Vulnerability Summary for the Week of February 25, 2008
Released
Mar 03, 2008
Document ID
SB08-063
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
">
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| aStats -- astatsPRO Joomla -- com_astatspro | SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2008-0918 SECUNIA | ||
| beContent -- beContent | SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2008-0921 MILW0RM BID SECUNIA | ||
| Double-Take Software -- Double-Take | Buffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) 4.5.0.1629, and other 4.5.0.x versions, allows remote attackers to have an unknown impact via a packet with a long string in the username field. |
| 7.5 | CVE-2008-0973 BUGTRAQ OTHER-REF BID | ||
| Eagle Software -- Aeries Student Information System | SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter. |
| 7.5 | CVE-2008-0942 BUGTRAQ BID | ||
| Eagle Software -- Aeries Student Information System | Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp. |
| 7.5 | CVE-2008-0943 BUGTRAQ BID XF SECUNIA | ||
| Fujitsu -- Interstage Application Server Enterprise Fujitsu -- Interstage Apworks Enterprise Fujitsu -- Interstage Studio Standard_J Fujitsu -- Interstage Apworks Standard_J Fujitsu -- Interstage Application Server Standard_J Fujitsu -- Interstage Studio Enterprise | Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI. |
| 10.0 | CVE-2008-1040 OTHER-REF BID FRSIRT SECUNIA | ||
| Gentoo -- rPath Linux | expn in the am-utils and net-fs packages for Gentoo rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1. |
| 7.2 | CVE-2008-1078 OTHER-REF | ||
| Linux Web Shop -- php User Base | PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter. |
| 7.5 | CVE-2008-1043 MILW0RM BID | ||
| Mamboportal.com -- Simpleboard | SQL injection vulnerability in index.php in the Simpleboard (com_simpleboard) 1.0.3 Stable component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action. |
| 7.5 | CVE-2008-1077 MILW0RM BID | ||
| MandrakeSoft -- Mandrake Linux Red Hat -- Enterprise Linux Desktop Red Hat -- Enterprise Linux D-BUS -- Inter-Process Communication System Red Hat -- Enterprise Linux Desktop Workstation Red Hat -- Fedora | dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface. |
| 7.2 | CVE-2008-0595 MLIST OTHER-REF MANDRIVA REDHAT BID FRSIRT SECTRACK SECUNIA SECUNIA | ||
| Move Networks Inc -- Move Media Player Move Networks Inc -- Qunatum Streaming Player | Stack-based buffer overflow in the Quantum Streaming Player (Quantum Streaming IE Player) ActiveX control (aka QSP2IE.QSP2IE) in qsp2ie07076007.dll 7.7.6.7 and qsp2ie07074039.dll 7.7.4.39 in Move Media Player allows remote attackers to execute arbitrary code via a long argument to the UploadLogs method, a different vector than CVE-2007-4722. NOTE: some of these details are obtained from third party information. |
| 7.5 | CVE-2008-1044 FULLDISC MILW0RM BID SECUNIA | ||
| Mozilla -- SeaMonkey Mozilla -- Thunderbird | Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview. |
| 7.5 | CVE-2008-0304 IDEFENSE OTHER-REF BID SECTRACK SECUNIA | ||
| NetWin -- SurgeMail NetWin -- WebMail | Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter. |
| 7.5 | CVE-2008-1055 BUGTRAQ BID FRSIRT SECUNIA | ||
| Novell -- iPrint Client Novell -- iPrint | Stack-based buffer overflow in the Novell iPrint Control ActiveX control in ienipp.ocx in Novell iPrint Client before 4.34 allows remote attackers to execute arbitrary code via a long argument to the ExecuteRequest method. |
| 10.0 | CVE-2008-0935 OTHER-REF BID FRSIRT SECUNIA SECTRACK | ||
| NukeC -- NukeC PHP-Nuke -- NukeC Module | SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action. |
| 7.5 | CVE-2008-0934 MILW0RM BID | ||
| OpenBSD -- Open_BSD | The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers. |
| 7.8 | CVE-2008-1057 OPENBSD BID FRSIRT SECTRACK SECUNIA | ||
| OpenBSD -- Open_BSD | The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 allows attackers to cause a denial of service (panic) via crafted TCP packets. NOTE: some of these details are obtained from third party information. |
| 7.8 | CVE-2008-1058 OPENBSD OPENBSD BID FRSIRT SECTRACK SECUNIA | ||
