Weekly Vulnerabilities Reports > January 28 to February 3, 2008
Overview
87 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 103 products from 60 vendors including Joomla, Mambo, HFS, Wordpress, and WEB WIZ. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Path Traversal", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Authentication".
- 84 reported vulnerabilities are remotely exploitables.
- 38 reported vulnerabilities have public exploit available.
- 52 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 83 reported vulnerabilities are exploitable by an anonymous user.
- Joomla has the most reported vulnerabilities, with 8 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
14 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-02-01 | CVE-2008-0550 | Radio Toolbox | Numeric Errors vulnerability in Radio Toolbox Steamcast Off-by-one error in Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a certain HTTP request that leads to a buffer overflow, as demonstrated by a long User-Agent header. | 10.0 |
2008-02-01 | CVE-2008-0544 | SDL | Buffer Errors vulnerability in SDL Image 1.2.6 Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. | 10.0 |
2008-01-30 | CVE-2008-0500 | Mamboxchange | SQL Injection And Unspecified vulnerability in Mamboxchange Laithai 4.5.5 Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have unknown impact and attack vectors related to (1) mod_login and (2) mod_template_chooser. | 10.0 |
2008-01-29 | CVE-2008-0477 | Move Networks INC | Buffer Errors vulnerability in Move Networks INC Move Media Player 1.0.0.1 Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX control in QMPUpgrade.dll 1.0.0.1 in Move Networks Upgrade Manager allows remote attackers to execute arbitrary code via a long first argument to the Upgrade method. | 10.0 |
2008-01-29 | CVE-2008-0467 | Firebirdsql | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Firebirdsql Firebird Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username. | 10.0 |
2008-01-29 | CVE-2008-0176 | GE Fanuc | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GE Fanuc Cimplicity Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2008-01-29 | CVE-2008-0405 | HFS | Path Traversal vulnerability in HFS Http File Server Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. | 10.0 |
2008-01-29 | CVE-2008-0174 | GE | Cleartext Storage of Sensitive Information vulnerability in GE Proficy Real-Time Information Portal GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. | 9.8 |
2008-02-01 | CVE-2008-0551 | Microsoft Sejoong Namo | Code Injection vulnerability in multiple products The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1 and earlier in Namo Web Editor in Sejoong Namo ActiveSquare 6 allows remote attackers to execute arbitrary code via a URL in the argument to the Install method. | 9.3 |
2008-01-31 | CVE-2008-0516 | Sqlite Manager | Code Injection vulnerability in Sqlite Manager Sqlite Manager 1.2 PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in SQLiteManager 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. | 9.3 |
2008-01-31 | CVE-2008-0064 | Pierreegougelet | Buffer Errors vulnerability in Pierreegougelet GFL Sdk, Nconvert and Xnview Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file. | 9.3 |
2008-01-30 | CVE-2008-0493 | Irfanview | Buffer Errors vulnerability in Irfanview 4.10 fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. | 9.3 |
2008-01-29 | CVE-2008-0470 | Comodo Microsoft | A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method. | 9.3 |
2008-01-29 | CVE-2007-4771 | ICU Project | Resource Management Errors vulnerability in Icu-Project International Components for Unicode Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. | 9.3 |
28 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-01-31 | CVE-2008-0513 | Phpcms | Path Traversal vulnerability in PHPcms 1.2.2 Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. | 7.8 |
2008-01-30 | CVE-2008-0495 | IBM | Denial Of Service vulnerability in IBM Hardware Management Console 7.3.2.0 Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Management Console (HMC) 7 R3.2.0 allows remote attackers to cause a denial of service via unspecified vectors. | 7.8 |
2008-01-29 | CVE-2007-6694 | Linux Apple | Resource Management Errors vulnerability in Linux Kernel The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference. | 7.8 |
