10.0 | CVE-2008-0339 OTHER-REF HP CERT BID FRSIRT SECTRACK SECUNIA | ||
| Oracle -- E-Business Suite 11i Oracle -- Oracle 10g Application Server Release 3 Oracle -- E-Business Suite 12 Oracle -- Application Server 9i Release 1 Oracle -- Oracle 9i Database Release 2 Oracle -- Database 11g Oracle -- Collaboration Suite 10g Oracle -- Database 9i Oracle -- Oracle 10g Database Release 2 Oracle -- Oracle10g Application Server Release 2 Oracle -- Oracle10g Application Server Oracle -- PeopleSoft Enterprise PeopleTools Oracle -- Database 10g | Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB04). |
| 10.0 | CVE-2008-0340 OTHER-REF HP CERT BID FRSIRT SECTRACK SECUNIA | ||
| Oracle -- Oracle Database | Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03. |
| 10.0 | CVE-2008-0341 OTHER-REF HP CERT BID FRSIRT SECTRACK SECUNIA | ||
| Oracle -- Oracle Database | Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB05. |
| 10.0 | CVE-2008-0342 OTHER-REF HP CERT BID FRSIRT SECTRACK SECUNIA | ||
| Oracle -- E-Business Suite 11i Oracle -- Oracle 10g Application Server Release 3 Oracle -- E-Business Suite 12 Oracle -- Application Server 9i Release 1 Oracle -- Oracle 9i Database Release 2 Oracle -- Database 11g Oracle -- Collaboration Suite 10g Oracle -- Database 9i Oracle -- Oracle 10g Database Release 2 Oracle -- Oracle10g Application Server Release 2 Oracle -- Oracle10g Application Server Oracle -- PeopleSoft Enterprise PeopleTools Oracle -- Database 10g | Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has unknown impact and remote attack vectors, aka DB06. |
| 10.0 | CVE-2008-0343 OTHER-REF HP CERT BID FRSIRT SECTRACK SECUNIA | ||
| Oracle -- E-Business Suite 11i Oracle -- Oracle 10g Application Server Release 3 Oracle -- E-Business Suite 12 Oracle -- Application Server 9i Release 1 Oracle -- Oracle 9i Database Release 2 Oracle -- Database 11g Oracle -- Collaboration Suite 10g Oracle -- Database 9i Oracle -- Oracle 10g Database Release 2 Oracle -- Oracle10g Application Server Release 2 Oracle -- Oracle10g Application Server Oracle -- PeopleSoft Enterprise PeopleTools Oracle -- Database 10g | Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack vectors, aka DB07. |
| 10.0 | CVE-2008-0344 OTHER-REF HP CERT BID FRSIRT SECTRACK SECUNIA | ||
| Oracle -- E-Business Suite 11i Oracle -- Oracle 10g Application Server Release 3 Oracle -- E-Business Suite 12 Oracle -- Application Server 9i Release 1 Oracle -- Oracle 9i Database Release 2 Oracle -- Database 11g Oracle -- Collaboration Suite 10g Oracle -- Database 9i Oracle -- Oracle 10g Database Release 2 Oracle -- Oracle10g Application Server Release 2 Oracle -- Oracle10g Application Server Oracle -- PeopleSoft Enterprise PeopleTools Oracle -- Database 10g | Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08. |
| 10.0 | CVE-2008-0345 OTHER-REF HP CERT BID FRSIRT SECTRACK SECUNIA | ||
| Oracle -- E-Business Suite 11i Oracle -- Oracle 10g Application Server Release 3 Oracle -- E-Business Suite 12 Oracle -- Application Server 9i Release 1 Oracle -- Oracle 9i Database Release 2 Oracle -- Database 11g Oracle -- Collaboration Suite 10g Oracle -- Database 9i Oracle -- Oracle 10g Database Release 2 Oracle -- Oracle10g Application Server Release 2 Oracle -- Oracle10g Application Server Oracle -- PeopleSoft Enterprise PeopleTools Oracle -- Database 10g | Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01. |
| 10.0 | CVE-2008-0346 OTHER-REF HP CERT BID FRSIRT SECTRACK SECUNIA | ||
| Oracle -- E-Business Suite 11i Oracle -- Oracle 10g Application Server Release 3 Oracle -- E-Business Suite 12 Oracle -- Application Server 9i Release 1 Oracle -- Oracle 9i Database Release 2 Oracle -- Database 11g Oracle -- Collaboration Suite 10g Oracle -- Database 9i Oracle -- Oracle 10g Database Release 2 Oracle -- Oracle10g Application Server Release 2 Oracle -- Oracle10g Application Server Oracle -- PeopleSoft Enterprise PeopleTools Oracle -- Database 10g | Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2 and Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka OCS01. |
