Weekly Vulnerabilities Reports > January 28 to February 3, 2008

Overview

87 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 103 products from 60 vendors including Joomla, Mambo, HFS, Wordpress, and WEB WIZ. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Path Traversal", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Authentication".

  • 84 reported vulnerabilities are remotely exploitables.
  • 38 reported vulnerabilities have public exploit available.
  • 52 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 83 reported vulnerabilities are exploitable by an anonymous user.
  • Joomla has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

14 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-02-01 CVE-2008-0550 Radio Toolbox Numeric Errors vulnerability in Radio Toolbox Steamcast

Off-by-one error in Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a certain HTTP request that leads to a buffer overflow, as demonstrated by a long User-Agent header.

10.0
2008-02-01 CVE-2008-0544 SDL Buffer Errors vulnerability in SDL Image 1.2.6

Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file.

10.0
2008-01-30 CVE-2008-0500 Mamboxchange SQL Injection And Unspecified vulnerability in Mamboxchange Laithai 4.5.5

Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have unknown impact and attack vectors related to (1) mod_login and (2) mod_template_chooser.

10.0
2008-01-29 CVE-2008-0477 Move Networks INC Buffer Errors vulnerability in Move Networks INC Move Media Player 1.0.0.1

Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX control in QMPUpgrade.dll 1.0.0.1 in Move Networks Upgrade Manager allows remote attackers to execute arbitrary code via a long first argument to the Upgrade method.

10.0
2008-01-29 CVE-2008-0467 Firebirdsql Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Firebirdsql Firebird

Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username.

10.0
2008-01-29 CVE-2008-0176 GE Fanuc Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GE Fanuc Cimplicity

Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors.

10.0
2008-01-29 CVE-2008-0405 HFS Path Traversal vulnerability in HFS Http File Server

Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a ..

10.0
2008-01-29 CVE-2008-0174 GE Cleartext Storage of Sensitive Information vulnerability in GE Proficy Real-Time Information Portal

GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges.

9.8
2008-02-01 CVE-2008-0551 Microsoft
Sejoong Namo
Code Injection vulnerability in multiple products

The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1 and earlier in Namo Web Editor in Sejoong Namo ActiveSquare 6 allows remote attackers to execute arbitrary code via a URL in the argument to the Install method.

9.3
2008-01-31 CVE-2008-0516 Sqlite Manager Code Injection vulnerability in Sqlite Manager Sqlite Manager 1.2

PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in SQLiteManager 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter.

9.3
2008-01-31 CVE-2008-0064 Pierreegougelet Buffer Errors vulnerability in Pierreegougelet GFL Sdk, Nconvert and Xnview

Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file.

9.3
2008-01-30 CVE-2008-0493 Irfanview Buffer Errors vulnerability in Irfanview 4.10

fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption.

9.3
2008-01-29 CVE-2008-0470 Comodo
Microsoft
A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method.
9.3
2008-01-29 CVE-2007-4771 ICU Project Resource Management Errors vulnerability in Icu-Project International Components for Unicode

Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack.

9.3

28 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-01-31 CVE-2008-0513 Phpcms Path Traversal vulnerability in PHPcms 1.2.2

Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a ..

7.8
2008-01-30 CVE-2008-0495 IBM Denial Of Service vulnerability in IBM Hardware Management Console 7.3.2.0

Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Management Console (HMC) 7 R3.2.0 allows remote attackers to cause a denial of service via unspecified vectors.

7.8
2008-01-29 CVE-2007-6694 Linux
Apple
Resource Management Errors vulnerability in Linux Kernel

The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference.

7.8
2008-01-29 CVE-2008-0387 Firebirdsql Numeric Errors vulnerability in Firebirdsql Firebird

Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.

7.8
2008-02-01 CVE-2008-0546 Shoppingtree SQL Injection vulnerability in Shoppingtree Candypress Store 4.1/4.1.1.26

Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter to (b) ajax/ajax_getBrands.asp.

7.5
2008-02-01 CVE-2008-0545 Bubbling Library Path Traversal vulnerability in Bubbling Library Bubbling Library 1.32

Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2008-02-01 CVE-2008-0543 PRE Projects SQL Injection vulnerability in PRE Projects PRE Dynamic Institution

Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp.

7.5
2008-02-01 CVE-2007-6697 SDL Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SDL Image

Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484.

7.5
2008-01-31 CVE-2008-0524 Yamaha Cross-Site Request Forgery (CSRF) vulnerability in Yamaha products

Cross-site request forgery (CSRF) vulnerability in the management interface in multiple Yamaha RT series routers allows remote attackers to change password settings and probably other configuration settings as administrators via unspecified vectors.

7.5
2008-01-31 CVE-2008-0520 Wordpress SQL Injection vulnerability in Wordpress Wassup Plugin 1.4

Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php.

7.5
2008-01-31 CVE-2008-0519 Joomla
Mambo
SQL Injection vulnerability in multiple products

SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action.

