Vulnerability Summary for the Week of February 4, 2008
Released
Feb 11, 2008
Document ID
SB08-042
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
">
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Adobe -- Acrobat Standard Adobe -- Acrobat Reader Adobe -- Acrobat 3D Adobe -- Acrobat Professional | Multiple unspecified vulnerabilities in Adobe Reader before 8.1.2 have unknown impact and attack vectors. |
| 10.0 | CVE-2008-0655 OTHER-REF BID FRSIRT SECUNIA | ||
| ADP -- Astanda Directory Project | SQL injection vulnerability in detail.php in Astanda Directory Project (ADP) 1.2 and 1.3 allows remote attackers to execute arbitrary SQL commands via the link_id parameter. |
| 7.5 | CVE-2008-0649 MILW0RM | ||
| All Club CMS -- All Club CMS | SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter. |
| 7.5 | CVE-2008-0601 MILW0RM | ||
| Apple -- iPhoto | Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions. |
| 9.3 | CVE-2008-0043 OTHER-REF APPLE FRSIRT SECTRACK SECUNIA | ||
| Aurigma -- Image Uploader ActiveX control MySpace -- MySpaceUploader | Stack-based buffer overflow in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.5.70 and earlier, as used in MySpace MySpaceUploader.ocx 1.0.0.4, allows remote attackers to execute arbitrary code via a long Action property. |
| 10.0 | CVE-2008-0659 FULLDISC MILW0RM OTHER-REF OTHER-REF CERT-VN BID FRSIRT FRSIRT SECUNIA | ||
| Azucar CMS -- Azucar CMS | Multiple directory traversal vulnerabilities in Azucar CMS 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _VIEW (view) parameter to (1) index.php, (2) html/sitio/index.php, or (3) src/sistema/vistas/template/tpl_inicio.php. |
| 7.5 | CVE-2008-0654 BUGTRAQ | ||
| Checkpoint -- VPN-1 SecureClient | The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials. |
| 7.2 | CVE-2008-0662 BUGTRAQ OTHER-REF BID | ||
| ChronoEngine -- ChronoForms | Multiple PHP remote file inclusion vulnerabilities in ChronoEngine ChronoForms (com_chronocontact) 2.3.5 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) PPS/File.php, (2) Writer.php, and (3) PPS.php in excelwriter/; and (4) BIFFwriter.php, (5) Workbook.php, (6) Worksheet.php, and (7) Format.php in excelwriter/Writer/. |
| 7.5 | CVE-2008-0567 MILW0RM BID | ||
| DivideConcept -- VHD Web Pack | Directory traversal vulnerability in index.php in DivideConcept VHD Web Pack 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. |
| 7.5 | CVE-2008-0609 BUGTRAQ MILW0RM BID SECUNIA | ||
| Drupal -- Secure Site module | Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remote attackers to gain the privileges of a user who has authenticated from behind the same proxy server as the attacker. |
| 10.0 | CVE-2008-0568 OTHER-REF SECUNIA | ||
| EMC -- Documentum Administrator EMC -- Documentum WebTop | Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute. |
| 10.0 | CVE-2008-0656 BUGTRAQ OTHER-REF BID SECTRACK SECUNIA | ||
| FaceBook -- FaceBook Aurigma -- Image Uploader ActiveX control FaceBook -- PhotoUploader | Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties. |
| 9.3 | CVE-2008-0660 FULLDISC MILW0RM OTHER-REF CERT-VN FRSIRT FRSIRT SECTRACK SECUNIA SECUNIA | ||
| HP -- OpenView Network Node Manager | ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to cause a denial of service (crash) via a crafted TCP request that triggers an out-of-bounds memory access. |
| 7.8 | CVE-2008-0212 HP BID IDEFENSE | ||
| HP -- Virtual Rooms | Unspecified vulnerability in an ActiveX control for HP Virtual Rooms (HPVR) v6 and earlier, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors. |
| 7.5 | CVE-2008-0213 HP | ||
| IBM -- AIX | Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) swap, (2) swapoff, and (3) swapon programs. |
| 7.2 | CVE-2008-0584 OTHER-REF AIXAPAR AIXAPAR FRSIRT SECUNIA | ||
| IBM -- AIX | Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd program in bos.clvm.enh. |
