Weekly Vulnerabilities Reports > January 14 to 20, 2008

Overview

132 new vulnerabilities reported during this period, including 30 critical vulnerabilities and 37 high severity vulnerabilities. This weekly summary report vulnerabilities in 121 products from 74 vendors including Oracle, Menalto, Drupal, Apple, and Videolan. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "Resource Management Errors".

  • 121 reported vulnerabilities are remotely exploitables.
  • 42 reported vulnerabilities have public exploit available.
  • 49 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 128 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 11 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

30 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-01-18 CVE-2008-0356 Citrix Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Citrix products

Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.

10.0
2008-01-17 CVE-2008-0349 Oracle Multiple vulnerability in Oracle January 2008 Critical Patch Update

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02.

10.0
2008-01-17 CVE-2008-0348 Oracle Multiple vulnerability in Oracle January 2008 Critical Patch Update

Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18, 8.48.15, and 8.49.07 have unknown impact and remote attack vectors, aka (1) PSE01, (2) PSE03, and (3) PSE04.

10.0
2008-01-17 CVE-2008-0347 Oracle Multiple vulnerability in Oracle January 2008 Critical Patch Update

Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01.

10.0
2008-01-17 CVE-2008-0346 Oracle Multiple vulnerability in Oracle January 2008 Critical Patch Update

Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01.

10.0
2008-01-17 CVE-2008-0345 Oracle Multiple vulnerability in Oracle January 2008 Critical Patch Update

Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.

10.0
2008-01-17 CVE-2008-0344 Oracle Multiple vulnerability in Oracle January 2008 Critical Patch Update

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack vectors, aka DB07.

10.0
2008-01-17 CVE-2008-0343 Oracle Multiple vulnerability in Oracle January 2008 Critical Patch Update

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has unknown impact and remote attack vectors, aka DB06.

10.0
2008-01-17 CVE-2008-0342 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3/9.2.0.8

Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB05.

10.0
2008-01-17 CVE-2008-0341 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.5/9.0.1.5

Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03.

10.0
2008-01-17 CVE-2008-0340 Oracle Multiple vulnerability in Oracle January 2008 Critical Patch Update

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB04).

10.0
2008-01-17 CVE-2008-0339 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3/9.2.0.8Dv

Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01.

10.0
2008-01-17 CVE-2008-0027 Cisco Buffer Errors vulnerability in Cisco products

Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.

10.0
2008-01-17 CVE-2007-6693 Menalto Unspecified vulnerability in Menalto Gallery Webcam Module

Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request."

10.0
2008-01-17 CVE-2007-6691 Menalto Unspecified vulnerability in Menalto Gallery

Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules.

10.0
2008-01-17 CVE-2007-6690 Menalto Permissions, Privileges, and Access Controls vulnerability in Menalto Gallery

The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors.

10.0
2008-01-17 CVE-2007-6688 Menalto Unspecified vulnerability in Menalto Gallery

Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder."

10.0
2008-01-17 CVE-2007-6686 Menalto Unspecified vulnerability in Menalto Gallery

The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller.

10.0
2008-01-17 CVE-2007-6685 Menalto Permissions, Privileges, and Access Controls vulnerability in Menalto Gallery Publish XP Module

Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors.

10.0
2008-01-16 CVE-2008-0296 Microsoft
Videolan
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player

Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.

10.0
2008-01-16 CVE-2007-5658 Tibco Improper Input Validation vulnerability in Tibco products

Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow.

10.0
2008-01-16 CVE-2007-5657 Tibco Improper Input Validation vulnerability in Tibco products

TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.

10.0
2008-01-16 CVE-2007-5656 Tibco Resource Management Errors vulnerability in Tibco products

TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory.

10.0
2008-01-16 CVE-2007-5655 Tibco Buffer Errors vulnerability in Tibco products

TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.

10.0
2008-01-16 CVE-2008-0122 ISC
Freebsd
Numeric Errors vulnerability in ISC Bind

Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.

