Weekly Vulnerabilities Reports > January 21 to 27, 2008

Overview

84 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 25 high severity vulnerabilities. This weekly summary report vulnerabilities in 90 products from 69 vendors including Microsoft, IBM, Apache, Cisco, and HP. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Path Traversal", and "Code Injection".

  • 81 reported vulnerabilities are remotely exploitables.
  • 42 reported vulnerabilities have public exploit available.
  • 46 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 81 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

15 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-01-25 CVE-2008-0443 Lycos Buffer Errors vulnerability in Lycos Fileuploader.Dll 2.0.2

Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control in FileUploader.dll 2.0.0.2 in Lycos FileUploader Module allows remote attackers to execute arbitrary code via a long HandwriterFilename property value.

10.0
2008-01-23 CVE-2008-0437 HP
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value.

10.0
2008-01-23 CVE-2008-0029 Cisco Credentials Management vulnerability in Cisco Application Velocity System 5.0.1

Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges.

10.0
2008-01-23 CVE-2007-6425 HP Buffer Errors vulnerability in HP Hp-Ux 11.31

Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors.

10.0
2008-01-23 CVE-2008-0401 IBM Buffer Errors vulnerability in IBM Tivoli Provisioning Manager OS Deployment 5.1.0.2

Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp.

10.0
2008-01-23 CVE-2008-0389 IBM Unspecified vulnerability in IBM Websphere Application Server

Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors.

10.0
2008-01-22 CVE-2008-0380 Digital Data Communications Buffer Errors vulnerability in Digital Data Communications Rtspvapgdecoder.Dll 1.1.0.29

Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property.

10.0
2008-01-22 CVE-2008-0377 News Improper Authentication vulnerability in News Micronews

MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php.

10.0
2008-01-22 CVE-2008-0375 OKI Printing Solutions Permissions, Privileges, and Access Controls vulnerability in OKI Printing Solutions C5510 MFP Printer

Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors.

10.0
2008-01-22 CVE-2008-0374 OKI Printing Solutions Cryptographic Issues vulnerability in OKI Printing Solutions C5510 MFP Printer

OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777.

10.0
2008-01-22 CVE-2008-0065 Winamp Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Winamp Nullsoft Winamp 5.21/5.5/5.51

Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles.

10.0
2008-01-25 CVE-2008-0454 Microsoft
Skype Technologies
Cross-Site Scripting vulnerability in multiple products

Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS."

9.3
2008-01-23 CVE-2008-0434 Gecad Technologies Numeric Errors vulnerability in Gecad Technologies Axigen Mail Server 5.0.2

Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command.

9.3
2008-01-23 CVE-2008-0392 Microsoft Buffer Errors vulnerability in Microsoft Visual Basic 6.0

Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line.

9.3
2008-01-22 CVE-2008-0379 Businessobjects
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow.

9.3

25 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-01-25 CVE-2007-6415 Debian Code Injection vulnerability in Debian Linux 3.1/4.0

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.

8.5
2008-01-23 CVE-2008-0427 Bloo Path Traversal vulnerability in Bloo Bloofoxcms 0.3

Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote attackers to read arbitrary files via a ..

7.8
2008-01-23 CVE-2008-0396 Bitdefender Path Traversal vulnerability in Bitdefender Update Server

Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via ..

7.8
2008-01-25 CVE-2008-0451 Pacercms SQL Injection vulnerability in Pacercms 0.6

Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/.

7.5
2008-01-25 CVE-2008-0450 Blog CMS Code Injection vulnerability in Blog CMS Blog CMS 4.2.1C

Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c allow remote attackers to execute arbitrary PHP code via a URL in the (1) DIR_PLUGINS parameter to (a) index.php, and the (2) DIR_LIBS parameter to (b) media.php and (c) xmlrpc/server.php in admin/.

7.5
2008-01-25 CVE-2008-0449 Rocksalt International SQL Injection vulnerability in Rocksalt International VP ASP

SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-01-25 CVE-2008-0448 Cybergl DEV Team Code Injection vulnerability in Cybergl DEV Team PHPsearch

PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.php in phpSearch allows remote attackers to execute arbitrary PHP code via a URL in the libcurlemuinc parameter.

7.5
2008-01-25 CVE-2008-0447 Foojan SQL Injection vulnerability in Foojan PHP Weblog 1.0

SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter.

7.5
2008-01-25 CVE-2008-0446 Julian Pawlowski SQL Injection vulnerability in Julian Pawlowski Lulieblog 1.02

SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-01-25 CVE-2008-0442 Small AXE Solutions Code Injection vulnerability in Small AXE Solutions Weblog 0.3.1

PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CVE-2008-0376.

7.5
2008-01-23 CVE-2008-0433 Agares Media Code Injection vulnerability in Agares Media PHPautovideo

PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614.

7.5
2008-01-23 CVE-2008-0430 360 WEB Manager SQL Injection vulnerability in 360 web Manager 360 web Manager 3.0

SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter.

