Weekly Vulnerabilities Reports > January 7 to 13, 2008

Overview

145 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 44 high severity vulnerabilities. This weekly summary report vulnerabilities in 138 products from 91 vendors including Wordpress, Microsoft, Apache, Postgresql, and SUN. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Permissions, Privileges, and Access Controls", and "Path Traversal".

  • 137 reported vulnerabilities are remotely exploitables.
  • 46 reported vulnerabilities have public exploit available.
  • 67 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 136 reported vulnerabilities are exploitable by an anonymous user.
  • Wordpress has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

20 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-01-12 CVE-2008-0251 Photopost Improper Input Validation vulnerability in Photopost Vbgallery

Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.

10.0
2008-01-12 CVE-2008-0247 IBM Buffer Errors vulnerability in IBM Tivoli Storage Manager Express 5.3

Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage Manager (TSM) Express 5.3 before 5.3.7.3 allows remote attackers to execute arbitrary code via a packet with a large length value.

10.0
2008-01-12 CVE-2008-0246 Uploadscript Permissions, Privileges, and Access Controls vulnerability in Uploadscript Uploadimage and Uploadscript

admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.

10.0
2008-01-12 CVE-2008-0244 SAP Improper Input Validation vulnerability in SAP Maxdb

SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.

10.0
2008-01-11 CVE-2008-0235 Microsoft Code Injection vulnerability in Microsoft VFP OLE Server Activex Control

The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method.

10.0
2008-01-10 CVE-2008-0229 Level ONE Improper Authentication vulnerability in Level ONE Wbr-3460A 1.0.11/1.0.12

The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access.

10.0
2008-01-10 CVE-2007-6679 IBM Remote Security vulnerability in Websphere Application Server

Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected.

10.0
2008-01-09 CVE-2007-6532 Xfce Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xfce 4.4.0/4.4.1

Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management."

10.0
2008-01-09 CVE-2008-0151 Foxitsoftware Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Foxitsoftware WAC Server 2.0/2.1.0.910

Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options.

10.0
2008-01-09 CVE-2008-0148 Tutos Permissions, Privileges, and Access Controls vulnerability in Tutos 1.3

TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.

10.0
2008-01-08 CVE-2008-0003 Redhat
Openpegasus
Buffer Errors vulnerability in Openpegasus Management Server 2.6.1

Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.

10.0
2008-01-08 CVE-2008-0098 Realnetworks Buffer Errors vulnerability in Realnetworks Realplayer 11Build6.0.14.748

Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2008-01-12 CVE-2008-0250 Microsoft Buffer Errors vulnerability in Microsoft Visual Interdev 6.0

Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long Project line.

9.3
2008-01-12 CVE-2008-0248 Streamaudio Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Streamaudio Chaincast Proxymanager Activex Control

Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ChainCast ProxyManager allows remote attackers to execute arbitrary code via a long URL argument to the InternalTuneIn method.

9.3
2008-01-11 CVE-2008-0234 Apple Buffer Errors vulnerability in Apple Quicktime 7.3.1.70/7.4

Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.

9.3
2008-01-10 CVE-2008-0228 Linksys Cross-Site Request Forgery (CSRF) vulnerability in Linksys Wrt54Gl 4.30.9

Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators.

9.3
2008-01-10 CVE-2008-0223 Justsystem Buffer Errors vulnerability in Justsystem Ichitaro, Ichitaro Lite2 and Ichitaro Viewer

Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file.

9.3
2008-01-10 CVE-2008-0221 Gateway Path Traversal vulnerability in Gateway Weblaunch 1.0.0.1

Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method.

9.3
2008-01-09 CVE-2007-6250 AOL
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by AmpX ActiveX control (AmpX.dll), might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method.

9.3
2008-01-08 CVE-2007-0069 Microsoft Remote Buffer Overflow vulnerability in Microsoft Windows 2003 Server, Windows Vista and Windows XP

Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."

9.3

44 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-01-10 CVE-2008-0127 Mcafee Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mcafee E-Business Server

The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet.

8.8
2008-01-12 CVE-2008-0243 IBM Denial Of Service vulnerability in IBM Lotus Domino 7.0/7.0.1/7.0.2

Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors.

7.8
2008-01-12 CVE-2007-6423 Microsoft
Apache
Resource Management Errors vulnerability in Apache Http Server

** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL.

7.8
2008-01-12 CVE-2008-0252 Cherrypy Path Traversal vulnerability in Cherrypy 2.2.1/3.0.0/3.0.1

Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.

