Vulnerability Summary for the Week of January 28, 2008
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
phpCMS – Version 1.2.2 | Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than CVE-2005-1840. |
| 8.5 | CVE-2008-0513 BUGTRAQ BUGTRAQ MILW0RM BID XF | ||
Bigware -- Bigware Shop | SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to main_bigware_53.php. |
| 7.5 | CVE-2008-0498 MILW0RM BID XF | ||
Bubbling Library -- Bubbling Library | Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) uri parameter to (a) yui-menu.tpl.php, (b) simple.tpl.php, and (c) advanced.tpl.php in dispatcher/framework/; and the (2) page parameter to (d) yui-menu.php, (e) simple.php, and (f) advanced.php in dispatcher/framework/, different vectors than CVE-2008-0521. |
| 7.5 | CVE-2008-0545 MILW0RM BID | ||
Comodo -- Comodo AntiVirus Microsoft -- ActiveX | A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method. |
| 9.3 | CVE-2008-0470 MILW0RM BID XF | ||
Connectix -- Connectix Boards | PHP remote file inclusion vulnerability in templates/Official/part_userprofile.php in Connectix Boards 0.8.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the template_path parameter. |
| 9.3 | CVE-2008-0502 MILW0RM BID SECUNIA | ||
Coppermine -- Coppermine Photo Gallery | include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters. NOTE: some of these details are obtained from third party information. |
| 7.5 | CVE-2008-0506 OTHER-REF BID SECUNIA | ||
fedoraproject -- HSQLDB | Unspecified vulnerability in HSQLDB 1.8.0.8, and possibly other versions, has unknown impact and attack vectors. |
| 10.0 | CVE-2007-4576 FEDORA FEDORA SECUNIA | ||
Firebird -- Firebird | Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption. |
| 7.8 | CVE-2008-0387 BUGTRAQ OTHER-REF OTHER-REF BID | ||
Firebird -- Firebird | Buffer overflow in Firebird before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via a long username. |
| 10.0 | CVE-2008-0467 OTHER-REF OTHER-REF BID FRSIRT SECTRACK XF | ||
Flinx -- Flinx | SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2008-0468 MILW0RM BID FRSIRT XF | ||
GE Fanuc -- Proficy Real-Time Information Portal | Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory. |
| 7.5 | CVE-2008-0175 BUGTRAQ OTHER-REF CERT-VN BID SECTRACK SECUNIA | ||
GE Fanuc -- CIMPLICITY | Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors. |
| 10.0 | CVE-2008-0176 BUGTRAQ OTHER-REF CERT-VN BID SECTRACK SECUNIA FRSIRT | ||
HFS -- HTTP File Server | Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data. |
| 10.0 | CVE-2008-0405 BUGTRAQ OTHER-REF OTHER-REF SECUNIA XF | ||
IBM -- Hardware Management Console | Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Management Console (HMC) 7 R3.2.0 allows remote attackers to cause a denial of service via unspecified vectors. |
| 7.8 | CVE-2008-0495 OTHER-REF BID SECUNIA | ||
ICU Project -- International Components for Unicode | libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. |
| 7.5 | CVE-2007-4770 MLIST OTHER-REF MANDRIVA REDHAT BID SECTRACK SECUNIA SECUNIA XF FEDORA FEDORA FRSIRT SECUNIA | ||
ICU Project -- International Components for Unicode | Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information. |
| 10.0 | CVE-2007-4771 MLIST OTHER-REF MANDRIVA REDHAT BID SECTRACK SECUNIA SECUNIA XF FEDORA FEDORA FRSIRT SECUNIA | ||
IrfanView -- IrfanView | fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information. |
| 9.3 | CVE-2008-0493 MILW0RM BID FRSIRT SECUNIA | ||
Joomla -- Joomla Darko Selesi -- EstateAgent Mambo -- Mambo | SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action. |
| 7.5 | CVE-2008-0517 MILW0RM | ||
Joomla -- com_recipes Mambo -- com_recipes | SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. |
| 7.5 | CVE-2008-0518 MILW0RM | ||
Joomla -- com_jokes Mambo -- com_jokes | SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action. |
| 7.5 | CVE-2008-0519 MILW0RM | ||
Linux -- Kernel | The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference. |
| 7.8 | CVE-2007-6694 MLIST | ||
Mambo -- Glossary Joomla -- Glossary | SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action. |
| 7.5 | CVE-2008-0514 MILW0RM BID | ||
Mambo -- musepoes_component Joomla -- musepoes_component | SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action. |
| 7.5 | CVE-2008-0515 MILW0RM BID | ||
MamboXChange -- LaiThai | SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| 7.5 | CVE-2008-0499 OTHER-REF BID FRSIRT SECUNIA | ||