7.5
2008-01-23 CVE-2008-0429 Alstrasoft SQL Injection vulnerability in Alstrasoft Forum PAY PER Post Exchange 2.0

SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.

7.5
2008-01-23 CVE-2008-0428 Bloofoxcms SQL Injection vulnerability in Bloofoxcms 0.3

Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php.

7.5
2008-01-23 CVE-2008-0424 Mooseguy Blog System SQL Injection vulnerability in Mooseguy Blog System Mgbs 1.0

SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) 1.0 allows remote attackers to execute arbitrary SQL commands via the month parameter.

7.5
2008-01-23 CVE-2008-0422 Boastmachine SQL Injection vulnerability in Boastmachine

SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-01-23 CVE-2008-0421 Invision Power Services SQL Injection vulnerability in Invision Power Services Invision Gallery

SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command.

7.5
2008-01-23 CVE-2008-0394 Citadel Buffer Errors vulnerability in Citadel Smtp 7.10

Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function.

7.5
2008-01-23 CVE-2008-0391 Alilg Improper Authentication vulnerability in Alilg Alitalk 1.9.1.1

inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters.

7.5
2008-01-23 CVE-2008-0390 Auracms Code Injection vulnerability in Auracms and MOD Block Statistik

stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php.

7.5
2008-01-22 CVE-2008-0383 Mybb SQL Injection vulnerability in Mybb

Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php.

7.5
2008-01-22 CVE-2008-0382 Mybulletinboard Code Injection vulnerability in Mybulletinboard

Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.

7.5
2008-01-22 CVE-2008-0373 PHP Improper Input Validation vulnerability in PHP F1 Maxs File Uploader

Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files.

7.5
2008-01-25 CVE-2007-5764 IBM Buffer Errors vulnerability in IBM AIX 5.2/5.3/6.1

Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option.

7.2
2008-01-23 CVE-2008-0028 Cisco Denial of Service vulnerability in Cisco products

Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet.

7.1

42 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-01-25 CVE-2008-0461 Francisco Burzi SQL Injection vulnerability in Francisco Burzi PHP-Nuke

SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php.

6.8
2008-01-25 CVE-2008-0459 Liquidsilvercms Path Traversal vulnerability in Liquidsilvercms 0.3/0.35

Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-01-25 CVE-2008-0458 Slaed Path Traversal vulnerability in Slaed CMS 2.5Lite

Directory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-01-25 CVE-2008-0453 Easysitenetwork SQL Injection vulnerability in Easysitenetwork Recipe Website Script

SQL injection vulnerability in list.php in Easysitenetwork Recipe allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.

6.8
2008-01-23 CVE-2008-0423 Lama Code Injection vulnerability in Lama Software

Multiple PHP remote file inclusion vulnerabilities in Lama Software allow remote attackers to execute arbitrary PHP code via a URL in the MY_CONF[classRoot] parameter to (1) inc.steps.access_error.php, (2) inc.steps.check_login.php, or (3) inc.steps.init_system.php in admin/functions/.

6.8
2008-01-23 CVE-2008-0399 Toshiba Buffer Errors vulnerability in Toshiba Surveillix 1.0.0.4

Multiple buffer overflows in Toshiba Surveillance (Surveillix) RecordSend ActiveX control (MeIpCamX.DLL 1.0.0.4) allow remote attackers to execute arbitrary code via long arguments to the (1) SetPort and (2) SetIpAddress methods.

6.8
2008-01-23 CVE-2008-0397 Aflog ORG SQL Injection vulnerability in Aflog.Org Aflog 1.01

Multiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to comments.php and (2) an unspecified parameter to view.php.

6.8
2008-01-23 CVE-2008-0388 Wordpress SQL Injection vulnerability in Wordpress WP Forum 1.7.4

SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI.

6.8
2008-01-22 CVE-2008-0378 NEC Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in NEC Sockscap

Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname.

6.8
2008-01-22 CVE-2008-0376 Softpedia Code Injection vulnerability in Softpedia Small AXE Weblog 0.3.1

PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter.

6.8
2008-01-22 CVE-2008-0371 Alilg SQL Injection vulnerability in Alilg Alitalk 1.9.1.1

Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to (c) admin/index.php, related to functionz/first_process.php, or (d) index.php.

6.8
2008-01-23 CVE-2008-0402 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Business Modeler 6.0.21

Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group.

6.0
2008-01-23 CVE-2008-0393 Gradman Path Traversal vulnerability in Gradman

Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a ..

5.8
2008-01-23 CVE-2008-0403 Belkin Improper Authentication vulnerability in Belkin F5D9230-4

The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi.

5.5
2008-01-25 CVE-2008-0465 Seagullproject ORG Path Traversal vulnerability in Seagullproject.Org Seagull 0.6.3

Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 allows remote attackers to read arbitrary files via a ..