7.5
2008-01-12 CVE-2008-0245 Uploadscript Permissions, Privileges, and Access Controls vulnerability in Uploadscript Uploadimage and Uploadscript

admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.

7.5
2008-01-11 CVE-2008-0238 Xine Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib

Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225.

7.5
2008-01-11 CVE-2008-0233 Zero CMS Permissions, Privileges, and Access Controls vulnerability in Zero CMS Zero CMS 1.0Alpha

Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg.

7.5
2008-01-11 CVE-2008-0232 Zero CMS SQL Injection vulnerability in Zero CMS Zero CMS 1.0Alpha

Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or the (2) f or t parameters to forums/index.php.

7.5
2008-01-11 CVE-2008-0231 Tuned Studios Path Traversal vulnerability in Tuned Studios products

Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter.

7.5
2008-01-11 CVE-2008-0230 Osdate Code Injection vulnerability in Osdate 2.0.8

PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via a URL in the php121dir parameter.

7.5
2008-01-10 CVE-2008-0227 Yassl Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Yassl

yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.

7.5
2008-01-10 CVE-2008-0226 Yassl
Mysql
Oracle
Apple
Debian
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

7.5
2008-01-10 CVE-2008-0224 Runcms SQL Injection vulnerability in Runcms 1.5.3/1.6/1.6.1

SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter.

7.5
2008-01-10 CVE-2008-0222 Wordpress Code Injection vulnerability in Wordpress Filemanager 1.2

Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors.

7.5
2008-01-10 CVE-2008-0220 Gateway Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gateway Cweblaunchctl Activex Control and Weblaunch

Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allow remote attackers to execute arbitrary code via a long string in the (1) second or (2) fourth argument to the DoWebLaunch method.

7.5
2008-01-10 CVE-2008-0219 PHP Webquest SQL Injection vulnerability in PHP Webquest PHP Webquest 2.6

SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920.

7.5
2008-01-10 CVE-2008-0194 Wordpress Path Traversal vulnerability in Wordpress

Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a ..

7.5
2008-01-09 CVE-2008-0187 Spacial Audio Solutions SQL Injection vulnerability in Spacial Audio Solutions Samphpweb 4.2.2

SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the songid parameter.

7.5
2008-01-09 CVE-2008-0185 Netrisk SQL Injection vulnerability in Netrisk 1.9.7

SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php).

7.5
2008-01-09 CVE-2008-0157 Flexbb SQL Injection vulnerability in Flexbb 1.010005Betarelease1

SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie.

7.5
2008-01-09 CVE-2008-0154 Evilboard SQL Injection vulnerability in Evilboard 0.1A

SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execute arbitrary SQL commands the c parameter.

7.5
2008-01-08 CVE-2007-5360 Openpegasus
Vmware
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003.

7.5
2008-01-08 CVE-2008-0145 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors.

7.5
2008-01-08 CVE-2008-0144 Phprisk SQL Injection vulnerability in PHPrisk Netrisk 1.9.7

PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5
2008-01-08 CVE-2008-0143 Spacial Audio Solutions Code Injection vulnerability in Spacial Audio Solutions SAM Broadcaster and Samphpweb

PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter.

7.5
2008-01-08 CVE-2008-0141 Webportal Credentials Management vulnerability in Webportal CMS 0.6Beta

actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action.

7.5
2008-01-08 CVE-2008-0137 Snetworks SQL Injection vulnerability in Snetworks PHP Classifieds 5.0

PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.

7.5
2008-01-08 CVE-2008-0133 Thomas Perez SQL Injection vulnerability in Thomas Perez Tribisur

Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to cat_main.php and the (2) cat parameter to forum.php in a liste action.

7.5
2008-01-08 CVE-2008-0130 Instantsoftwares SQL Injection vulnerability in Instantsoftwares Dating Site

SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671.

7.5
2008-01-08 CVE-2007-6671 Instantsoftwares SQL Injection vulnerability in Instantsoftwares Dating Site

SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021.

7.5
2008-01-08 CVE-2008-0101 White Dune Improper Input Validation vulnerability in White Dune White Dune

Format string vulnerability in the swDebugf function in DuneApp.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a .WRL file.

7.5
2008-01-08 CVE-2008-0100 White Dune Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in White Dune White Dune

Stack-based buffer overflow in the Scene::errorf function in Scene.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via a long string in a .WRL file.

