Weekly Vulnerabilities Reports > January 14 to 20, 2008
Overview
129 new vulnerabilities reported during this period, including 30 critical vulnerabilities and 36 high severity vulnerabilities. This weekly summary report vulnerabilities in 118 products from 73 vendors including Oracle, Menalto, Apple, Drupal, and X ORG. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "Resource Management Errors".
- 120 reported vulnerabilities are remotely exploitables.
- 41 reported vulnerabilities have public exploit available.
- 48 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 125 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 11 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 11 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
30 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-01-18 | CVE-2008-0356 | Citrix | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Citrix products Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513. | 10.0 |
2008-01-17 | CVE-2008-0349 | Oracle | Multiple vulnerability in Oracle January 2008 Critical Patch Update Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02. | 10.0 |
2008-01-17 | CVE-2008-0348 | Oracle | Multiple vulnerability in Oracle January 2008 Critical Patch Update Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18, 8.48.15, and 8.49.07 have unknown impact and remote attack vectors, aka (1) PSE01, (2) PSE03, and (3) PSE04. | 10.0 |
2008-01-17 | CVE-2008-0347 | Oracle | Multiple vulnerability in Oracle January 2008 Critical Patch Update Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. | 10.0 |
2008-01-17 | CVE-2008-0346 | Oracle | Multiple vulnerability in Oracle January 2008 Critical Patch Update Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01. | 10.0 |
2008-01-17 | CVE-2008-0345 | Oracle | Multiple vulnerability in Oracle January 2008 Critical Patch Update Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08. | 10.0 |
2008-01-17 | CVE-2008-0344 | Oracle | Multiple vulnerability in Oracle January 2008 Critical Patch Update Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack vectors, aka DB07. | 10.0 |
2008-01-17 | CVE-2008-0343 | Oracle | Multiple vulnerability in Oracle January 2008 Critical Patch Update Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has unknown impact and remote attack vectors, aka DB06. | 10.0 |
2008-01-17 | CVE-2008-0342 | Oracle | Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3/9.2.0.8 Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB05. | 10.0 |
2008-01-17 | CVE-2008-0341 | Oracle | Multiple vulnerability in Oracle Database Server 10.1.0.5/9.0.1.5 Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03. | 10.0 |
2008-01-17 | CVE-2008-0340 | Oracle | Multiple vulnerability in Oracle January 2008 Critical Patch Update Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB04). | 10.0 |
2008-01-17 | CVE-2008-0339 | Oracle | Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3/9.2.0.8Dv Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01. | 10.0 |
2008-01-17 | CVE-2008-0027 | Cisco | Buffer Errors vulnerability in Cisco products Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request. | 10.0 |
2008-01-17 | CVE-2007-6693 | Menalto | Unspecified vulnerability in Menalto Gallery Webcam Module Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request." | 10.0 |
2008-01-17 | CVE-2007-6691 | Menalto | Unspecified vulnerability in Menalto Gallery Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules. | 10.0 |
2008-01-17 | CVE-2007-6690 | Menalto | Permissions, Privileges, and Access Controls vulnerability in Menalto Gallery The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors. | 10.0 |
2008-01-17 | CVE-2007-6688 | Menalto | Unspecified vulnerability in Menalto Gallery Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder." | 10.0 |
2008-01-17 | CVE-2007-6686 | Menalto | Unspecified vulnerability in Menalto Gallery The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller. | 10.0 |
2008-01-17 | CVE-2007-6685 | Menalto | Permissions, Privileges, and Access Controls vulnerability in Menalto Gallery Publish XP Module Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors. | 10.0 |
2008-01-16 | CVE-2008-0296 | Microsoft Videolan | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. | 10.0 |
2008-01-16 | CVE-2007-5658 | Tibco | Improper Input Validation vulnerability in Tibco products Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow. | 10.0 |
2008-01-16 | CVE-2007-5657 | Tibco | Improper Input Validation vulnerability in Tibco products TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets. | 10.0 |