| 7.2 | CVE-2008-0586 OTHER-REF AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR FRSIRT SECUNIA | ||
| IBM -- AIX | Buffer overflow in the uspchrp program in devices.chrp.base.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. |
| 7.2 | CVE-2008-0587 OTHER-REF AIXAPAR AIXAPAR AIXAPAR FRSIRT SECUNIA | ||
| IBM -- AIX | Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. |
| 7.2 | CVE-2008-0588 OTHER-REF AIXAPAR AIXAPAR AIXAPAR FRSIRT SECUNIA | ||
| Ipswitch -- WS_FTP Server | Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command. |
| 9.0 | CVE-2008-0590 BUGTRAQ FRSIRT SECUNIA | ||
| Joomla -- com_buslicense | SQL injection vulnerability in index.php in the buslicense (com_buslicense) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in a list action. |
| 7.5 | CVE-2008-0579 MILW0RM | ||
| Joomla -- com_sobi2 Sigsiu.NET -- SOBI2 Mambo -- com_sobi2 | SQL injection vulnerability in index.php in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) 2.5.3 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2008-0607 MILW0RM BID | ||
| Joomla -- com_downloads Mambo -- com_downloads | SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action. |
| 7.5 | CVE-2008-0652 MILW0RM | ||
| Joomla -- com_ynews | SQL injection vulnerability in index.php in the Ynews (com_ynews) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showYNews action. |
| 7.5 | CVE-2008-0653 MILW0RM | ||
| KAME -- IPComp | The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header. |
| 7.8 | CVE-2008-0177 OTHER-REF OTHER-REF CERT-VN BID SECUNIA SECUNIA | ||
| LightBlog -- LightBlog | Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root directory. |
| 9.3 | CVE-2008-0632 BUGTRAQ MILW0RM OTHER-REF SECUNIA | ||
| Linux -- Kernel | Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset. |
| 7.2 | CVE-2008-0007 MLIST OTHER-REF SUSE FRSIRT | ||
| Mambo -- Mambo Joomla -- Joomla Arthur Konze WebDesign -- AkoGallery | SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. |
| 7.5 | CVE-2008-0561 MILW0RM BID XF | ||
| Mambo -- com_awesom amazOOP -- Awesom Joomla -- com_awesom | SQL injection vulnerability in index.php in the amazOOP Awesom! (com_awesom) 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task. |
| 7.5 | CVE-2008-0603 MILW0RM BID | ||
| Mambo -- com_shambo2 Phil Taylor -- Shambo2 Joomla -- com_shambo2 | SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter. |
| 7.5 | CVE-2008-0606 MILW0RM BID XF | ||
| MamboServer -- CatalogShop | SQL injection vulnerability in index.php in the CatalogShop (com_catalogshop) 1.0b1 componenent for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. |
| 7.5 | CVE-2008-0557 MILW0RM XF | ||
| MamboServer -- Mambo MamboServer -- Joomla | SQL injection vulnerability in index.php in the Restaurant (com_restaurant) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. |
| 7.5 | CVE-2008-0562 MILW0RM BID XF | ||
| Moernaut -- Supercrypt Moernaut -- LSrunasE | Geert Moernaut LSrunasE allows local users to gain privileges by obtaining the encrypted password from a batch file, and constructing a modified batch file that specifies this password in the /password switch and specifies an arbitrary program in the /command switch. |
| 7.2 | CVE-2008-0581 BUGTRAQ | ||
| MPlayer -- MPlayer | Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag. |
| 9.3 | CVE-2008-0485 BUGTRAQ BID FULLDISC OTHER-REF OTHER-REF FRSIRT SECTRACK SECUNIA | ||
| Nero -- MediaPlayer | Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file. |
| 9.3 | CVE-2008-0619 BUGTRAQ MILW0RM BID FRSIRT SECUNIA | ||
| Openads -- Openads | Unspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors. |
| 7.5 | CVE-2008-0635 BUGTRAQ BID SECUNIA | ||
| ourgame.com -- GLWorld ourgame.com -- HanGamePluginCn18_ActiveX control | Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld 2.6.1.29 (aka Lianzong Game Platform) allow remote attackers to execute arbitrary code via long arguments to the (1) hgs_startGame and (2) hgs_startNotify methods, as exploited in the wild as of February 2008. NOTE: some of these details are obtained from third party information. |