| PHP-Nuke -- Manuales | SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php. |
| 7.5 | CVE-2008-0922 MILW0RM BID | ||
| PHPNuke -- Kose_Yazilari Module | Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php. |
| 7.5 | CVE-2008-1053 MILW0RM BID | ||
| PORAR -- Webboard | SQL injection vulnerability in question.asp in PORAR WEBBOARD allows remote attackers to execute arbitrary SQL commands via the QID parameter. |
| 7.5 | CVE-2008-1039 MILW0RM BID SECUNIA | ||
| Positive Software -- SiteStudio Positive Software -- H-Sphere | Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors. |
| 10.0 | CVE-2008-1049 OTHER-REF SECUNIA | ||
| SoftBiz -- Jokes and Funny Pictures Script | SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter. |
| 7.5 | CVE-2008-1050 BUGTRAQ BID | ||
| Sybase -- MobiLink Sybase -- SQL Anywhere | Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long (1) username, (2) version, or (3) remote ID. NOTE: some of these details are obtained from third party information. |
| 10.0 | CVE-2008-0912 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA SECTRACK | ||
| Symantec -- Backup Exec for Windows Server | Multiple stack-based buffer overflows in a Symantec ActiveX control related to the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, might allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control. |
| 9.3 | CVE-2007-6016 OTHER-REF BID SECTRACK | ||
| Symantec -- Symantec Mail Security Exchange Symantec -- Symantec AntiVirus Network Attached Storage Symantec -- Scan Engine Symantec -- Symantec AntiVirus MS ISA Symantec -- Symantec AntiVirus Messaging Symantec -- Symantec AntiVirus Microsoft SharePoint Symantec -- Symantec AntiVirus Clearswift Symantec -- Symantec AntiVirus Scan Engine Caching Symantec -- Symantec AntiVirus_Filtering Domino MPE Symantec -- Symantec AntiVirus Scan Engine | Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp). |
| 9.3 | CVE-2008-0308 IDEFENSE OTHER-REF BID FRSIRT SECUNIA | ||
| Symantec -- Symantec AntiVirus_Filtering Domino MPE Symantec -- Symantec AntiVirus Network Attached Storage Symantec -- Scan Engine Symantec -- Symantec AntiVirus Scan Engine Messaging Symantec -- Symantec Antivirus Scan Engine for MS ISA Symantec -- Symantec AntiVirus Scan Engine Clearswift Symantec -- Symantec AntiVirus Scan Engine for Microsoft SharePoint Symantec -- Symantec Mail Security for Microsoft Exchange Symantec -- Symantec AntiVirus Scan Engine Caching Symantec -- Symantec AntiVirus Scan Engine | Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp). |
| 8.5 | CVE-2008-0309 IDEFENSE OTHER-REF BID FRSIRT SECUNIA | ||
| The Sword Project -- Diatheke Front End The Sword Project -- Sword | diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an unspecified parameter. |
| 7.5 | CVE-2008-0932 DEBIAN BID SECUNIA SECUNIA | ||
| Urulu -- Urulu | SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with (1) statprt/js/request or (2) dyn/js/request in the PATH_INFO. |
| 7.5 | CVE-2008-0385 BUGTRAQ BID | ||
| VideoLAN -- VLC Media Player | The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file. |
| 9.3 | CVE-2008-0984 OTHER-REF | ||
| WordPress -- Photo Album plugin | Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information. |
| 7.5 | CVE-2008-0939 BUGTRAQ MILW0RM OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
| WordPress -- Sniplets Plugin | PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. |
| 7.5 | CVE-2008-1059 BUGTRAQ MILW0RM BID SECUNIA | ||
| WordPress -- Sniplets Plugin | Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter. |
| 7.5 | CVE-2008-1060 BUGTRAQ MILW0RM BID SECUNIA | ||
| XOOPS -- Prayer List Module | SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. |
| 7.5 | CVE-2008-0936 BUGTRAQ BID SECUNIA | ||
| XOOPS -- XM_Memberstats | Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2008-1065 OTHER-REF BID SECUNIA |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| activepdf -- Server | Heap-based buffer overflow in the activePDF Server service (aka APServer.exe) in activePDF Server 3.8.4 and 3.8.5.14, and possibly other versions before 3.8.6.16, allows remote attackers to execute arbitrary code via a packet with a size field that is less than the actual size of the data. |