2008-01-16 | CVE-2007-5656 | Tibco | Resource Management Errors vulnerability in Tibco products TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory. | 10.0 |
2008-01-16 | CVE-2007-5655 | Tibco | Buffer Errors vulnerability in Tibco products TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers. | 10.0 |
2008-01-16 | CVE-2008-0122 | ISC Freebsd | Numeric Errors vulnerability in ISC Bind Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. | 10.0 |
2008-01-16 | CVE-2008-0081 | Microsoft | Use of Uninitialized Resource vulnerability in Microsoft Excel, Excel Viewer and Office Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. | 9.8 |
2008-01-18 | CVE-2007-6429 | X ORG | Race Condition vulnerability in X.Org Evi, Mit-Shm and Xserver Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension. | 9.3 |
2008-01-18 | CVE-2007-6427 | X ORG Canonical Debian Apple Fedoraproject Opensuse Suse | Out-Of-Bounds Write vulnerability in multiple products The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. | 9.3 |
2008-01-18 | CVE-2007-5760 | X ORG Xfree86 Project | Local Privilege Escalation and Information Disclosure vulnerability in RETIRED: X.Org X Server Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index. | 9.3 |
2008-01-16 | CVE-2008-0033 | Apple | Resource Management Errors vulnerability in Apple Quicktime Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption. | 9.3 |
36 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-01-16 | CVE-2008-0295 | Videolan | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. | 8.5 |
2008-01-15 | CVE-2008-0277 | Drupal | Improper Input Validation vulnerability in Drupal Fileshare Module 4.7.X/5.X Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors. | 8.5 |
2008-01-18 | CVE-2008-0352 | Linux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram). | 7.8 |
2008-01-17 | CVE-2008-0331 | Funkwerk | Improper Input Validation vulnerability in Funkwerk System Software Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests. | 7.8 |
2008-01-17 | CVE-2008-0330 | Radiator | Improper Authentication vulnerability in Radiator Radius Server Open System Consultants (OSC) Radiator before 4.0 allows remote attackers to cause a denial of service (daemon crash) via malformed RADIUS requests, as demonstrated by packets sent by nmap. | 7.8 |
2008-01-18 | CVE-2008-0006 | SUN X ORG | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. | 7.5 |
2008-01-18 | CVE-2008-0363 | Clever Copy | SQL Injection vulnerability in Clever Copy Clever Copy Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php. | 7.5 |
2008-01-18 | CVE-2008-0360 | Blog CMS | SQL Injection vulnerability in Blog CMS Blog CMS 4.2.1C Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php. | 7.5 |
2008-01-18 | CVE-2008-0355 | Phpecho CMS | SQL Injection vulnerability in PHPecho CMS PHPecho CMS SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866. | 7.5 |
2008-01-18 | CVE-2008-0353 | PHP Residence | SQL Injection vulnerability in PHP-Residence 0.7.2/1.0 SQL injection vulnerability in visualizza_tabelle.php in php-residence 0.7.2 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cognome_cerca parameter. | 7.5 |
2008-01-18 | CVE-2008-0350 | Evilsentinel | Permissions, Privileges, and Access Controls vulnerability in Evilsentinel admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes. | 7.5 |
2008-01-17 | CVE-2008-0337 | Miniweb Http Server | Buffer Errors vulnerability in Miniweb Http Server Miniweb Http Server 0.8.19 Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI. | 7.5 |
2008-01-17 | CVE-2008-0328 | Fascript | SQL Injection vulnerability in Fascript Faname 1.0 SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-01-17 | CVE-2008-0327 | Fascript | SQL Injection vulnerability in Fascript Famp3 1.0 SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-01-17 | CVE-2008-0326 | Fascript | SQL Injection vulnerability in Fascript Fapersianhack 1.0 SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php. | 7.5 |
2008-01-17 | CVE-2008-0325 | Fascript | SQL Injection vulnerability in Fascript Fapersian Petition SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-01-17 | CVE-2007-6689 | Menalto | Improper Input Validation vulnerability in Menalto Gallery Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module. | 7.5 |
2008-01-17 | CVE-2007-6682 | Videolan | Remote Code Execution vulnerability in VideoLAN VLC Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter. | 7.5 |
2008-01-17 | CVE-2007-6681 | Videolan | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file. | 7.5 |