| 10.0 | CVE-2008-0647 OTHER-REF FRSIRT SECUNIA | ||
| Pedro Santana Codice -- CMS | SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2008-0651 BID | ||
| photokorn -- Gallery | SQL injection vulnerability in index.php in Photokorn Gallery 1.543 allows remote attackers to execute arbitrary SQL commands via the pic parameter in a showpic action. |
| 7.5 | CVE-2008-0614 MILW0RM | ||
| Portail Web Php -- Portail Web Php | Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) config/conf-activation.php, (2) menu/item.php, and (3) modules/conf_modules.php in admin/system/; and (4) system/login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2008-0645 BID | ||
| Rasterbar Software -- libtorrent Deluge Team -- Deluge | The bdecode_recursive function in include/libtorrent/bencode.hpp in Rasterbar Software libtorrent before 0.12.1, as used in Deluge before 0.5.8.3 and other products, allows context-dependent attackers to cause a denial of service (stack exhaustion and crash) via a crafted bencoded message. |
| 7.8 | CVE-2008-0646 OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA SECUNIA | ||
| redhat -- enterprise_linux redhat -- desktop | The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation. |
| 7.2 | CVE-2007-4130 OTHER-REF REDHAT SECUNIA | ||
| RMSOFT -- Gallery System XOOPS -- Xoops | SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2008-0611 MILW0RM BID | ||
| SafeNet -- IPSecDrv.sys SafeNet -- SafeNet HighAssurance Remote SafeNet -- SoftRemote VPN Client | IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote allows local users to gain privileges via a crafted IPSECDRV_IOCTL IOCTL request. |
| 7.2 | CVE-2008-0573 MILW0RM BID FRSIRT SECTRACK SECUNIA | ||
| SAP -- SAPLPD SAP -- SAPgui SAP -- SAPSPRINT | SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate. |
| 10.0 | CVE-2008-0620 BUGTRAQ BUGTRAQ BID FRSIRT SECTRACK SECUNIA | ||
| SAP -- SAPLPD SAP -- SAPSPRINT SAP -- SAPgui | Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands. |
| 7.5 | CVE-2008-0621 BUGTRAQ BUGTRAQ BID FRSIRT SECTRACK SECUNIA | ||
| Sejoong Namo -- NamoInstall.1 ActiveX Control Sejoong Namo -- ActiveSquare | Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1, as used in Sejoong Namo ActiveSquare6, allows remote attackers to execute arbitrary code via a long argument to the Install method, a different vulnerability than CVE-2008-0551. |
| 7.5 | CVE-2008-0634 SECUNIA | ||
| Simple OS CMS -- Simple OS CMS | SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2008-0650 BID | ||
| Sun -- JDK Sun -- JRE | The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources. |
| 7.8 | CVE-2008-0628 BUGTRAQ OTHER-REF SUNALERT FRSIRT SECTRACK SECUNIA | ||
| Sun -- JRE Sun -- JDK | Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. |
| 10.0 | CVE-2008-0657 SUNALERT FRSIRT SECUNIA | ||
| SwiftView -- Viewer | Multiple stack-based buffer overflows in SwiftView Viewer before 8.3.5, as used by SwiftView and SwiftSend, allow remote attackers to execute arbitrary code via unspecified vectors to the (1) svocx.ocx ActiveX control or the (2) npsview.dll plugin for Mozilla and Firefox. |
| 10.0 | CVE-2007-5602 OTHER-REF CERT-VN BID FRSIRT SECUNIA SECTRACK | ||
| Symantec -- BackupExec System Recovery | Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary files via unknown vectors. |
| 10.0 | CVE-2008-0457 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| Symantec -- Ghost Solutions Suite | Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands on the client via ARP spoofing. |
| 10.0 | CVE-2008-0640 OTHER-REF BID | ||
| Tcl_Tk -- Tcl_Tk | Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image. |