2008-01-29 | CVE-2008-0387 | Firebirdsql | Numeric Errors vulnerability in Firebirdsql Firebird Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption. | 7.8 |
2008-02-01 | CVE-2008-0546 | Shoppingtree | SQL Injection vulnerability in Shoppingtree Candypress Store 4.1/4.1.1.26 Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter to (b) ajax/ajax_getBrands.asp. | 7.5 |
2008-02-01 | CVE-2008-0545 | Bubbling Library | Path Traversal vulnerability in Bubbling Library Bubbling Library 1.32 Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-02-01 | CVE-2008-0543 | PRE Projects | SQL Injection vulnerability in PRE Projects PRE Dynamic Institution Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp. | 7.5 |
2008-02-01 | CVE-2007-6697 | SDL | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SDL Image Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. | 7.5 |
2008-01-31 | CVE-2008-0524 | Yamaha | Cross-Site Request Forgery (CSRF) vulnerability in Yamaha products Cross-site request forgery (CSRF) vulnerability in the management interface in multiple Yamaha RT series routers allows remote attackers to change password settings and probably other configuration settings as administrators via unspecified vectors. | 7.5 |
2008-01-31 | CVE-2008-0520 | Wordpress | SQL Injection vulnerability in Wordpress Wassup Plugin 1.4 Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php. | 7.5 |
2008-01-31 | CVE-2008-0519 | Joomla Mambo | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action. | 7.5 |
2008-01-31 | CVE-2008-0518 | Joomla Mambo | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | 7.5 |
2008-01-31 | CVE-2008-0517 | Darko Selesi Joomla Mambo | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action. | 7.5 |
2008-01-31 | CVE-2008-0515 | Joomla Mambo | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action. | 7.5 |
2008-01-31 | CVE-2008-0514 | Joomla Mambo | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action. | 7.5 |
2008-01-31 | CVE-2008-0512 | Joomla | SQL Injection vulnerability in Joomla COM FQ SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. | 7.5 |
2008-01-31 | CVE-2008-0511 | Joomla Mambo | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. | 7.5 |
2008-01-31 | CVE-2008-0510 | Joomla Mambo | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. | 7.5 |
2008-01-31 | CVE-2008-0507 | Wordpress | SQL Injection vulnerability in Wordpress Adserve 0.2 SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-01-31 | CVE-2008-0502 | Connectix | Code Injection vulnerability in Connectix Boards 0.8.1 PHP remote file inclusion vulnerability in templates/Official/part_userprofile.php in Connectix Boards 0.8.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the template_path parameter. | 7.5 |
2008-01-30 | CVE-2008-0499 | Mamboxchange | SQL Injection vulnerability in Mamboxchange Laithai 4.5.5 SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2008-01-30 | CVE-2008-0498 | Bigware | SQL Injection vulnerability in Bigware Shop 2.0 SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to main_bigware_53.php. | 7.5 |
2008-01-30 | CVE-2008-0490 | Wordpress | SQL Injection vulnerability in Wordpress WP CAL Plugin 0.3 SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-01-30 | CVE-2008-0488 | VB Marketing | Path Traversal vulnerability in VB Marketing VB Marketing Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter. | 7.5 |
2008-01-30 | CVE-2008-0487 | THE NET Guys | SQL Injection vulnerability in the NET Guys Aspired2Protect Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | 7.5 |
2008-01-29 | CVE-2008-0469 | Tiger PHP News System | SQL Injection vulnerability in Tiger PHP News System Tiger PHP News System SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action. | 7.5 |
2008-01-29 | CVE-2008-0468 | Flinx | SQL Injection vulnerability in Flinx SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-01-29 | CVE-2008-0175 | GE Fanuc | Remote Script Code Execution vulnerability in GE Fanuc Proficy Portal Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory. | 7.5 |
44 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-01-31 | CVE-2007-4998 | Linux | Link Following vulnerability in Linux Kernel cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination. | 6.9 |