10.0
2008-01-18 CVE-2007-6429 X ORG Race Condition vulnerability in X.Org Evi, Mit-Shm and Xserver

Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.

9.3
2008-01-18 CVE-2007-6427 X ORG
Canonical
Debian
Apple
Fedoraproject
Opensuse
Suse
Out-Of-Bounds Write vulnerability in multiple products

The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

9.3
2008-01-18 CVE-2007-5760 X ORG
Xfree86 Project
Local Privilege Escalation and Information Disclosure vulnerability in RETIRED: X.Org X Server

Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.

9.3
2008-01-16 CVE-2008-0081 Microsoft Unspecified vulnerability in Microsoft Excel, Excel Viewer and Office

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.

9.3
2008-01-16 CVE-2008-0033 Apple Resource Management Errors vulnerability in Apple Quicktime

Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.

9.3

37 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-01-16 CVE-2008-0295 Videolan Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player

Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.

8.5
2008-01-15 CVE-2008-0277 Drupal Improper Input Validation vulnerability in Drupal Fileshare Module 4.7.X/5.X

Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors.

8.5
2008-01-18 CVE-2008-0352 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram).

7.8
2008-01-17 CVE-2008-0331 Funkwerk Improper Input Validation vulnerability in Funkwerk System Software

Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests.

7.8
2008-01-17 CVE-2008-0330 Radiator Improper Authentication vulnerability in Radiator Radius Server

Open System Consultants (OSC) Radiator before 4.0 allows remote attackers to cause a denial of service (daemon crash) via malformed RADIUS requests, as demonstrated by packets sent by nmap.

7.8
2008-01-18 CVE-2008-0006 SUN
X ORG
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.

7.5
2008-01-18 CVE-2008-0363 Clever Copy SQL Injection vulnerability in Clever Copy Clever Copy

Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php.

7.5
2008-01-18 CVE-2008-0360 Blog CMS SQL Injection vulnerability in Blog CMS Blog CMS 4.2.1C

Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php.

7.5
2008-01-18 CVE-2008-0355 Phpecho CMS SQL Injection vulnerability in PHPecho CMS PHPecho CMS

SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866.

7.5
2008-01-18 CVE-2008-0353 PHP Residence SQL Injection vulnerability in PHP-Residence 0.7.2/1.0

SQL injection vulnerability in visualizza_tabelle.php in php-residence 0.7.2 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cognome_cerca parameter.

7.5
2008-01-18 CVE-2008-0350 Evilsentinel Permissions, Privileges, and Access Controls vulnerability in Evilsentinel

admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes.

7.5
2008-01-17 CVE-2008-0337 Miniweb Http Server Buffer Errors vulnerability in Miniweb Http Server Miniweb Http Server 0.8.19

Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI.

7.5
2008-01-17 CVE-2008-0328 Fascript SQL Injection vulnerability in Fascript Faname 1.0

SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-01-17 CVE-2008-0327 Fascript SQL Injection vulnerability in Fascript Famp3 1.0

SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-01-17 CVE-2008-0326 Fascript SQL Injection vulnerability in Fascript Fapersianhack 1.0

SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php.

7.5
2008-01-17 CVE-2008-0325 Fascript SQL Injection vulnerability in Fascript Fapersian Petition

SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-01-17 CVE-2007-6689 Menalto Improper Input Validation vulnerability in Menalto Gallery

Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module.

7.5
2008-01-17 CVE-2007-6682 Videolan Remote Code Execution vulnerability in VideoLAN VLC

Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.

7.5
2008-01-17 CVE-2007-6681 Videolan Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC

Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.

7.5
2008-01-16 CVE-2008-0291 Hangzhou RUI Qiang SQL Injection vulnerability in Hangzhou Rui-Qiang Richstrong CMS

SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2008-01-16 CVE-2008-0290 Digitalhive SQL Injection vulnerability in Digitalhive

Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php.

7.5
2008-01-16 CVE-2008-0288 Imagealbum SQL Injection vulnerability in Imagealbum 2.0.0B2

Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action.