| 10.0 | CVE-2008-0553 OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| UltraVNC -- UltraVNC | Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value. |
| 9.3 | CVE-2008-0610 OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| XOOPS -- Xoops | Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. |
| 7.5 | CVE-2008-0612 BUGTRAQ MILW0RM OTHER-REF OTHER-REF BID |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| AfterLogic -- MailBee Objects | Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow remote attackers to (1) overwrite arbitrary files via the SaveToDisk method, or (2) modify files via the AddStringToFile method. |
| 4.3 | CVE-2008-0631 MILW0RM BID XF | ||
| All Club CMS -- All Club CMS | Directory traversal vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the class_name parameter. |
| 6.8 | CVE-2008-0602 MILW0RM | ||
| Anon Proxy Server -- Anon Proxy Server | Buffer overflow in Anon Proxy Server 0.102 and earlier, when user authentication is enabled, allows remote attackers to cause a denial of service (exception) via a user name with a large number of quotes, which triggers the overflow during escaping. |
| 6.0 | CVE-2008-0633 BUGTRAQ OTHER-REF BID | ||
| AOL -- YGP PicEditor ActiveX Control | Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values. |
| 4.3 | CVE-2007-6699 FULLDISC FULLDISC BID SECTRACK | ||
| AstroSoft -- AstroSoft HelpDesk | Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft HelpDesk allow remote attackers to inject arbitrary web script or HTML via the (1) txtSearch parameter to operator/article/article_search_results.asp and the (2) Attach_Id parameter to operator/article/article_attachment.asp. NOTE: for vector 2, the XSS occurs in a forced SQL error message. |
| 4.3 | CVE-2008-0605 BUGTRAQ BID | ||
| Contact Forms -- cForms | ** DISPUTED ** PHP remote file inclusion vulnerability in cforms-css.php in Oliver Seidel cforms (contactforms), a Wordpress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the tm parameter. NOTE: CVE disputes this issue for 7.3, since there is no tm parameter, and the code exits with a fatal error due to a call to an undefined function. |
| 6.8 | CVE-2008-0560 BUGTRAQ VIM | ||
| Daniel M. Schurter -- DMSGuestbook WordPress -- WordPress | Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter to wp-admin/admin.php, or the (2) messagefield parameter in the guestbook page, and the (3) title parameter in the messagearea. |
| 4.3 | CVE-2008-0617 BUGTRAQ MILW0RM BID | ||
| Daniel M. Schurter -- DMSGuestbook WordPress -- WordPress | Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to unspecified programs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2008-0618 SECUNIA | ||
| DeltaScripts -- PHP Links | SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 6.8 | CVE-2008-0565 MILW0RM BID SECUNIA | ||
| DeltaScripts -- PHP Links | PHP remote file inclusion vulnerability in includes/smarty.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_public_program parameter. |
| 6.8 | CVE-2008-0566 MILW0RM BID | ||
| Drupal -- Comment Upload Module | The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors. |
| 6.4 | CVE-2008-0569 OTHER-REF SECUNIA | ||
| Drupal -- OpenID | The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers. |
| 5.0 | CVE-2008-0570 OTHER-REF SECUNIA | ||
| Drupal -- Userpoints Module | The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and manipulate points. |
| 4.3 | CVE-2008-0571 OTHER-REF SECUNIA | ||
| Drupal -- Project Issue Tracking module | Cross-site scripting (XSS) vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors that write to summary table pages. |
| 4.3 | CVE-2008-0576 OTHER-REF SECUNIA | ||
| Drupal -- Project Issue Tracking module | The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal (1) does not restrict the extensions of attached files when the Upload module is enabled for issue nodes, which allows remote attackers to upload and possibly execute arbitrary files; and (2) accepts the .html extension within the bundled file-upload functionality, which allows remote attackers to upload files containing arbitrary web script or HTML. |