2008-01-16 | CVE-2008-0291 | Hangzhou RUI Qiang | SQL Injection vulnerability in Hangzhou Rui-Qiang Richstrong CMS SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2008-01-16 | CVE-2008-0290 | Digitalhive | SQL Injection vulnerability in Digitalhive Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php. | 7.5 |
2008-01-16 | CVE-2008-0288 | Imagealbum | SQL Injection vulnerability in Imagealbum 2.0.0B2 Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action. | 7.5 |
2008-01-16 | CVE-2008-0286 | Article Dashboard | SQL Injection vulnerability in Article Dashboard Article Dashboard SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields. | 7.5 |
2008-01-15 | CVE-2008-0282 | Domphp | SQL Injection vulnerability in Domphp SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter. | 7.5 |
2008-01-15 | CVE-2008-0281 | ID Commerce | SQL Injection vulnerability in Id-Commerce SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter. | 7.5 |
2008-01-15 | CVE-2008-0280 | Mtcms | SQL Injection vulnerability in Mtcms 2.0 SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter. | 7.5 |
2008-01-15 | CVE-2008-0279 | Xforum | SQL Injection vulnerability in Xforum 1.4 SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter. | 7.5 |
2008-01-15 | CVE-2008-0267 | Eticket | SQL Injection vulnerability in Eticket 1.5.5.2 Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php. | 7.5 |
2008-01-15 | CVE-2008-0262 | Agares Media | SQL Injection vulnerability in Agares Media PHPautovideo 2.21 SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter. | 7.5 |
2008-01-15 | CVE-2008-0256 | Matteo Binda | SQL Injection vulnerability in Matteo Binda ASP Photo Gallery 1.0 Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp. | 7.5 |
2008-01-15 | CVE-2008-0255 | Igamingcms | SQL Injection vulnerability in Igamingcms Igaming CMS 1.5 SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter. | 7.5 |
2008-01-15 | CVE-2008-0253 | Binn | SQL Injection vulnerability in Binn Sbuilder SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter. | 7.5 |
2008-01-15 | CVE-2008-0173 | Gforge | SQL Injection vulnerability in Gforge SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports. | 7.5 |
2008-01-19 | CVE-2008-0368 | IBM | Local Privilege Escalation vulnerability in IBM Informix Dynamic Server 10.0 onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument. | 7.2 |
2008-01-18 | CVE-2008-0366 | Core Security Technologies | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Core Security Technologies Core Force CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments. | 7.2 |
2008-01-18 | CVE-2008-0365 | Core Security Technologies | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Core Security Technologies Core Force Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module. | 7.2 |
59 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-01-19 | CVE-2008-0369 | IBM | Local Privilege Escalation vulnerability in IBM Informix Dynamic Server 10.00 Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs. | 6.9 |
2008-01-16 | CVE-2008-0217 | Freebsd | Permissions, Privileges, and Access Controls vulnerability in Freebsd The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script. | 6.9 |
2008-01-18 | CVE-2008-0358 | Pixelpost | SQL Injection vulnerability in Pixelpost 1.7 SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter. | 6.8 |
2008-01-16 | CVE-2008-0293 | Freeseat | Permissions, Privileges, and Access Controls vulnerability in Freeseat Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function. | 6.8 |
2008-01-16 | CVE-2008-0036 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding. | 6.8 |
2008-01-16 | CVE-2008-0289 | Mansion Productions | Code Injection vulnerability in Mansion Productions Member Area System PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. | 6.8 |
2008-01-16 | CVE-2008-0287 | Visionburst | Code Injection vulnerability in Visionburst Vcart 3.3.2 PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php. | 6.8 |
2008-01-16 | CVE-2008-0035 | Apple | Resource Management Errors vulnerability in Apple Safari Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. | 6.8 |
2008-01-15 | CVE-2008-0283 | Domphp | Code Injection vulnerability in Domphp PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 6.8 |
2008-01-15 | CVE-2008-0264 | Drupal | Improper Input Validation vulnerability in Drupal Meta Tags Module Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 module for Drupal, when images are permitted in node bodies, allows remote authenticated users to execute arbitrary code via unspecified vectors involving creation of a node. | 6.8 |