7.5
2008-01-31 CVE-2008-0518 Joomla
Mambo
SQL Injection vulnerability in multiple products

SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

7.5
2008-01-31 CVE-2008-0517 Darko Selesi
Joomla
Mambo
SQL Injection vulnerability in multiple products

SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.

7.5
2008-01-31 CVE-2008-0515 Joomla
Mambo
SQL Injection vulnerability in multiple products

SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.

7.5
2008-01-31 CVE-2008-0514 Joomla
Mambo
SQL Injection vulnerability in multiple products

SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action.

7.5
2008-01-31 CVE-2008-0512 Joomla SQL Injection vulnerability in Joomla COM FQ

SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.

7.5
2008-01-31 CVE-2008-0511 Joomla
Mambo
SQL Injection vulnerability in multiple products

SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.

7.5
2008-01-31 CVE-2008-0510 Joomla
Mambo
SQL Injection vulnerability in multiple products

SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.

7.5
2008-01-31 CVE-2008-0507 Wordpress SQL Injection vulnerability in Wordpress Adserve 0.2

SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-01-31 CVE-2008-0502 Connectix Code Injection vulnerability in Connectix Boards 0.8.1

PHP remote file inclusion vulnerability in templates/Official/part_userprofile.php in Connectix Boards 0.8.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the template_path parameter.

7.5
2008-01-30 CVE-2008-0499 Mamboxchange SQL Injection vulnerability in Mamboxchange Laithai 4.5.5

SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-01-30 CVE-2008-0498 Bigware SQL Injection vulnerability in Bigware Shop 2.0

SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to main_bigware_53.php.

7.5
2008-01-30 CVE-2008-0490 Wordpress SQL Injection vulnerability in Wordpress WP CAL Plugin 0.3

SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-01-30 CVE-2008-0488 VB Marketing Path Traversal vulnerability in VB Marketing VB Marketing

Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter.

7.5
2008-01-30 CVE-2008-0487 THE NET Guys SQL Injection vulnerability in the NET Guys Aspired2Protect

Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

7.5
2008-01-29 CVE-2008-0469 Tiger PHP News System SQL Injection vulnerability in Tiger PHP News System Tiger PHP News System

SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action.

7.5
2008-01-29 CVE-2008-0468 Flinx SQL Injection vulnerability in Flinx

SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-01-29 CVE-2008-0175 GE Fanuc Remote Script Code Execution vulnerability in GE Fanuc Proficy Portal

Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory.

7.5

44 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-01-31 CVE-2007-4998 Linux Link Following vulnerability in Linux Kernel

cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.

6.9
2008-02-01 CVE-2008-0538 Phpip SQL Injection vulnerability in PHPip Management 4.3.2

Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to login.php, the (2) id parameter to display.php, and unspecified other vectors.

6.8
2008-01-31 CVE-2008-0508 Wordpress Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Permalinks Migration Plugin 1.0

Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting.

6.8
2008-01-31 CVE-2008-0506 Coppermine Improper Input Validation vulnerability in Coppermine Photo Gallery

include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.

6.8
2008-01-31 CVE-2008-0503 Netwerk Code Injection vulnerability in Netwerk Smart Publisher 1.0.1

Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter.

6.8
2008-01-30 CVE-2008-0492 Persits Buffer Errors vulnerability in Persits Xupload 3.0

Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method.

6.8
2008-01-29 CVE-2008-0478 Setcms Path Traversal vulnerability in Setcms 3.6.5

Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-01-29 CVE-2007-4770 ICU Project Resource Management Errors vulnerability in Icu-Project International Components for Unicode

libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.

6.8
2008-01-31 CVE-2008-0504 Coppermine Gallery SQL Injection vulnerability in Coppermine-Gallery Coppermine Photo Gallery

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.

6.5
2008-01-29 CVE-2008-0476 Manageengine Improper Authentication vulnerability in Manageengine Applications Manager 8.1Build8100

ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors.

6.4
2008-01-29 CVE-2008-0473 WEB WIZ Improper Input Validation vulnerability in web WIZ Rich Text Editor 4.0

RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors.

6.4
2008-01-29 CVE-2008-0408 HFS Improper Authentication vulnerability in HFS Http File Server

HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.

6.4
2008-01-30 CVE-2008-0501 Sourceforge Path Traversal vulnerability in Sourceforge PHPmyclub 0.0.1

Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a ..

5.8
2008-02-01 CVE-2008-0549 Radio Toolbox Numeric Errors vulnerability in Radio Toolbox Steamcast

Integer overflow in the OggHeaderParse function in Steamcast 0.9.75 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via a long Ogg tag.

5.0
2008-02-01 CVE-2008-0548 Radio Toolbox Numeric Errors vulnerability in Radio Toolbox Steamcast

Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails.

5.0
2008-02-01 CVE-2008-0542 Gerd Tentler Path Traversal vulnerability in Gerd Tentler Simple Forum 3.2

Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a ..

5.0
2008-01-31 CVE-2008-0521 Bubbling Library Path Traversal vulnerability in Bubbling Library Bubbling Library 1.32

Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a ..

5.0
2008-01-30 CVE-2008-0489 Clansphere Path Traversal vulnerability in Clansphere 2007.4.4

Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a ..