| 6.4 | CVE-2008-0577 OTHER-REF SECUNIA | ||
| Gentoo -- xdg-utils | Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email. |
| 6.8 | CVE-2008-0386 OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF GENTOO BID FRSIRT SECTRACK SECUNIA SECUNIA MANDRIVA | ||
| HP -- Select Identity | Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to gain access via unknown vectors. |
| 6.0 | CVE-2008-0214 HP BID | ||
| IBM -- AIX | sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permissions for unspecified WebSM Remote Client files, which allows local users to "alter the behavior of" this client by overwriting these files. |
| 6.6 | CVE-2008-0585 OTHER-REF AIXAPAR FRSIRT SECUNIA | ||
| IBM -- AIX | The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors. |
| 4.9 | CVE-2008-0589 OTHER-REF AIXAPAR AIXAPAR AIXAPAR AIXAPAR FRSIRT SECTRACK SECUNIA | ||
| Illustrate -- dBpowerAMP Audio Player | Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569. |
| 6.8 | CVE-2008-0661 BUGTRAQ MILW0RM MILW0RM BID BID | ||
| Ipswitch -- WS_FTP | The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823. |
| 5.0 | CVE-2008-0608 OTHER-REF BID FRSIRT SECUNIA | ||
| Liferay -- Liferay Enterprise Portal | Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header. |
| 4.3 | CVE-2008-0178 OTHER-REF CERT-VN BID SECUNIA | ||
| Liferay -- Liferay Enterprise Portal | Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile. |
| 4.3 | CVE-2008-0180 OTHER-REF CERT-VN BID SECUNIA | ||
| Liferay -- Liferay Enterprise Portal | Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message. |
| 4.3 | CVE-2008-0181 OTHER-REF CERT-VN BID SECUNIA | ||
| Liferay -- Liferay Enterprise Portal | Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message. |
| 4.3 | CVE-2008-0182 OTHER-REF CERT-VN SECUNIA | ||
| Liferay -- Liferay Enterprise Portal | Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. |
| 4.3 | CVE-2008-0563 OTHER-REF | ||
| MailMan -- MailMan | Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636. |
| 4.3 | CVE-2008-0564 MLIST OTHER-REF BID SECUNIA | ||
| Mindmeld -- Mindmeld | Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 allow remote attackers to execute arbitrary PHP code via a URL in the MM_GLOBALS[home] parameter to (1) acweb/admin_index.php; and (2) ask.inc.php, (3) learn.inc.php, (4) manage.inc.php, (5) mind.inc.php, and (6) sensory.inc.php in include/. |
| 6.8 | CVE-2008-0572 MILW0RM | ||
| MPlayer -- MPlayer | Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r25824 allows remote user-assisted attackers to execute arbitrary code via a CDDB database entry containing a long album title. |
| 4.3 | CVE-2008-0629 OTHER-REF | ||
| MPlayer -- MPlayer | Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL, which causes the buffer to be reused by the unescape code. |
| 6.8 | CVE-2008-0630 OTHER-REF | ||
| netpbm -- NetPBM | Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484. |
| 6.8 | CVE-2008-0554 OTHER-REF OTHER-REF | ||
| Nilsons Blogger -- Nilsons Blogger | Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the permalink parameter in core.php, accessed through index.php; and (2) the thispost parameter in comments.php. |
| 5.0 | CVE-2008-0559 BUGTRAQ BID SECUNIA | ||
| OpenBSD -- Open_BSD | Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. |
| 4.3 | CVE-2007-6700 BUGTRAQ BUGTRAQ MLIST OTHER-REF BID SECUNIA | ||
| OpenSiteAdmin -- OpenSiteAdmin | Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0.9.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) indexFooter.php; and (2) DatabaseManager.php, (3) FieldManager.php, (4) Filter.php, (5) Form.php, (6) FormManager.php, (7) LoginManager.php, and (8) Filters/SingleFilter.php in scripts/classes/. |