MamboXChange -- LaiThai | Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have unknown impact and attack vectors related to (1) mod_login and (2) mod_template_chooser. |
| 10.0 | CVE-2008-0500 OTHER-REF BID FRSIRT SECUNIA | ||
Move Networks Inc -- Move Media Player | Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX control in QMPUpgrade.dll 1.0.0.1 in Move Networks Upgrade Manager allows remote attackers to execute arbitrary code via a long first argument to the Upgrade method. NOTE: some of these details are obtained from third party information. |
| 10.0 | CVE-2008-0477 MILW0RM BID FRSIRT SECUNIA XF | ||
PierreEGougelet -- NConvert PierreEGougelet -- GFL SDK PierreEGougelet -- XnView | Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file. |
| 8.5 | CVE-2008-0064 OTHER-REF SECUNIA SECUNIA | ||
Pre Projects -- Pre Dynamic Institution | Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp. NOTE: some of these details are obtained from third party information. |
| 7.5 | CVE-2008-0543 BUGTRAQ BID SECUNIA XF | ||
PulseAudio -- PulseAudio | The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion. |
| 7.2 | CVE-2008-0008 OTHER-REF OTHER-REF OTHER-REF FEDORA FEDORA BID SECUNIA DEBIAN MANDRIVA FRSIRT SECUNIA XF | ||
Radio Toolbox -- Steamcast | Off-by-one error in Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a certain HTTP request that leads to a buffer overflow, as demonstrated by a long User-Agent header. |
| 10.0 | CVE-2008-0550 OTHER-REF OTHER-REF XF | ||
SDL -- SDL_image | Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information. |
| 7.5 | CVE-2007-6697 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
SDL -- SDL_image | Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained from third party information. |
| 10.0 | CVE-2008-0544 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
Sejoong Namo -- ActiveSquare Microsoft -- ActiveX | The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1 and earlier in Namo Web Editor in Sejoong Namo ActiveSquare 6 allows remote attackers to execute arbitrary code via a URL in the argument to the Install method. NOTE: some of these details are obtained from third party information. |
| 9.3 | CVE-2008-0551 MILW0RM BID FRSIRT SECUNIA | ||
ShoppingTree -- CandyPress Store | Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter to (b) ajax/ajax_getBrands.asp. |
| 7.5 | CVE-2008-0546 BUGTRAQ MILW0RM OTHER-REF BID SECUNIA XF | ||
SQLite Manager -- SQLite Manager | PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in SQLiteManager 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 9.3 | CVE-2008-0516 SECUNIA | ||
The Net Guys -- ASPired2Protect | Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: some of these details are obtained from third party information. |
| 7.5 | CVE-2008-0487 BUGTRAQ BID SECUNIA XF | ||
Tiger Php News System -- Tiger Php News System | SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action. |
| 7.5 | CVE-2008-0469 BUGTRAQ MILW0RM BID SECUNIA XF FRSIRT | ||
VB Marketing -- VB Marketing | Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter. |
| 7.5 | CVE-2008-0488 BUGTRAQ BID XF | ||
WordPress -- WP_Cal Plugin | SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2008-0490 MILW0RM BID SECUNIA XF | ||
WordPress -- fGallery plugin | SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter. |
| 7.5 | CVE-2008-0491 MILW0RM BID XF | ||
WordPress -- AdServe | SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2008-0507 MILW0RM BID SECUNIA | ||
Yamaha -- RT107e Yamaha -- RTA50i Yamaha -- RTA54i Yamaha -- RTA52i Yamaha -- RT80i Yamaha -- RTV700 Yamaha -- RTW65i Yamaha -- RT57i Yamaha -- RTX1000 Yamaha -- SRT100 Yamaha -- RT56v Yamaha -- RTA55i Yamaha -- RT60w Yamaha -- RT52pro Yamaha -- RTX1100 Yamaha -- RTX1500 Yamaha -- RT58i Yamaha -- RTW65b | Cross-site request forgery (CSRF) vulnerability in the management interface in multiple Yamaha RT series routers allows remote attackers to change password settings and probably other configuration settings as administrators via unspecified vectors. |
| 10.0 | CVE-2008-0524 OTHER-REF OTHER-REF BID SECUNIA XF |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
AmpJuke -- AmpJuke | Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 allows remote attackers to inject arbitrary web script or HTML via the limit parameter in a search action. |
| 4.3 | CVE-2008-0496 BUGTRAQ | ||
Bubbling Library -- Bubbling Library | Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-????. |