7.5
2008-01-08 CVE-2008-0097 Georgia Softworks Improper Input Validation vulnerability in Georgia Softworks Ssh2 Server

Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username field, as demonstrated by a certain LoginPassword message.

7.5
2008-01-08 CVE-2008-0096 Georgia Softworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Georgia Softworks Ssh2 Server

Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allow remote attackers to execute arbitrary code via a (1) a long username, which triggers an overflow in the log function; or (2) a long password.

7.5
2008-01-08 CVE-2007-6670 Phpcredo SQL Injection vulnerability in PHPcredo Phcdownload 1.1

SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter.

7.5
2008-01-08 CVE-2007-6668 Peergoal Permissions, Privileges, and Access Controls vulnerability in Peergoal Myspace Content Zone

admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading (1) a .php file and (2) a .php%00.jpeg file.

7.5
2008-01-12 CVE-2008-0242 SUN Unspecified vulnerability in SUN Solaris 10.0

Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.

7.2
2008-01-09 CVE-2007-5762 Novell Improper Input Validation vulnerability in Novell Netware Client 4.91

NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.

7.2
2008-01-09 CVE-2007-6601 Postgresql Improper Authentication vulnerability in Postgresql

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors.

7.2
2008-01-09 CVE-2007-5616 SSH
Linux
Opengroup
Permissions, Privileges, and Access Controls vulnerability in multiple products

ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors.

7.2
2008-01-09 CVE-2007-5761 Motorola Permissions, Privileges, and Access Controls vulnerability in Motorola Netoctopus 5.1.2Build1011

The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\.\NantSys device interface (nantsys.sys), which allows local users to gain privileges or cause a denial of service (system crash), as demonstrated by modifying the SYSENTER_EIP_MSR CPU Model Specific Register (MSR) value.

7.2
2008-01-09 CVE-2007-5665 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Zenworks Endpoint Security Management 3.5

STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diagnostic reports, which allows local users to gain privileges, as demonstrated by creating a cmd.exe binary in the diagnostic report directory.

7.2
2008-01-08 CVE-2007-5352 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.

7.2
2008-01-08 CVE-2007-0066 Microsoft Unspecified vulnerability in Microsoft products

The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."

7.1

78 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-01-11 CVE-2008-0237 Microsoft Improper Input Validation vulnerability in Microsoft Rich Textbox Control 6.0

The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method.

6.8
2008-01-09 CVE-2007-6067 Postgresql
TCL TK
Numeric Errors vulnerability in multiple products

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.

6.8
2008-01-09 CVE-2007-4769 Postgresql
TCL TK
Numeric Errors vulnerability in multiple products

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

6.8
2008-01-09 CVE-2008-0159 Eggblog SQL Injection vulnerability in Eggblog

SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie.

6.8
2008-01-09 CVE-2008-0150 Aruba Networks Improper Authentication vulnerability in Aruba Networks Aruba Mobility Controllers

Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access.

6.8
2008-01-09 CVE-2008-0147 Smallnuke SQL Injection vulnerability in Smallnuke 2.0.4

SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action.

6.8
2008-01-08 CVE-2008-0142 Webportal SQL Injection vulnerability in Webportal CMS 0.6Beta

Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors.

6.8
2008-01-08 CVE-2008-0139 Loudblog SQL Injection vulnerability in Loudblog

Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter.

6.8
2008-01-08 CVE-2008-0138 Xoops SQL Injection vulnerability in Xoops Xoopsgallery Module 1.3.39

PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.

6.8
2008-01-08 CVE-2008-0129 Siteatschool SQL Injection vulnerability in Siteatschool

SQL injection vulnerability in starnet/addons/slideshow_full.php in [email protected] 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the album_name parameter.

6.8
2008-01-08 CVE-2008-0099 Myphp Forum SQL Injection vulnerability in Myphp Forum Myphp Forum

Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors.

6.8
2008-01-09 CVE-2007-6600 Postgresql Permissions, Privileges, and Access Controls vulnerability in Postgresql

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.