| 6.8 | CVE-2008-0648 MILW0RM BID | ||
| RaidenHTTPD -- RaidenHTTPD | Cross-site scripting (XSS) vulnerability in RaidenHTTPD 2.0.19 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the ulang parameter. |
| 4.3 | CVE-2008-0622 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| Skype Technologies -- Skype | Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler. |
| 4.3 | CVE-2008-0582 BUGTRAQ OTHER-REF BID | ||
| Skype Technologies -- Skype | Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454. |
| 4.3 | CVE-2008-0583 OTHER-REF OTHER-REF BID | ||
| Tripwire -- Tripwire Enterprise | Cross-site scripting (XSS) vulnerability in the web management login page in Tripwire Enterprise 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | CVE-2008-0578 BUGTRAQ OTHER-REF BID SECTRACK SECUNIA XF | ||
| Uniwin -- eCart Professional | Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional before 2.0.16 allows remote attackers to inject arbitrary web script or HTML via the rp parameter to cartView.asp and unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2008-0558 BID SECUNIA | ||
| webSPELL -- webSPELL | Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action. |
| 4.3 | CVE-2008-0574 BUGTRAQ BID SECUNIA XF | ||
| webSPELL -- webSPELL | Cross-site request forgery (CSRF) vulnerability in admin/admincenter.php in webSPELL 4.01.02 allows remote attackers to assign the superadmin privilege level to arbitrary accounts as administrators via an "update member" action. |
| 4.3 | CVE-2008-0575 BUGTRAQ SECUNIA | ||
| WordPress -- WordPress DMSGuestbook -- DMSGuestbook | Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters. |
| 4.0 | CVE-2008-0615 BUGTRAQ MILW0RM BID SECUNIA | ||
| WordPress -- WordPress DMSGuestbook -- DMSGuestbook | SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. |
| 6.5 | CVE-2008-0616 BUGTRAQ MILW0RM XF | ||
| WordPress -- WordPress | The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors. |
| 6.4 | CVE-2008-0664 OTHER-REF BID FRSIRT SECUNIA | ||
| XLight FTP Server -- XLight FTP Server | The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions. |
| 6.8 | CVE-2008-0604 OTHER-REF BID SECUNIA | ||
| XOOPS -- Xoops | Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter. |
| 5.0 | CVE-2008-0613 BUGTRAQ MILW0RM OTHER-REF OTHER-REF | ||
| Yahoo -- Yahoo Music Jukebox | Stack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method. |
| 4.3 | CVE-2008-0623 MILW0RM MILW0RM MILW0RM CERT-VN BID SECTRACK | ||
| Yahoo -- Yahoo Music Jukebox | Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! JukeBox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddButton method, a different vulnerability than CVE-????-????. |
| 4.3 | CVE-2008-0624 MILW0RM CERT-VN | ||
| Yahoo -- Yahoo Music Jukebox | Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in Yahoo! Music Jukebox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddBitmap method. |
| 4.3 | CVE-2008-0625 MILW0RM CERT-VN BID SECTRACK |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Geert Moernaut -- Supercrypt Geert Moernaut -- LSrunasE | Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering. |
| 2.1 | CVE-2008-0580 BUGTRAQ | ||
| Liferay -- Liferay Enterprise Portal | Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. |
| 2.6 | CVE-2008-0179 OTHER-REF CERT-VN BID SECUNIA | ||
| Moernaut -- Supercrypt Moernaut -- LSrunasE | Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords. |
| 2.1 | CVE-2007-6340 BUGTRAQ OTHER-REF OTHER-REF | ||
| Novell -- Novell Client for Windows Novell -- Challenge Response Client | Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field. |
| 2.1 | CVE-2008-0663 OTHER-REF FRSIRT SECTRACK SECUNIA | ||
| xine -- xine-lib MPlayer -- MPlayer | Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. |
| 0.0 | CVE-2008-0486 BUGTRAQ OTHER-REF BID FULLDISC OTHER-REF FRSIRT SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.