| 6.8 | CVE-2007-5397 OTHER-REF SECUNIA | ||
| Alkacon -- OpenCms | Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter. |
| 4.3 | CVE-2008-1045 BUGTRAQ BID | ||
| Canon -- imagePRESS Canon -- i-SENSYS Canon -- imageRUNNER | The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce. |
| 6.4 | CVE-2008-0303 OTHER-REF OTHER-REF CERT-VN BID | ||
| Double-Take Software -- Double-Take | Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (CPU consumption) via a -1 value in the field that specifies the size of the vector |
| 5.0 | CVE-2008-0975 BUGTRAQ OTHER-REF BID | ||
| Double-Take Software -- Double-Take | Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain long packet that triggers an attempt to allocate a large amount of memory. |
| 5.0 | CVE-2008-0977 BUGTRAQ OTHER-REF BID | ||
| Double-Take Software -- Double-Take | Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type (1) 0x2728, which provides operating system and path information; (2) 0x274e, which lists Ethernet adapters; (3) 0x2726, which provides filesystem information; (4) 0x274f, which specifies the printer driver; or (5) 0x2757, which provides recent log entries. |
| 5.0 | CVE-2008-0978 BUGTRAQ OTHER-REF BID | ||
| DrBenHur.com -- DBHcms | PHP remote file inclusion vulnerability in mod/mod.extmanager.php in DBHcms 1.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the extmanager_install parameter. |
| 6.8 | CVE-2008-1038 MILW0RM BID | ||
| Eagle Software -- Aeries Student Information System | Cross-site scripting (XSS) vulnerability in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote authenticated users to inject arbitrary web script or HTML via an event. |
| 4.3 | CVE-2008-0941 BUGTRAQ BID XF SECUNIA | ||
| Easy Software Products -- CUPS | Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers. |
| 5.0 | CVE-2008-0596 REDHAT REDHAT BID SECUNIA SECTRACK | ||
| Easy Software Products -- CUPS | Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets. |
| 5.0 | CVE-2008-0597 REDHAT REDHAT BID SECUNIA SECTRACK | ||
| GROUP_E -- GROUP_E | PHP remote file inclusion vulnerability in lib/head_auth.php in GROUP-E 1.6.41 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[PREPEND_FILE] parameter. |
| 6.8 | CVE-2008-1074 MILW0RM BID | ||
| HP -- StorageWorks Double-Take Double-Take Software -- Double-Take | Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon termination) via (1) a large vector |
| 5.0 | CVE-2008-0974 BUGTRAQ OTHER-REF BID | ||
| HP -- StorageWorks Double-Take Double-Take Software -- Double-Take | Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed packet, as demonstrated by a packet of type (1) 0x2722 or (2) 0x272a. |
| 5.0 | CVE-2008-0976 BUGTRAQ OTHER-REF BID | ||
| HP -- StorageWorks Double-Take Double-Take Software -- Double-Take | Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain packet that triggers the recursive calling of a function. |
| 5.0 | CVE-2008-0979 BUGTRAQ OTHER-REF BID | ||
| Internet Security Systems -- Internet Scanner | Cross-site scripting (XSS) vulnerability in the report interface in Internet Security Systems (ISS) Internet Scanner 7.0 Service Pack 2 Build 7.2.2005.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | CVE-2008-1073 OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| Interspire -- Shopping Cart | Cross-site scripting (XSS) vulnerability in search.php in Interspire Shopping Cart 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2008-1076 SECUNIA | ||
| InterVideo -- WinDVD Media Center | InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.0 | CVE-2008-1062 BID SECUNIA | ||
| IPdiva -- IPdiva | The Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and 2.3 before 2.3.2.14 stores the number of remaining allowed login attempts in a cookie, which makes it easier for remote attackers to conduct brute force attacks by manipulating this cookie's value. |
| 6.4 | CVE-2008-0915 BUGTRAQ FULLDISC BID SECUNIA | ||
| Ipswitch -- Instant Messaging | Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero. |
| 5.0 | CVE-2008-0944 BUGTRAQ OTHER-REF BID SECUNIA | ||
| Ipswitch -- Instant Messaging Ipswitch -- IMserver | Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field. |