| 10.0 | CVE-2008-0347 OTHER-REF HP CERT BID FRSIRT SECTRACK SECUNIA | ||
| Oracle -- E-Business Suite 11i Oracle -- Oracle 10g Application Server Release 3 Oracle -- E-Business Suite 12 Oracle -- Application Server 9i Release 1 Oracle -- Oracle 9i Database Release 2 Oracle -- Database 11g Oracle -- Collaboration Suite 10g Oracle -- Database 9i Oracle -- Oracle 10g Database Release 2 Oracle -- Oracle10g Application Server Release 2 Oracle -- Oracle10g Application Server Oracle -- PeopleSoft Enterprise PeopleTools Oracle -- Database 10g | Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18, 8.48.15, and 8.49.07 have unknown impact and remote attack vectors, aka (1) PSE01, (2) PSE03, and (3) PSE04. |
| 10.0 | CVE-2008-0348 OTHER-REF HP CERT BID FRSIRT SECTRACK SECUNIA | ||
| Oracle -- E-Business Suite 11i Oracle -- Oracle 10g Application Server Release 3 Oracle -- E-Business Suite 12 Oracle -- Application Server 9i Release 1 Oracle -- Oracle 9i Database Release 2 Oracle -- Database 11g Oracle -- Collaboration Suite 10g Oracle -- Database 9i Oracle -- Oracle 10g Database Release 2 Oracle -- Oracle10g Application Server Release 2 Oracle -- Oracle10g Application Server Oracle -- PeopleSoft Enterprise PeopleTools Oracle -- Database 10g | Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02. |
| 10.0 | CVE-2008-0349 OTHER-REF HP CERT BID FRSIRT SECTRACK SECUNIA | ||
| PhotoPost -- Photopost vBGallery | Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors. |
| 10.0 | CVE-2008-0251 OTHER-REF OTHER-REF SECUNIA XF | ||
| Radiator -- RADIUS_Server | Radiator before 4.0 allows remote attackers to cause a denial of service (daemon crash) via malformed RADIUS requests, as demonstrated by packets sent by nmap. |
| 7.8 | CVE-2008-0330 OTHER-REF SECUNIA | ||
| Tibco -- SmartSockets RTserver Tibco -- RTworks Tibco -- Enterprise Message Service | TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers. |
| 10.0 | CVE-2007-5655 IDEFENSE OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID | ||
| Tibco -- SmartSockets RTserver Tibco -- RTworks Tibco -- Enterprise Message Service | TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory. |
| 10.0 | CVE-2007-5656 IDEFENSE OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID | ||
| Tibco -- SmartSockets RTserver Tibco -- RTworks Tibco -- Enterprise Message Service | TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets. |
| 10.0 | CVE-2007-5657 IDEFENSE OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID | ||
| Tibco -- SmartSockets RTserver Tibco -- RTworks Tibco -- Enterprise Message Service | Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow. |
| 10.0 | CVE-2007-5658 IDEFENSE OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID | ||
| VideoLAN -- VLC | Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file. |
| 7.5 | CVE-2007-6681 BUGTRAQ MLIST MLIST | ||
| VideoLAN -- VLC | Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter. |
| 7.5 | CVE-2007-6682 BUGTRAQ | ||
| VideoLAN -- VLC Media Player | Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. |
| 8.5 | CVE-2008-0295 OTHER-REF BID FRSIRT SECUNIA | ||
| VideoLAN -- VLC Media Player | Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. |
| 10.0 | CVE-2008-0296 OTHER-REF FRSIRT | ||
| Xforum -- Xforum | SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter. NOTE: the categorie parameter might also be affected. |
| 7.5 | CVE-2008-0279 MILW0RM BID XF |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| AfterLogic -- MailBee WebMail Pro Microsoft -- ASP.NET | Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter. |
| 5.0 | CVE-2008-0333 MILW0RM | ||