2008-01-15 | CVE-2008-0254 | Wavelink Media | SQL Injection vulnerability in Wavelink Media Tutorialcms 1.02 SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter. | 6.8 |
2008-01-17 | CVE-2007-6692 | Menalto | Link Following vulnerability in Menalto Gallery Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules. | 6.4 |
2008-01-15 | CVE-2008-0259 | Minimal Design | Path Traversal vulnerability in Minimal Design Minimal Gallery 0.8 Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. | 6.4 |
2008-01-15 | CVE-2008-0278 | X7 Group | SQL Injection vulnerability in X7 Group X7 Chat SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action. | 6.0 |
2008-01-15 | CVE-2008-0270 | Taskfreak | SQL Injection vulnerability in Taskfreak SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter. | 6.0 |
2008-01-16 | CVE-2008-0032 | Apple | Resource Management Errors vulnerability in Apple Quicktime Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption. | 5.8 |
2008-01-16 | CVE-2008-0031 | Apple | Resource Management Errors vulnerability in Apple Quicktime Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption. | 5.8 |
2008-01-19 | CVE-2008-0367 | Mozilla | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks. | 5.0 |
2008-01-18 | CVE-2008-0364 | Bittorrent Utorrent | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier. | 5.0 |
2008-01-18 | CVE-2007-6428 | X ORG | Local Privilege Escalation and Information Disclosure vulnerability in RETIRED: X.Org X Server The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index. | 5.0 |
2008-01-18 | CVE-2007-5958 | X ORG | Information Exposure vulnerability in X.Org Xserver X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists. | 5.0 |
2008-01-18 | CVE-2008-0351 | Evilsentinel | Improper Authentication vulnerability in Evilsentinel admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php. | 5.0 |
2008-01-17 | CVE-2008-0172 | Ubuntu Boost | Improper Input Validation vulnerability in Boost 1.33/1.34 The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression. | 5.0 |
2008-01-17 | CVE-2008-0171 | Boost | Improper Input Validation vulnerability in Boost and Boost Regex Library regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression. | 5.0 |
2008-01-17 | CVE-2008-0338 | Miniweb Http Server | Path Traversal vulnerability in Miniweb Http Server Miniweb Http Server 0.8.19 Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI. | 5.0 |
2008-01-17 | CVE-2008-0332 | Aria | Path Traversal vulnerability in Aria 0.996 Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. | 5.0 |
2008-01-17 | CVE-2008-0329 | Julien Plesniak | Permissions, Privileges, and Access Controls vulnerability in Julien Plesniak Lulieblog 1.0.1/1.0.2 LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter. | 5.0 |
2008-01-17 | CVE-2007-6684 | Videolan | Improper Input Validation vulnerability in Videolan VLC 0.8.6D The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference. | 5.0 |
2008-01-17 | CVE-2007-6683 | Videolan | Unspecified vulnerability in Videolan VLC 0.8.6D The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability. | 5.0 |
2008-01-16 | CVE-2008-0297 | Keil Software | Information Exposure vulnerability in Keil Software Photokorn PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output. | 5.0 |
2008-01-16 | CVE-2008-0294 | Freeseat | Security Bypass vulnerability in FreeSeat Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors. | 5.0 |
2008-01-16 | CVE-2008-0285 | Ngircd | Denial Of Service vulnerability in ngIRCd PART Command Parsing ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference. | 5.0 |
2008-01-15 | CVE-2008-0275 | Drupal | Permissions, Privileges, and Access Controls vulnerability in Drupal Atom Module The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content. | 5.0 |
2008-01-15 | CVE-2008-0263 | Ingate | Resource Management Errors vulnerability in Ingate Firewall and Ingate Siparator The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors. | 5.0 |
2008-01-15 | CVE-2008-0261 | Mambo | Resource Management Errors vulnerability in Mambo Open Source Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors. | 5.0 |
2008-01-15 | CVE-2008-0260 | Minimal Design | Improper Input Validation vulnerability in Minimal Design Minimal Gallery 0.8 minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function. | 5.0 |
2008-01-17 | CVE-2008-0324 | Cisco | Resource Management Errors vulnerability in Cisco VPN Client 5.0.2.0090 Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption. | 4.9 |