7.5
2008-01-16 CVE-2008-0286 Article Dashboard SQL Injection vulnerability in Article Dashboard Article Dashboard

SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields.

7.5
2008-01-15 CVE-2008-0282 Domphp SQL Injection vulnerability in Domphp

SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter.

7.5
2008-01-15 CVE-2008-0281 ID Commerce SQL Injection vulnerability in Id-Commerce

SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter.

7.5
2008-01-15 CVE-2008-0280 Mtcms SQL Injection vulnerability in Mtcms 2.0

SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter.

7.5
2008-01-15 CVE-2008-0279 Xforum SQL Injection vulnerability in Xforum 1.4

SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter.

7.5
2008-01-15 CVE-2008-0267 Eticket SQL Injection vulnerability in Eticket 1.5.5.2

Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php.

7.5
2008-01-15 CVE-2008-0262 Agares Media SQL Injection vulnerability in Agares Media PHPautovideo 2.21

SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.

7.5
2008-01-15 CVE-2008-0256 Matteo Binda SQL Injection vulnerability in Matteo Binda ASP Photo Gallery 1.0

Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp.

7.5
2008-01-15 CVE-2008-0255 Igamingcms SQL Injection vulnerability in Igamingcms Igaming CMS 1.5

SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter.

7.5
2008-01-15 CVE-2008-0253 Binn SQL Injection vulnerability in Binn Sbuilder

SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter.

7.5
2008-01-15 CVE-2008-0173 Gforge SQL Injection vulnerability in Gforge

SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.

7.5
2008-01-19 CVE-2008-0368 IBM Local Privilege Escalation vulnerability in IBM Informix Dynamic Server 10.0

onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument.

7.2
2008-01-18 CVE-2008-0366 Core Security Technologies Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Core Security Technologies Core Force

CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments.

7.2
2008-01-18 CVE-2008-0365 Core Security Technologies Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Core Security Technologies Core Force

Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module.

7.2
2008-01-17 CVE-2008-0302 Debian Code Injection vulnerability in Debian Apt-Listchanges 2.81

Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.

7.2

60 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-01-19 CVE-2008-0369 IBM Local Privilege Escalation vulnerability in IBM Informix Dynamic Server 10.00

Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.

6.9
2008-01-16 CVE-2008-0217 Freebsd Permissions, Privileges, and Access Controls vulnerability in Freebsd

The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script.

6.9
2008-01-18 CVE-2008-0358 Pixelpost SQL Injection vulnerability in Pixelpost 1.7

SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter.

6.8
2008-01-16 CVE-2008-0293 Freeseat Permissions, Privileges, and Access Controls vulnerability in Freeseat

Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function.

6.8
2008-01-16 CVE-2008-0036 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding.

6.8
2008-01-16 CVE-2008-0289 Mansion Productions Code Injection vulnerability in Mansion Productions Member Area System

PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter.

6.8
2008-01-16 CVE-2008-0287 Visionburst Code Injection vulnerability in Visionburst Vcart 3.3.2

PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php.

6.8
2008-01-16 CVE-2008-0035 Apple Resource Management Errors vulnerability in Apple Safari

Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.

6.8
2008-01-15 CVE-2008-0283 Domphp Code Injection vulnerability in Domphp

PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

6.8
2008-01-15 CVE-2008-0264 Drupal Improper Input Validation vulnerability in Drupal Meta Tags Module

Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 module for Drupal, when images are permitted in node bodies, allows remote authenticated users to execute arbitrary code via unspecified vectors involving creation of a node.

6.8
2008-01-15 CVE-2008-0254 Wavelink Media SQL Injection vulnerability in Wavelink Media Tutorialcms 1.02

SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter.

6.8
2008-01-17 CVE-2007-6692 Menalto Link Following vulnerability in Menalto Gallery

Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules.

6.4
2008-01-15 CVE-2008-0259 Minimal Design Path Traversal vulnerability in Minimal Design Minimal Gallery 0.8

Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a ..