6.5
2008-01-09 CVE-2007-5402 Layton Technology SQL Injection vulnerability in Layton Technology Helpbox 3.7.1

Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow (1) remote attackers to execute arbitrary SQL commands via the sys_request_id parameter to editrequestenduser.asp; and allow remote authenticated users to execute arbitrary SQL commands via (2) the oldpassword parameter to writepwdenduser.asp, and the sys_request_id parameter to (3) changerequeststatus.asp, (4) editrequestuser.asp, (5) requestcommentsuser.asp, and (6) useractions.asp, different vectors than CVE-2004-2551.

6.5
2008-01-09 CVE-2007-5401 Layton Technology Permissions, Privileges, and Access Controls vulnerability in Layton Technology Helpbox 3.7.1

Unrestricted file upload vulnerability in uploadrequest.asp in Layton HelpBox 3.7.1 allows remote authenticated users to upload and execute arbitrary ASP files, related to not properly checking file extensions.

6.5
2008-01-10 CVE-2008-0225 Xine Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib

Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field.

6.4
2008-01-10 CVE-2008-0210 Uebimiau Improper Authentication vulnerability in Uebimiau Webmail 2.7.10/2.7.2

Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting.

6.4
2008-01-09 CVE-2008-0184 Prenotazioni ON Line Path Traversal vulnerability in Prenotazioni ON Line Syshotel ON Line System

Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter.

6.4
2008-01-08 CVE-2008-0140 Uebimiau Path Traversal vulnerability in Uebimiau Webmail 2.7.10/2.7.2

Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a ..

6.4
2008-01-08 CVE-2008-0094 Modxcms Path Traversal vulnerability in Modxcms 0.9.6.1

Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a ..

6.4
2008-01-11 CVE-2008-0241 SUN Improper Input Validation vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1

Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter.

5.8
2008-01-11 CVE-2008-0236 Microsoft Unspecified vulnerability in Microsoft Visual Foxpro 6.0

An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method.

5.8
2008-01-11 CVE-2007-6018 Horde Permissions, Privileges, and Access Controls vulnerability in Horde products

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

5.8
2008-01-10 CVE-2008-0209 Snitz Communications Improper Input Validation vulnerability in Snitz Communications Snitz Forums 2000

Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter.

5.8
2008-01-12 CVE-2008-0249 Phpwebquest Information Exposure vulnerability in PHPwebquest 2.6

PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails.

5.0
2008-01-12 CVE-2007-6284 Debian
Mandrakesoft
Redhat
Resource Management Errors vulnerability in multiple products

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

5.0
2008-01-10 CVE-2008-0199 PRO Search Improper Input Validation vulnerability in PRO Search PRO Search

PRO-Search 0.17 and earlier allows remote attackers to cause a denial of service via certain values of the show_page and time parameters to the default URI.

5.0
2008-01-10 CVE-2008-0196 Wordpress Path Traversal vulnerability in Wordpress

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a ..

5.0
2008-01-10 CVE-2008-0195 Wordpress Information Exposure vulnerability in Wordpress

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.

5.0
2008-01-10 CVE-2008-0191 Wordpress Information Exposure vulnerability in Wordpress 2.2/2.3

WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure.

5.0
2008-01-09 CVE-2007-6531 Xfce Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xfce 4.4.0/4.4.1

Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips.

5.0
2008-01-09 CVE-2007-5404 Layton Technology Information Exposure vulnerability in Layton Technology Helpbox 3.7.1

Layton HelpBox 3.7.1 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames.

5.0
2008-01-09 CVE-2008-0158 Shop Script Path Traversal vulnerability in Shop-Script 2.0

Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a ..

5.0
2008-01-09 CVE-2008-0156 Million Dollar Script Path Traversal vulnerability in Million Dollar Script Million Dollar Script 2.0.14

Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter.

5.0
2008-01-09 CVE-2008-0153 Pragma Systems Resource Management Errors vulnerability in Pragma Systems Pragma Telnetserver 7.0.4.589

telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers to cause a denial of service (process crash and resource exhaustion) via a crafted TELOPT PRAGMA LOGON telnet option, which triggers a NULL pointer dereference.

5.0
2008-01-09 CVE-2008-0149 Tutos Unspecified vulnerability in Tutos 1.3

TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function.

5.0
2008-01-08 CVE-2008-0136 Snitz Communications Information Exposure vulnerability in Snitz Communications Snitz Forums 2000 3.4.05

Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path.

5.0
2008-01-08 CVE-2008-0135 Snitz Communications Permissions, Privileges, and Access Controls vulnerability in Snitz Communications Snitz Forums 2000

Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.