2008-01-15 | CVE-2008-0269 | SUN | Local Denial of Service vulnerability in SUN Sunos 5.10 Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors. | 4.9 |
2008-01-16 | CVE-2008-0034 | Apple | Unspecified vulnerability in Apple Iphone and Iphone OS Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. | 4.6 |
2008-01-18 | CVE-2008-0362 | Clever Copy | Cross-Site Scripting vulnerability in Clever Copy Clever Copy Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the album parameter. | 4.3 |
2008-01-18 | CVE-2008-0361 | Instituto Politicnico Nacional | Path Traversal vulnerability in Instituto Politicnico Nacional Gradman Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 4.3 |
2008-01-18 | CVE-2008-0359 | Blog CMS | Cross-Site Scripting vulnerability in Blog CMS Blog CMS 4.2.1C Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/. | 4.3 |
2008-01-18 | CVE-2008-0357 | Galaxyscripts | Path Traversal vulnerability in Galaxyscripts Mini File Host Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | 4.3 |
2008-01-18 | CVE-2008-0354 | IBM | Cross-Site Scripting vulnerability in IBM Lotus Sametime 7.5/7.5.1 Cross-site scripting (XSS) vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim. | 4.3 |
2008-01-17 | CVE-2008-0336 | Bugtracker NET | Cross-Site Request Forgery (CSRF) vulnerability in Bugtracker.Net Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx. | 4.3 |
2008-01-17 | CVE-2008-0335 | Bugtracker NET | Cross-Site Scripting vulnerability in Bugtracker.Net Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field. | 4.3 |
2008-01-17 | CVE-2007-6687 | Menalto | Cross-Site Scripting vulnerability in Menalto Gallery Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules; or via (3) HTTP PROPPATCH in the WebDAV module. | 4.3 |
2008-01-16 | CVE-2008-0299 | Python Software Foundation | Unspecified vulnerability in Python Software Foundation Paramiko 1.7.1 common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool. | 4.3 |
2008-01-16 | CVE-2008-0298 | Apple | Improper Input Validation vulnerability in Apple Safari KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. | 4.3 |
2008-01-16 | CVE-2008-0292 | Dansie | Cross-Site Scripting vulnerability in Dansie Photo Album 1.0 Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
2008-01-15 | CVE-2008-0284 | Simple Machines | Cross-Site Scripting vulnerability in Simple Machines Simple Machines SMF Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments. | 4.3 |
2008-01-15 | CVE-2008-0276 | Drupal | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table. | 4.3 |
2008-01-15 | CVE-2008-0273 | Drupal | Cross-Site Scripting vulnerability in Drupal Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism. | 4.3 |
2008-01-15 | CVE-2008-0272 | Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users. | 4.3 |
2008-01-15 | CVE-2008-0271 | Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Bueditor The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces. | 4.3 |
2008-01-15 | CVE-2008-0268 | Eticket | Cross-Site Scripting vulnerability in Eticket 1.5.5.2 Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | 4.3 |
2008-01-15 | CVE-2008-0265 | F5 | Cross-Site Scripting vulnerability in F5 Tmos 9.4.3 Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories. | 4.3 |
2008-01-15 | CVE-2008-0258 | PHP Running Management | Cross-Site Scripting vulnerability in PHP Running Management PHPrunman Cross-site scripting (XSS) vulnerability in index.php in PHP Running Management (phpRunMan) before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | 4.3 |
2008-01-15 | CVE-2008-0257 | Dansie | Cross-Site Scripting vulnerability in Dansie Search Engine 2.7 Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search Engine 2.7 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | 4.3 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-01-17 | CVE-2008-0334 | Pmachine | Cross-Site Scripting vulnerability in Pmachine PRO 2.4.1 Cross-site scripting (XSS) vulnerability in pm/language/spanish/preferences.php in PMachine Pro 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the L_PREF_NAME[855] parameter. | 2.6 |
2008-01-15 | CVE-2008-0274 | Drupal | Cross-Site Scripting vulnerability in Drupal 4.7/5.0 Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files. | 2.6 |
2008-01-15 | CVE-2008-0266 | Eticket | Cross-Site Request Forgery (CSRF) vulnerability in Eticket 1.5.5.2 Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. | 2.6 |
2008-01-16 | CVE-2008-0216 | Freebsd | Permissions, Privileges, and Access Controls vulnerability in Freebsd The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user. | 2.1 |