| 4.9 | CVE-2008-0946 BUGTRAQ OTHER-REF OTHER-REF BID | ||
| lighttpd -- lighttpd | lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access. |
| 5.0 | CVE-2008-0983 OTHER-REF BID FRSIRT SECUNIA | ||
| Linux Web Shop -- php Download Manager | Directory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. |
| 6.8 | CVE-2008-1042 MILW0RM BID SECUNIA XF | ||
| Maian -- Cart | Cross-site scripting (XSS) vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2008-1075 SECUNIA | ||
| Matts Whois -- Matts Whois | Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter. |
| 4.3 | CVE-2008-1041 OTHER-REF BID SECUNIA | ||
| NetWin -- SurgeFTP | The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails. |
| 6.4 | CVE-2008-1052 BUGTRAQ OTHER-REF BID SECUNIA | ||
| NetWin -- SurgeMail | Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information. |
| 6.4 | CVE-2008-1054 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
| Open Source Security Information Management -- OS-SIM | Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter. |
| 4.3 | CVE-2008-0919 BUGTRAQ BUGTRAQ MILW0RM BID BUGTRAQ SECUNIA | ||
| Open Source Security Information Management -- OS-SIM | SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression. |
| 6.5 | CVE-2008-0920 BUGTRAQ BUGTRAQ MILW0RM BID SECUNIA | ||
| Opera Software -- Opera | Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input. |
| 6.8 | CVE-2008-1080 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| Opera Software -- Opera | Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties. |
| 6.8 | CVE-2008-1081 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| Opera Software -- Opera | Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation. |
| 4.3 | CVE-2008-1082 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| Packeteer -- PolicyCenter Packeteer -- PacketShaper | Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into an Error Report page. |
| 4.3 | CVE-2008-1037 BUGTRAQ BID | ||
| phpProfiles -- phpProfiles_ | PHP remote file inclusion vulnerability in include/body_comm.inc.php in phpProfiles 4.5.2 BETA allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. |
| 6.8 | CVE-2008-1051 MILW0RM BID | ||
| phpQLAdmin -- phpQLAdmin | Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[path] parameter to (1) ezmlm.php and (2) tools/update_translations.php. |
| 6.8 | CVE-2008-1067 MILW0RM SECUNIA | ||
| Plume CMS -- Plume CMS | Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. |
| 4.3 | CVE-2008-1048 OTHER-REF SECUNIA | ||
| Portail Web Php -- Portail Web Php | Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.php, and (3) Bleu/index.php in template/, different vectors than CVE-2008-0645. |
| 6.8 | CVE-2008-1068 MILW0RM BID | ||
| Quantum Game Library -- Quantum Game Library | Multiple PHP remote file inclusion vulnerabilities in Quantum Game Library 0.7.2c allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) server_request.php and (2) qlib/smarty.inc.php. |
| 6.8 | CVE-2008-1069 MILW0RM BID SECUNIA XF | ||
| Quinsonnas -- Quinsonnas Mail Checker | PHP remote file inclusion vulnerability in footer.php in Quinsonnas Mail Checker 1.55 allows remote attackers to execute arbitrary PHP code via a URL in the op[footer_body] parameter. |
| 6.8 | CVE-2008-1046 MILW0RM | ||
| redhat -- desktop Debian -- Debian Linux SuSE -- SuSE Open_Enterprise_Server SuSE -- SuSE Linux Enterprise Desktop SuSE -- SuSE Linux MandrakeSoft -- MandrakeSoft Corporate Server SuSE -- open Suse redhat -- Enterprise Linux Desktop Workstation SuSE -- Novell Linux POS redhat -- Enterprise Linux Desktop rPath -- rPath Linux SuSE -- SuSE Linux Enterprise Server Ghostscript -- Ghostscript redhat -- enterprise_linux MandrakeSoft -- Mandrake Linux SuSE -- SuSE SLE SDK | Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. |
| 6.0 | CVE-2008-0411 OTHER-REF DEBIAN REDHAT BID | ||
| S9Y -- Serendipity | Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file. |
| 4.9 | CVE-2008-0124 OTHER-REF OTHER-REF BID | ||
| Smarty -- Smarty | The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string. |
| 6.4 | CVE-2008-1066 OTHER-REF OTHER-REF OTHER-REF | ||