6.4
2008-01-15 CVE-2008-0278 X7 Group SQL Injection vulnerability in X7 Group X7 Chat

SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action.

6.0
2008-01-15 CVE-2008-0270 Taskfreak SQL Injection vulnerability in Taskfreak

SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter.

6.0
2008-01-16 CVE-2008-0032 Apple Resource Management Errors vulnerability in Apple Quicktime

Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.

5.8
2008-01-16 CVE-2008-0031 Apple Resource Management Errors vulnerability in Apple Quicktime

Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.

5.8
2008-01-19 CVE-2008-0367 Mozilla Information Exposure vulnerability in Mozilla Firefox

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.

5.0
2008-01-18 CVE-2008-0364 Bittorrent
Utorrent
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.

5.0
2008-01-18 CVE-2007-6428 X ORG Local Privilege Escalation and Information Disclosure vulnerability in RETIRED: X.Org X Server

The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.

5.0
2008-01-18 CVE-2007-5958 X ORG Information Exposure vulnerability in X.Org Xserver

X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.

5.0
2008-01-18 CVE-2008-0351 Evilsentinel Improper Authentication vulnerability in Evilsentinel

admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php.

5.0
2008-01-17 CVE-2008-0172 Ubuntu
Boost
Improper Input Validation vulnerability in Boost 1.33/1.34

The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.

5.0
2008-01-17 CVE-2008-0171 Boost Improper Input Validation vulnerability in Boost and Boost Regex Library

regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.

5.0
2008-01-17 CVE-2008-0338 Miniweb Http Server Path Traversal vulnerability in Miniweb Http Server Miniweb Http Server 0.8.19

Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.

5.0
2008-01-17 CVE-2008-0333 Afterlogic
Microsoft
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a ..

5.0
2008-01-17 CVE-2008-0332 Aria Path Traversal vulnerability in Aria 0.996

Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.

5.0
2008-01-17 CVE-2008-0329 Julien Plesniak Permissions, Privileges, and Access Controls vulnerability in Julien Plesniak Lulieblog 1.0.1/1.0.2

LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter.

5.0
2008-01-17 CVE-2007-6684 Videolan Improper Input Validation vulnerability in Videolan VLC 0.8.6D

The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.

5.0
2008-01-17 CVE-2007-6683 Videolan Unspecified vulnerability in Videolan VLC 0.8.6D

The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.

5.0
2008-01-16 CVE-2008-0297 Keil Software Information Exposure vulnerability in Keil Software Photokorn

PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output.

5.0
2008-01-16 CVE-2008-0294 Freeseat Security Bypass vulnerability in FreeSeat

Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors.

5.0
2008-01-16 CVE-2008-0285 Ngircd Denial Of Service vulnerability in ngIRCd PART Command Parsing

ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference.

5.0
2008-01-15 CVE-2008-0275 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal Atom Module

The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content.

5.0
2008-01-15 CVE-2008-0263 Ingate Resource Management Errors vulnerability in Ingate Firewall and Ingate Siparator

The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors.

5.0
2008-01-15 CVE-2008-0261 Mambo Resource Management Errors vulnerability in Mambo Open Source

Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors.

5.0
2008-01-15 CVE-2008-0260 Minimal Design Improper Input Validation vulnerability in Minimal Design Minimal Gallery 0.8

minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function.

5.0
2008-01-17 CVE-2008-0324 Cisco Resource Management Errors vulnerability in Cisco VPN Client 5.0.2.0090

Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.

4.9
2008-01-15 CVE-2008-0269 SUN Local Denial of Service vulnerability in SUN Sunos 5.10

Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors.

4.9
2008-01-16 CVE-2008-0034 Apple Unspecified vulnerability in Apple Iphone

Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls.

4.6
2008-01-18 CVE-2008-0362 Clever Copy Cross-Site Scripting vulnerability in Clever Copy Clever Copy

Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the album parameter.