5.0
2008-01-08 CVE-2007-6676 Uber Uploader Configuration vulnerability in Uber Uploader Uber Uploader

The default configuration of Uber Uploader (UU) 5.3.6 and earlier does not block uploads of (1) .html, (2) .asp, and other possibly dangerous extensions, which allows remote attackers to use these extensions in uploads via (a) uu_file_upload.php, related to uu_file_upload.js and (b) uber_uploader_file.php, related to uber_uploader_file.js, a different issue than CVE-2007-0123.

5.0
2008-01-08 CVE-2007-6675 Xoops Permissions, Privileges, and Access Controls vulnerability in Xoops

The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules.

5.0
2008-01-08 CVE-2008-0132 Pragma Systems Resource Management Errors vulnerability in Pragma Systems Fortressssh

Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username.

5.0
2008-01-08 CVE-2007-6672 Mortbay Jetty Path Traversal vulnerability in Mortbay Jetty 6.1.5/6.1.6

Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI.

5.0
2008-01-08 CVE-2008-0095 Asterisk Resource Management Errors vulnerability in Asterisk products

The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.

5.0
2008-01-12 CVE-2008-0123 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter.

4.3
2008-01-12 CVE-2008-0005 Apache Cross-Site Scripting vulnerability in Apache Http Server 1.3/2.0

mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

4.3
2008-01-12 CVE-2007-6420 Apache Cross-Site Request Forgery (CSRF) vulnerability in Apache Http Server

Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.

4.3
2008-01-11 CVE-2008-0240 SUN Cross-Site Scripting vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1

/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."

4.3
2008-01-11 CVE-2008-0239 SUN Cross-Site Scripting vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.

4.3
2008-01-10 CVE-2008-0218 Merak Cross-Site Scripting vulnerability in Merak Icewarp Mail Server

Cross-site scripting (XSS) vulnerability in admin/index.html in Merak IceWarp Mail Server allows remote attackers to inject arbitrary web script or HTML via the message parameter.

4.3
2008-01-10 CVE-2008-0208 Snitz Communications Cross-Site Scripting vulnerability in Snitz Communications Snitz Forums 2000

Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter.

4.3
2008-01-10 CVE-2008-0207 PRO Search Cross-Site Scripting vulnerability in PRO Search PRO Search

Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prot, (2) host, (3) path, (4) name, (5) ext, (6) size, (7) search_days, or (8) show_page parameter to the default URI.

4.3
2008-01-10 CVE-2008-0206 Wordpress Cross-Site Scripting vulnerability in Wordpress Captcha

Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) captcha_ttffolder, (2) captcha_numchars, (3) captcha_ttfrange, or (4) captcha_secret parameter.

4.3
2008-01-10 CVE-2008-0205 Wordpress Cross-Site Scripting vulnerability in Wordpress Math Comment Spam Protection Plugin

Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php.

4.3
2008-01-10 CVE-2008-0204 Wordpress Cross-Site Scripting vulnerability in Wordpress Math Comment Spam Protection Plugin

Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php.

4.3
2008-01-10 CVE-2008-0203 Wordpress Cross-Site Scripting vulnerability in Wordpress Cryptographp

Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3) bgimg, (4) charR, (5) charG, (6) charB, (7) charclear, (8) tfont, (9) charel, (10) charelc, (11) charelv, (12) charnbmin, (13) charnbmax, (14) charspace, (15) charsizemin, (16) charsizemax, (17) charanglemax, (18) noisepxmin, (19) noisepxmax, (20) noiselinemin, (21) noiselinemax, (22) nbcirclemin, (23) nbcirclemax, or (24) brushsize parameter to wp-admin/options-general.php.

4.3
2008-01-10 CVE-2008-0202 Expressionengine Code Injection vulnerability in Expressionengine

CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.

4.3
2008-01-10 CVE-2008-0201 Expressionengine Cross-Site Scripting vulnerability in Expressionengine

Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter.

4.3
2008-01-10 CVE-2008-0200 Medialand Cross-Site Scripting vulnerability in Medialand Rotabanner Local

Multiple cross-site scripting (XSS) vulnerabilities in account/index.html in RotaBanner Local 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) drop parameter.

4.3
2008-01-10 CVE-2008-0198 Wordpress Cross-Site Request Forgery (CSRF) vulnerability in Wordpress

Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.