5.0
2008-01-25 CVE-2008-0464 Absofort Path Traversal vulnerability in Absofort Aconon Mail Enterprise SQL 11.5.1/11.7.0

Directory traversal vulnerability in archiv.cgi in absofort aconon Mail 2007 Enterprise SQL 11.7.0 and Mail 2004 Enterprise SQL 11.5.1 allows remote attackers to read arbitrary files via a ..

5.0
2008-01-25 CVE-2007-4850 PHP Permissions, Privileges, and Access Controls vulnerability in PHP 5.2.4/5.2.5

curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.

5.0
2008-01-25 CVE-2008-0452 Siteman Path Traversal vulnerability in Siteman 1.1.9

Directory traversal vulnerability in articles.php in Siteman 1.1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the cat parameter in a viewart action.

5.0
2008-01-25 CVE-2008-0445 Elog Cross-Site Scripting Vulnerability and Denial of Service vulnerability in ELOG

The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries.

5.0
2008-01-23 CVE-2008-0440 Alstrasoft Credentials Management vulnerability in Alstrasoft Forum PAY PER Post Exchange 2.0

AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts.

5.0
2008-01-23 CVE-2008-0435 Ozjournals Path Traversal vulnerability in Ozjournals 2.1.1

Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a ..

5.0
2008-01-23 CVE-2008-0431 Idmos Path Traversal vulnerability in Idmos CMS 1.0

Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a ..

5.0
2008-01-23 CVE-2008-0425 Frimousse Permissions, Privileges, and Access Controls vulnerability in Frimousse 0.0.2

Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter.

5.0
2008-01-23 CVE-2008-0395 Kayako Information Exposure vulnerability in Kayako Supportsuite 3.11.01

Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal.

5.0
2008-01-23 CVE-2008-0128 Apache Configuration vulnerability in Apache Tomcat

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

5.0
2008-01-22 CVE-2008-0372 8E6 Permissions, Privileges, and Access Controls vulnerability in 8E6 R3000 Internet Filter

8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request.

5.0
2008-01-22 CVE-2008-0384 Openbsd Local Denial of Service vulnerability in Openbsd 4.2

OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked.

4.9
2008-01-25 CVE-2008-0463 Drupal Cross-Site Scripting vulnerability in Drupal Workflow

Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties.

4.3
2008-01-25 CVE-2008-0462 Drupal Cross-Site Scripting vulnerability in Drupal Archive Module and Drupal

Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-01-25 CVE-2008-0460 Mediawiki
Microsoft
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-01-25 CVE-2008-0455 Apache Cross-Site Scripting vulnerability in Apache Http Server

Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.

4.3
2008-01-25 CVE-2008-0444 Elog Cross-Site Scripting vulnerability in Elog

Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components.

4.3
2008-01-23 CVE-2008-0439 Deluxebb Cross-Site Scripting vulnerability in Deluxebb 1.1

Cross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter.

4.3
2008-01-23 CVE-2008-0438 Novemberborn Cross-Site Scripting vulnerability in Novemberborn Sifr 2.0.2

Cross-site scripting (XSS) vulnerability in the font rendering functionality in Novemberborn sIFR 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the txt parameter to a Flash (SWF) file, as demonstrated by fonts/FuturaLt.swf.

4.3
2008-01-23 CVE-2008-0436 PD9 Software Cross-Site Scripting vulnerability in PD9 Software Megabbs 1.5.14B

Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp in PD9 Software MegaBBS 1.5.14b allows remote attackers to inject arbitrary web script or HTML via the target parameter.

4.3
2008-01-23 CVE-2008-0432 Agares Media Cross-Site Scripting vulnerability in Agares Media PHPautovideo

Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

4.3
2008-01-23 CVE-2008-0426 Pacercms Cross-Site Scripting vulnerability in Pacercms

Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PacerCMS before 0.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) headline, or (3) text field in a message.

4.3
2008-01-23 CVE-2008-0404 Mantis Cross-Site Scripting vulnerability in Mantis

Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.

4.3
2008-01-23 CVE-2008-0400 Modern
Singapore
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php.

4.3
2008-01-23 CVE-2008-0398 Aflog Cross-Site Scripting vulnerability in Aflog

Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form.

4.3
2008-01-22 CVE-2008-0381 Mahara Cross-Site Scripting vulnerability in Mahara 0.9.0

Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files.

4.3
2008-01-22 CVE-2008-0370 Cpanel Cross-Site Scripting vulnerability in Cpanel 11.16

Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-01-25 CVE-2008-0456 Apache Code Injection vulnerability in Apache Http Server

CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.

2.6
2008-01-25 CVE-2008-0441 IBM Unspecified vulnerability in IBM Tivoli Business Service Manager 4.1.1

IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in cleartext (1) after external authentication, which triggers writing the password to SM_server.log; and (2) after a reconfig action; which allows local users to obtain sensitive information.

2.1