4.3
2008-01-18 CVE-2008-0361 Instituto Politicnico Nacional Path Traversal vulnerability in Instituto Politicnico Nacional Gradman

Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a ..

4.3
2008-01-18 CVE-2008-0359 Blog CMS Cross-Site Scripting vulnerability in Blog CMS Blog CMS 4.2.1C

Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/.

4.3
2008-01-18 CVE-2008-0357 Galaxyscripts Path Traversal vulnerability in Galaxyscripts Mini File Host

Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.

4.3
2008-01-18 CVE-2008-0354 IBM Cross-Site Scripting vulnerability in IBM Lotus Sametime 7.5/7.5.1

Cross-site scripting (XSS) vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim.

4.3
2008-01-17 CVE-2008-0336 Bugtracker NET Cross-Site Request Forgery (CSRF) vulnerability in Bugtracker.Net

Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx.

4.3
2008-01-17 CVE-2008-0335 Bugtracker NET Cross-Site Scripting vulnerability in Bugtracker.Net

Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field.

4.3
2008-01-17 CVE-2007-6687 Menalto Cross-Site Scripting vulnerability in Menalto Gallery

Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules; or via (3) HTTP PROPPATCH in the WebDAV module.

4.3
2008-01-16 CVE-2008-0299 Python Software Foundation Unspecified vulnerability in Python Software Foundation Paramiko 1.7.1

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

4.3
2008-01-16 CVE-2008-0298 Apple Improper Input Validation vulnerability in Apple Safari

KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element.

4.3
2008-01-16 CVE-2008-0292 Dansie Cross-Site Scripting vulnerability in Dansie Photo Album 1.0

Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2008-01-15 CVE-2008-0284 Simple Machines Cross-Site Scripting vulnerability in Simple Machines Simple Machines SMF

Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments.

4.3
2008-01-15 CVE-2008-0276 Drupal Cross-Site Scripting vulnerability in Drupal

Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table.

4.3
2008-01-15 CVE-2008-0273 Drupal Cross-Site Scripting vulnerability in Drupal

Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism.

4.3
2008-01-15 CVE-2008-0272 Drupal Cross-Site Request Forgery (CSRF) vulnerability in Drupal

Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.

4.3
2008-01-15 CVE-2008-0271 Drupal Cross-Site Request Forgery (CSRF) vulnerability in Drupal Bueditor

The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces.

4.3
2008-01-15 CVE-2008-0268 Eticket Cross-Site Scripting vulnerability in Eticket 1.5.5.2

Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.

4.3
2008-01-15 CVE-2008-0265 F5 Cross-Site Scripting vulnerability in F5 Tmos 9.4.3

Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories.

4.3
2008-01-15 CVE-2008-0258 PHP Running Management Cross-Site Scripting vulnerability in PHP Running Management PHPrunman

Cross-site scripting (XSS) vulnerability in index.php in PHP Running Management (phpRunMan) before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter.

4.3
2008-01-15 CVE-2008-0257 Dansie Cross-Site Scripting vulnerability in Dansie Search Engine 2.7

Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search Engine 2.7 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.

4.3

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-01-15 CVE-2008-0001 Linux Unspecified vulnerability in Linux Kernel

VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.

3.6
2008-01-17 CVE-2008-0334 Pmachine Cross-Site Scripting vulnerability in Pmachine PRO 2.4.1

Cross-site scripting (XSS) vulnerability in pm/language/spanish/preferences.php in PMachine Pro 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the L_PREF_NAME[855] parameter.

2.6
2008-01-15 CVE-2008-0274 Drupal Cross-Site Scripting vulnerability in Drupal 4.7/5.0

Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.

2.6
2008-01-15 CVE-2008-0266 Eticket Cross-Site Request Forgery (CSRF) vulnerability in Eticket 1.5.5.2

Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks.

2.6
2008-01-16 CVE-2008-0216 Freebsd Permissions, Privileges, and Access Controls vulnerability in Freebsd

The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user.

2.1