| 5.0 | CVE-2008-0521 MILW0RM BID XF | ||
Clansphere -- Clansphere | Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. |
| 5.0 | CVE-2008-0489 BUGTRAQ BID XF | ||
Coppermine -- Coppermine Photo Gallery | Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) util.php and (2) reviewcom.php. NOTE: some of these details are obtained from third party information. |
| 6.8 | CVE-2008-0504 OTHER-REF BID SECUNIA | ||
Coppermine -- Coppermine Photo Gallery | Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters. NOTE: some of these details are obtained from third party information. |
| 6.0 | CVE-2008-0505 OTHER-REF BID SECUNIA | ||
Dean -- Permalinks Migration Plugin | Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting. |
| 6.8 | CVE-2008-0508 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
Drake Team -- Drake CMS | Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter. |
| 4.3 | CVE-2007-6695 OTHER-REF BID | ||
Endian -- Firewall | Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2008-0494 OTHER-REF BID | ||
eTicket -- eTicket | Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. |
| 4.3 | CVE-2008-0552 BUGTRAQ OTHER-REF BID | ||
F5 -- BIG-IP | Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php in F5 BIG-IP Application Security Manager (ASM) 9.4.3 allows remote attackers to inject arbitrary web script or HTML via the report_type parameter. |
| 4.3 | CVE-2008-0539 BUGTRAQ BID | ||
Francisco Burzi -- PHP-Nuke | SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. |
| 6.8 | CVE-2008-0461 MILW0RM BID FRSIRT SECUNIA XF | ||
GE Fanuc -- Proficy Real-Time Information Portal | GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. |
| 5.0 | CVE-2008-0174 BUGTRAQ OTHER-REF CERT-VN SECTRACK | ||
Gerd Tentler -- Simple Forum | Multiple cross-site scripting (XSS) vulnerabilities in forum.php in Gerd Tentler Simple Forum 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) open and (2) date_show parameters. |
| 4.3 | CVE-2008-0541 MILW0RM BID | ||
Gerd Tentler -- Simple Forum | Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| 5.0 | CVE-2008-0542 MILW0RM BID | ||
Hal Networks -- Perl _CGI_cart Hal Networks -- PHP_cart Hal Networks -- Shop_hal_v1 | Cross-site scripting (XSS) vulnerability in multiple Hal Networks shopping-cart products allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | CVE-2008-0522 OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF SECUNIA | ||
HFS -- HTTP File Server | HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name. |
| 5.0 | CVE-2008-0406 BUGTRAQ OTHER-REF OTHER-REF SECUNIA XF | ||
HFS -- HTTP File Server | HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request. |
| 5.0 | CVE-2008-0407 BUGTRAQ OTHER-REF OTHER-REF SECUNIA XF | ||
HFS -- HTTP File Server | HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication. |
| 6.4 | CVE-2008-0408 BUGTRAQ OTHER-REF OTHER-REF SECUNIA XF | ||
HFS -- HTTP File Server | Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL. |
| 4.3 | CVE-2008-0409 BUGTRAQ OTHER-REF OTHER-REF SECUNIA XF | ||
HFS -- HTTP File Server | HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as |
| 5.0 | CVE-2008-0410 BUGTRAQ OTHER-REF OTHER-REF SECUNIA XF | ||
IBM -- AIX | Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25remote, related to piox25remote.sh. |
| 5.5 | CVE-2008-0509 AIXAPAR BID FRSIRT SECUNIA | ||
Joomla -- com_mamml Component | SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. |
| 6.8 | CVE-2008-0511 MILW0RM BID | ||
Joomla -- com_fq Component | SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. |
| 6.8 | CVE-2008-0512 MILW0RM BID | ||
Linux -- Linux | cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination. |
| 6.9 | CVE-2007-4998 OTHER-REF OTHER-REF | ||
LiquidSilverCMS -- LiquidSilverCMS | Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter. |
| 6.8 | CVE-2008-0459 MILW0RM BID SECUNIA FRSIRT XF | ||
Lumension Security -- PatchLink Update | PatchLink Update client for Unix allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script. |
| 4.6 | CVE-2008-0525 BUGTRAQ SECTRACK SECUNIA XF XF | ||
Mambo -- Mambo Open Source 4.5 | SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. |
| 6.8 | CVE-2008-0510 MILW0RM BID | ||
ManageEngine -- Applications Manager | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2008-0474 BID SECUNIA XF | ||
ManageEngine -- Applications Manager | ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.0 | CVE-2008-0475 BID SECUNIA XF | ||