4.3
2008-01-10 CVE-2008-0197 Wordpress Cross-Site Scripting vulnerability in Wordpress Wp-Contactform

Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wpcf_email, (2) wpcf_subject, (3) wpcf_question, (4) wpcf_answer, (5) wpcf_success_msg, (6) wpcf_error_msg, or (7) wpcf_msg parameter to wp-admin/admin.php, or (8) the SRC attribute of an IFRAME element.

4.3
2008-01-10 CVE-2008-0193 Wordpress Cross-Site Scripting vulnerability in Wordpress

Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php.

4.3
2008-01-10 CVE-2008-0192 Wordpress Cross-Site Scripting vulnerability in Wordpress

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.

4.3
2008-01-10 CVE-2008-0190 Awesometemplateengine Cross-Site Scripting vulnerability in Awesometemplateengine 1

Multiple cross-site scripting (XSS) vulnerabilities in templates/example_template.php in AwesomeTemplateEngine allow remote attackers to inject arbitrary web script or HTML via the (1) data[title], (2) data[message], (3) data[table][1][item], (4) data[table][1][url], or (5) data[poweredby] parameter.

4.3
2008-01-10 CVE-2007-6677 Peters Software
Wordpress
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form.

4.3
2008-01-09 CVE-2007-0012 SUN Improper Input Validation vulnerability in SUN JRE

Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM.

4.3
2008-01-09 CVE-2008-0186 Phprisk Cross-Site Scripting vulnerability in PHPrisk Netrisk

Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to CVE-2008-0144.

4.3
2008-01-09 CVE-2008-0155 Evilboard Cross-Site Scripting vulnerability in Evilboard 0.1A

Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter.

4.3
2008-01-09 CVE-2008-0152 Seattle LAB Software Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Seattle LAB Software Slnet RF Telnet Server

SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unspecified telnet options, which triggers a NULL pointer dereference.

4.3
2008-01-08 CVE-2008-0146 Hughes Technologies Cross-Site Scripting vulnerability in Hughes Technologies W3-Msql

Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the top-level URI.

4.3
2008-01-08 CVE-2008-0134 Snitz Communications Cross-Site Scripting vulnerability in Snitz Communications Snitz Forums 2000

Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter.

4.3
2008-01-08 CVE-2007-6674 Rapidshare Cross-Site Scripting vulnerability in Rapidshare Database

Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attackers to inject arbitrary web script or HTML via the Arayalim parameter.

4.3
2008-01-08 CVE-2007-6388 Apache Cross-Site Scripting vulnerability in Apache Http Server

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-01-08 CVE-2008-0131 Instantsoftwares Cross-Site Scripting vulnerability in Instantsoftwares Dating Site

Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022.

4.3
2008-01-08 CVE-2007-6673 Makale Scripti Cross-Site Scripting vulnerability in Makale Scripti Makale Scripti

Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action.

4.3
2008-01-08 CVE-2007-6669 Phpcredo Cross-Site Scripting vulnerability in PHPcredo Phcdownload 1.1

Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the string parameter.

4.3
2008-01-08 CVE-2008-0093 Eticket Cross-Site Scripting vulnerability in Eticket 1.5.5.2/1.5.6Rc2/1.5.6Rc3

Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters.

4.3
2008-01-08 CVE-2007-5965 Trolltech Permissions, Privileges, and Access Controls vulnerability in Trolltech Qsslsocket 4.3.0/4.3.1/4.3.2

QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user.

4.3
2008-01-09 CVE-2007-4772 Postgresql
TCL
Debian
Canonical
Resource Management Errors vulnerability in multiple products

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

4.0
2008-01-08 CVE-2007-6422 Apache Resource Management Errors vulnerability in Apache Http Server

The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-01-09 CVE-2007-5403 Layton Technology Cross-Site Scripting vulnerability in Layton Technology Helpbox 3.7.1

Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Filter field to statsrequestypereport.asp; and the (6) sys_request_id parameter to requestattach.asp; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) Asset, (8) Location, and (9) Problem fields to editrequestenduser.asp; the (10) Asset, (11) Asset Location, (12) Problem Desc, and (13) Solution Desc fields to editrequestuser.asp; and the (14) End User and (15) Description fields to usersearchrequests.asp.

3.5
2008-01-08 CVE-2007-6421 Apache Cross-Site Scripting vulnerability in Apache Http Server

Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

3.5
2008-01-10 CVE-2007-6680 IBM Unspecified vulnerability in IBM AIX 6.1

Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy.

2.1