| Apple -- Quicktime | Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execurte arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption. |
| 5.8 | CVE-2008-0031 APPLE OTHER-REF | ||
| Apple -- Quicktime | Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption. |
| 5.8 | CVE-2008-0032 IDEFENSE APPLE OTHER-REF | ||
| Apple -- iPhone | Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. |
| 4.6 | CVE-2008-0034 APPLE OTHER-REF | ||
| Apple -- Safari | Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2 and iPod touch 1.1 through 1.1.2 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. |
| 6.8 | CVE-2008-0035 APPLE OTHER-REF | ||
| Apple -- Quicktime | Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding. |
| 6.8 | CVE-2008-0036 APPLE OTHER-REF | ||
| Apple -- Safari | KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. |
| 4.3 | CVE-2008-0298 BUGTRAQ OTHER-REF BID XF | ||
| Aria -- Aria | Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. |
| 5.0 | CVE-2008-0332 MILW0RM | ||
| Boost -- Boost Boost -- Boost Regex Library | regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression. |
| 5.0 | CVE-2008-0171 OTHER-REF OTHER-REF OTHER-REF OTHER-REF UBUNTU BID | ||
| Boost -- Boost | The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression. |
| 5.0 | CVE-2008-0172 OTHER-REF OTHER-REF OTHER-REF OTHER-REF UBUNTU BID | ||
| Bugtracker.NET -- Bugtracker.NET | Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field. |
| 4.3 | CVE-2008-0335 OTHER-REF OTHER-REF BID SECUNIA XF | ||
| Bugtracker.NET -- Bugtracker.NET | Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx. |
| 4.3 | CVE-2008-0336 OTHER-REF OTHER-REF SECUNIA XF | ||
| Cisco -- VPN Client | Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption. |
| 4.9 | CVE-2008-0324 MILW0RM BID XF | ||
| Dansie -- Search Engine | Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search Engine 2.7 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2008-0257 SECUNIA | ||
| Dansie -- Photo Album | Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2008-0292 SECUNIA XF | ||
| DomPHP -- DomPHP | PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
| 6.8 | CVE-2008-0283 MILW0RM BID | ||
| Drupal -- Meta_Tags_Module | Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 module for Drupal, when images are permitted in node bodies, allows remote authenticated users to execute arbitrary code via unspecified vectors involving creation of a node. |
| 6.8 | CVE-2008-0264 OTHER-REF FRSIRT SECUNIA | ||
| Drupal -- BUEditor | The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces. |
| 4.3 | CVE-2008-0271 OTHER-REF SECUNIA XF | ||
| Drupal -- Drupal | Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users. |
| 4.3 | CVE-2008-0272 OTHER-REF BID SECUNIA XF | ||
| Drupal -- Drupal | Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism. |
| 4.3 | CVE-2008-0273 OTHER-REF BID SECUNIA XF | ||
| Drupal -- Atom Module | The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content. |
| 5.0 | CVE-2008-0275 OTHER-REF XF | ||
| Drupal -- Drupal | Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table. |
| 4.3 | CVE-2008-0276 OTHER-REF XF | ||
| eTicket -- eTicket | Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
| 5.8 | CVE-2008-0268 BUGTRAQ BID SECUNIA XF | ||
| Evilsentinel -- Evilsentinel | admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php. |
| 5.0 | CVE-2008-0351 MILW0RM | ||
| F5 -- BIG-IP | Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories. |
| 4.3 | CVE-2008-0265 BUGTRAQ | ||
| FreeBSD -- FreeBSD | The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script. |
| 6.9 | CVE-2008-0217 FREEBSD | ||
| FreeSeat -- FreeSeat | Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function. |
| 6.8 | CVE-2008-0293 OTHER-REF SECUNIA XF | ||
| FreeSeat -- FreeSeat | Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors. |
| 5.0 | CVE-2008-0294 OTHER-REF BID SECUNIA XF | ||