5.0
2008-01-29 CVE-2008-0481 WEB WIZ Path Traversal vulnerability in web WIZ Rich Text Editor 4.0

Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action.

5.0
2008-01-29 CVE-2008-0480 WEB WIZ Path Traversal vulnerability in web WIZ web WIZ Forums

Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp.

5.0
2008-01-29 CVE-2008-0479 WEB WIZ Path Traversal vulnerability in web WIZ Newspad 1.02

Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter.

5.0
2008-01-29 CVE-2008-0475 Manageengine Improper Input Validation vulnerability in Manageengine Applications Manager 8.1Build8100

ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI.

5.0
2008-01-29 CVE-2008-0466 Webwiz Improper Authentication vulnerability in Webwiz products

Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files.

5.0
2008-01-29 CVE-2008-0410 HFS Improper Authentication vulnerability in HFS Http File Server

HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.

5.0
2008-01-29 CVE-2008-0407 HFS Improper Authentication vulnerability in HFS Http File Server

HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.

5.0
2008-01-29 CVE-2008-0406 HFS Improper Input Validation vulnerability in HFS Http File Server

HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.

5.0
2008-01-31 CVE-2008-0525 Unix
Lumension Security
Novell
Link Following vulnerability in multiple products

PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script.

4.6
2008-01-31 CVE-2008-0509 IBM Buffer Errors vulnerability in IBM AIX 4.3

Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25remote, related to piox25remote.sh.

4.4
2008-02-01 CVE-2008-0552 Eticket Cross-Site Scripting vulnerability in Eticket 1.5.6Rc4

Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2008-02-01 CVE-2008-0547 Shoppingtree Cross-Site Scripting vulnerability in Shoppingtree Candypress Store 4.1/4.1.1.26

Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and probably earlier 4.x and 3.x versions, allows remote attackers to inject arbitrary web script or HTML via the helpfield parameter.

4.3
2008-02-01 CVE-2008-0541 Gerd Tentler Cross-Site Scripting vulnerability in Gerd Tentler Simple Forum 3.2

Multiple cross-site scripting (XSS) vulnerabilities in forum.php in Gerd Tentler Simple Forum 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) open and (2) date_show parameters.

4.3
2008-02-01 CVE-2008-0540 Trixbox Cross-Site Scripting vulnerability in Trixbox 2.4.2.0

Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/.

4.3
2008-02-01 CVE-2007-6695 Drake Team Cross-Site Scripting vulnerability in Drake Team Drake CMS 0.4.9

Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter.

4.3
2008-01-31 CVE-2008-0523 Softcart Cross-Site Scripting vulnerability in Softcart 5.1.2.2

Multiple cross-site scripting (XSS) vulnerabilities in SoftCart.exe in SoftCart 5.1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) License_Plate, (2) License_State, (3) Ticket_Date, and (4) Ticket_Number parameters.

4.3
2008-01-31 CVE-2008-0522 HAL Networks Cross-Site Scripting vulnerability in HAL Networks Perl CGI Cart, PHP Cart and Shop HAL V1

Cross-site scripting (XSS) vulnerability in multiple Hal Networks shopping-cart products allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-01-31 CVE-2008-0505 Coppermine Cross-Site Scripting vulnerability in Coppermine Photo Gallery

Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters.

4.3
2008-01-30 CVE-2008-0497 Nucleus CMS Cross-Site Scripting vulnerability in Nucleus CMS Nucleus CMS 3.31

Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, which is not quoted when processing PHP_SELF.

4.3
2008-01-30 CVE-2008-0496 Ampjuke Cross-Site Scripting vulnerability in Ampjuke 0.7.0

Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 allows remote attackers to inject arbitrary web script or HTML via the limit parameter in a search action.

4.3
2008-01-30 CVE-2008-0494 Endian Cross-Site Scripting vulnerability in Endian Firewall 2.1.2

Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter.

4.3
2008-01-29 CVE-2008-0474 Manageengine Cross-Site Scripting vulnerability in Manageengine Applications Manager 8.1Build8100

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do.

4.3
2008-01-29 CVE-2008-0472 Woltlab Cross-Site Request Forgery (CSRF) vulnerability in Woltlab Burning Board 2.3.6Pl2

Cross-site request forgery (CSRF) vulnerability in modcp.php in Woltlab Burning Board (wBB) 2.3.6 PL2 allows remote attackers to delete threads as moderators or administrators via a thread_del action.

4.3
2008-01-29 CVE-2008-0471 Phpbb Cross-Site Request Forgery (CSRF) vulnerability in PHPbb 2.0.22

Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action.

4.3
2008-01-29 CVE-2008-0409 HFS Cross-Site Scripting vulnerability in HFS Http File Server

Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL.

4.3
2008-02-01 CVE-2007-6698 Openldap Resource Management Errors vulnerability in Openldap 2.0

The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.

4.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-02-01 CVE-2007-6696 Webcalendar Cross-Site Scripting vulnerability in Webcalendar 1.1.6

Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php.

2.1