| Spyce -- Spyce | Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python Server Pages (PSP) 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the url or type parameter to docs/examples/redirect.spy; (2) the x parameter to docs/examples/handlervalidate.spy; (3) the name parameter to spyce/examples/request.spy; (4) the Name parameter to spyce/examples/getpost.spy; (5) the mytextarea parameter, the mypass parameter, or an empty parameter to spyce/examples/formtag.spy; (6) the newline parameter to the default URI under demos/chat/; (7) the text1 parameter to docs/examples/formintro.spy; or (8) the mytext or mydate parameter to docs/examples/formtag.spy. |
| 4.3 | CVE-2008-0980 BUGTRAQ OTHER-REF BID | ||
| Spyce -- Spyce | Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. |
| 6.4 | CVE-2008-0981 BUGTRAQ OTHER-REF BID | ||
| Spyce -- Spyce | Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to obtain sensitive information via a direct request for spyce/examples/automaton.spy, which reveals the path in an error message. |
| 5.8 | CVE-2008-0982 BUGTRAQ OTHER-REF BID | ||
| Sun -- Solaris | Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore. |
| 4.7 | CVE-2008-0933 SUNALERT FRSIRT SECUNIA BID SECTRACK | ||
| Sun -- Solaris | Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126. |
| 4.7 | CVE-2008-0938 SUNALERT FRSIRT SECUNIA BID SECTRACK | ||
| Sun -- Solaris | Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers tobypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly. |
| 6.8 | CVE-2008-1095 SUNALERT BID FRSIRT SECUNIA XF | ||
| Symantec -- Backup Exec for Windows Server | A Symantec ActiveX control related to the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes multiple unsafe methods, which allows remote attackers to cause a denial of service (browser crash), or possibly overwrite or modify arbitrary files, via unspecified vectors. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control. |
| 5.1 | CVE-2007-6017 OTHER-REF BID SECTRACK | ||
| Symark -- PowerBroker | Multiple stack-based buffer overflows in Symark PowerBroker 2.8 through 5.0.1 allow local users to gain privileges via a long argv[0] string when executing (1) pbrun, (2) pbsh, or (3) pbksh. NOTE: the product is often installed in environments with trust relationships that facilitate subsequent remote compromises. |
| 6.9 | CVE-2008-1056 OTHER-REF OTHER-REF BID SECUNIA | ||
| TikiWiki -- Tikiwiki | Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | CVE-2008-1047 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| VMWare -- VMWare Workstation VMWare -- ACE VMWare -- VMWare Player | Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string. |
| 6.9 | CVE-2008-0923 BUGTRAQ OTHER-REF BID SECTRACK | ||
| WebGUI -- WebGUI | Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407. |
| 4.3 | CVE-2008-0940 OTHER-REF BID SECUNIA | ||
| Wireshark -- Wireshark | The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. |
| 4.7 | CVE-2008-1070 OTHER-REF BID SECTRACK SECUNIA | ||
| Wireshark -- Wireshark | The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. |
| 4.7 | CVE-2008-1071 OTHER-REF BID SECTRACK SECUNIA | ||
| Wireshark -- Wireshark | The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug. |
| 4.7 | CVE-2008-1072 OTHER-REF BID SECTRACK SECUNIA | ||
| WordPress -- Sniplets Plugin | Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php. |
| 4.3 | CVE-2008-1061 BUGTRAQ MILW0RM BID SECUNIA XF | ||
| xine -- xine-lib xine -- xine-plugin | Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664. |
| 6.8 | CVE-2008-1110 MILW0RM OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF GENTOO SECUNIA | ||
| XOOPS -- Tiny Event Module TinyEvent -- TinyEvent | SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811. |
| 6.8 | CVE-2008-0937 BUGTRAQ SECUNIA BID | ||
| XOOPS -- RMSOFT GS | Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. |
| 6.4 | CVE-2008-1063 OTHER-REF | ||
| XOOPS -- Xoops RMSoft Gallery System | Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
| 6.4 | CVE-2008-1064 OTHER-REF |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Ipswitch -- Instant Messaging Ipswitch -- IMserver | Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field. |
| 3.5 | CVE-2008-0945 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.