| Ingate -- Ingate_SIParator Ingate -- firewall | The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors. |
| 5.0 | CVE-2008-0263 OTHER-REF BID FRSIRT SECTRACK SECTRACK SECUNIA | ||
| Julien_Plesniak -- LulieBlog | LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter. |
| 5.0 | CVE-2008-0329 MILW0RM BID SECUNIA XF | ||
| Keil Software -- PhotoKorn | PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output. |
| 5.0 | CVE-2008-0297 MILW0RM XF | ||
| Mambo -- Mambo Open Source | Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors. |
| 5.0 | CVE-2008-0261 OTHER-REF BID SECUNIA XF | ||
| Mansion Productions -- Member Area System | PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. |
| 6.8 | CVE-2008-0289 BUGTRAQ BID XF | ||
| Menalto -- Gallery | Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules; or via (3) HTTP PROPPATCH in the WebDAV module. |
| 4.3 | CVE-2007-6687 OTHER-REF | ||
| Menalto -- Gallery | Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules. |
| 6.4 | CVE-2007-6692 OTHER-REF | ||
| minimal design -- minimal Gallery | Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters. |
| 6.4 | CVE-2008-0259 MILW0RM BID SECUNIA | ||
| minimal design -- minimal Gallery | minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function. |
| 5.0 | CVE-2008-0260 MILW0RM SECUNIA | ||
| MiniWeb HTTP Server -- MiniWeb HTTP Server | Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI. |
| 5.0 | CVE-2008-0338 MILW0RM OTHER-REF SECUNIA | ||
| ngIRCd -- ngIRCd | ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference. |
| 5.0 | CVE-2008-0285 OTHER-REF OTHER-REF OTHER-REF | ||
| PHP Running Management -- phpRunMan | Cross-site scripting (XSS) vulnerability in index.php in PHP Running Management (phpRunMan) before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter. |
| 4.3 | CVE-2008-0258 OTHER-REF OTHER-REF BID SECUNIA | ||
| Python Software Foundation -- Paramiko | common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool. |
| 4.3 | CVE-2008-0299 OTHER-REF OTHER-REF OTHER-REF | ||
| Simple Machines -- Simple Machines SMF | Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments. |
| 4.3 | CVE-2008-0284 BUGTRAQ XF | ||
| Sun -- Solaris | Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors. |
| 4.9 | CVE-2008-0269 SUNALERT | ||
| TaskFreak -- TaskFreak | SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter. |
| 6.0 | CVE-2008-0270 MILW0RM | ||
| VideoLAN -- VLC | The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability. |
| 5.0 | CVE-2007-6683 MLIST OTHER-REF OTHER-REF | ||
| VideoLAN -- VLC | The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference. |
| 5.0 | CVE-2007-6684 MLIST OTHER-REF | ||
| VisionBurst -- vcart | PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php. |
| 6.8 | CVE-2008-0287 MILW0RM BID SECUNIA | ||
| Wavelink Media -- TutorialCMS | SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter. |
| 6.8 | CVE-2008-0254 MILW0RM BID SECUNIA | ||
| X7 Group -- X7 Chat | SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action. |
| 6.5 | CVE-2008-0278 MILW0RM BID XF |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Drupal -- Drupal | Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files. |
| 2.6 | CVE-2008-0274 OTHER-REF BID SECUNIA XF | ||
| eTicket -- eTicket | Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability. |
| 2.6 | CVE-2008-0266 BUGTRAQ BID SECUNIA XF | ||
| FreeBSD -- FreeBSD | The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user. |
| 2.1 | CVE-2008-0216 FREEBSD | ||
| pMachine -- PMachine Pro | Cross-site scripting (XSS) vulnerability in pm/language/spanish/preferences.php in PMachine Pro 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the L_PREF_NAME[855] parameter. |
| 2.6 | CVE-2008-0334 OTHER-REF BID |
Please share your thoughts
We recently updated our anonymous product survey; we welcome your feedback.