ManageEngine -- Applications Manager | ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 6.4 | CVE-2008-0476 BID SECUNIA XF | ||
Microsoft -- ie MediaWiki -- MediaWiki BotQuery Ext MediaWiki -- MediaWiki | Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | CVE-2008-0460 MLIST SECUNIA FRSIRT XF | ||
Netwerk -- Smart Publisher | Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter. |
| 6.8 | CVE-2008-0503 MILW0RM BID SECUNIA | ||
Nucleus CMS -- Nucleus CMS | Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, which is not quoted when processing PHP_SELF. |
| 4.3 | CVE-2008-0497 BUGTRAQ BUGTRAQ OTHER-REF | ||
Persits Software -- XUpload | Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. NOTE: some of these details are obtained from third party information. |
| 6.8 | CVE-2008-0492 MILW0RM BID FRSIRT SECUNIA XF | ||
phpBB -- phpBB | Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action. |
| 4.3 | CVE-2008-0471 BUGTRAQ SECUNIA | ||
phpIP -- phpIP Management | Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to login.php, the (2) id parameter to display.php, and unspecified other vectors. NOTE: some of these details are obtained from third party information. |
| 6.8 | CVE-2008-0538 FULLDISC MILW0RM SECUNIA | ||
Radio Toolbox -- Steamcast | Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails. |
| 5.0 | CVE-2008-0548 OTHER-REF XF | ||
Radio Toolbox -- Steamcast | Integer overflow in the OggHeaderParse function in Steamcast 0.9.75 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via a long Ogg tag. |
| 5.0 | CVE-2008-0549 OTHER-REF OTHER-REF XF | ||
SeagullProject.org -- Seagull | Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter. |
| 5.0 | CVE-2008-0465 MILW0RM BID OTHER-REF FRSIRT SECUNIA XF | ||
SetCMS -- SetCMS | Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set parameter, as demonstrated by sending a certain CLIENT_IP HTTP header in an enter action to index.php, and injecting PHP sequences into files/enter.set, which is then included by index.php. |
| 5.8 | CVE-2008-0478 MILW0RM BID XF | ||
ShoppingTree -- CandyPress Store | Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and probably earlier 4.x and 3.x versions, allows remote attackers to inject arbitrary web script or HTML via the helpfield parameter. |
| 4.3 | CVE-2008-0547 BUGTRAQ MILW0RM OTHER-REF BID SECUNIA XF | ||
SoftCart -- SoftCart | Multiple cross-site scripting (XSS) vulnerabilities in SoftCart.exe in SoftCart 5.1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) License_Plate, (2) License_State, (3) Ticket_Date, and (4) Ticket_Number parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2008-0523 SECUNIA | ||
SourceForge -- phpMyClub | Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI. |
| 5.8 | CVE-2008-0501 MILW0RM BID XF | ||
trixbox -- trixbox | Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/. |
| 4.3 | CVE-2008-0540 OTHER-REF BID | ||
Web Wiz -- Text Editor Web Wiz -- Forums Web Wiz -- NewsPad | Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability. |
| 5.0 | CVE-2008-0466 BUGTRAQ MILW0RM OTHER-REF OTHER-REF SECTRACK BUGTRAQ MILW0RM OTHER-REF | ||
Web Wiz -- Rich Text Editor | RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors. |
| 6.4 | CVE-2008-0473 BUGTRAQ MILW0RM OTHER-REF BID SECTRACK | ||
Web Wiz -- NewsPad | Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter. |
| 5.0 | CVE-2008-0479 BUGTRAQ MILW0RM OTHER-REF OTHER-REF SECTRACK SECUNIA XF | ||
Web Wiz -- Web Wiz Forums | Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp. |
| 5.0 | CVE-2008-0480 BUGTRAQ MILW0RM OTHER-REF OTHER-REF SECTRACK SECUNIA XF | ||
Web Wiz -- Rich Text Editor | Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action. |
| 5.0 | CVE-2008-0481 BUGTRAQ MILW0RM OTHER-REF OTHER-REF SECTRACK SECUNIA XF | ||
WoltLab -- Burning Board | Cross-site request forgery (CSRF) vulnerability in modcp.php in Woltlab Burning Board (wBB) 2.3.6 PL2 allows remote attackers to delete threads as moderators or administrators via a thread_del action. |
| 4.3 | CVE-2008-0472 BUGTRAQ SECUNIA XF | ||
WordPress -- WassUp Plugin | Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php. |
| 6.5 | CVE-2008-0520 MILW0RM |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
WebCalendar -- WebCalendar | Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication. |
| 2.1 | CVE-2007-6696 OTHER-REF BID |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.