2008-02-01 | CVE-2008-0538 | Phpip | SQL Injection vulnerability in PHPip Management 4.3.2 Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to login.php, the (2) id parameter to display.php, and unspecified other vectors. | 6.8 |
2008-01-31 | CVE-2008-0508 | Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Permalinks Migration Plugin 1.0 Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting. | 6.8 |
2008-01-31 | CVE-2008-0506 | Coppermine | Improper Input Validation vulnerability in Coppermine Photo Gallery include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php. | 6.8 |
2008-01-31 | CVE-2008-0503 | Netwerk | Code Injection vulnerability in Netwerk Smart Publisher 1.0.1 Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter. | 6.8 |
2008-01-30 | CVE-2008-0492 | Persits | Buffer Errors vulnerability in Persits Xupload 3.0 Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. | 6.8 |
2008-01-29 | CVE-2008-0478 | Setcms | Path Traversal vulnerability in Setcms 3.6.5 Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2008-01-29 | CVE-2007-4770 | ICU Project | Resource Management Errors vulnerability in Icu-Project International Components for Unicode libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. | 6.8 |
2008-01-31 | CVE-2008-0504 | Coppermine Gallery | SQL Injection vulnerability in Coppermine-Gallery Coppermine Photo Gallery Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php. | 6.5 |
2008-01-29 | CVE-2008-0476 | Manageengine | Improper Authentication vulnerability in Manageengine Applications Manager 8.1Build8100 ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. | 6.4 |
2008-01-29 | CVE-2008-0473 | WEB WIZ | Improper Input Validation vulnerability in web WIZ Rich Text Editor 4.0 RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors. | 6.4 |
2008-01-29 | CVE-2008-0408 | HFS | Improper Authentication vulnerability in HFS Http File Server HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication. | 6.4 |
2008-01-30 | CVE-2008-0501 | Sourceforge | Path Traversal vulnerability in Sourceforge PHPmyclub 0.0.1 Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. | 5.8 |
2008-02-01 | CVE-2008-0549 | Radio Toolbox | Numeric Errors vulnerability in Radio Toolbox Steamcast Integer overflow in the OggHeaderParse function in Steamcast 0.9.75 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via a long Ogg tag. | 5.0 |
2008-02-01 | CVE-2008-0548 | Radio Toolbox | Numeric Errors vulnerability in Radio Toolbox Steamcast Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails. | 5.0 |
2008-02-01 | CVE-2008-0542 | Gerd Tentler | Path Traversal vulnerability in Gerd Tentler Simple Forum 3.2 Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a .. | 5.0 |
2008-01-31 | CVE-2008-0521 | Bubbling Library | Path Traversal vulnerability in Bubbling Library Bubbling Library 1.32 Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. | 5.0 |
2008-01-30 | CVE-2008-0489 | Clansphere | Path Traversal vulnerability in Clansphere 2007.4.4 Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. | 5.0 |
2008-01-29 | CVE-2008-0481 | WEB WIZ | Path Traversal vulnerability in web WIZ Rich Text Editor 4.0 Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action. | 5.0 |
2008-01-29 | CVE-2008-0480 | WEB WIZ | Path Traversal vulnerability in web WIZ web WIZ Forums Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp. | 5.0 |
2008-01-29 | CVE-2008-0479 | WEB WIZ | Path Traversal vulnerability in web WIZ Newspad 1.02 Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter. | 5.0 |
2008-01-29 | CVE-2008-0475 | Manageengine | Improper Input Validation vulnerability in Manageengine Applications Manager 8.1Build8100 ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. | 5.0 |
2008-01-29 | CVE-2008-0466 | Webwiz | Improper Authentication vulnerability in Webwiz products Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. | 5.0 |
2008-01-29 | CVE-2008-0410 | HFS | Improper Authentication vulnerability in HFS Http File Server HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL. | 5.0 |
2008-01-29 | CVE-2008-0407 | HFS | Improper Authentication vulnerability in HFS Http File Server HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request. | 5.0 |
2008-01-29 | CVE-2008-0406 | HFS | Improper Input Validation vulnerability in HFS Http File Server HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name. | 5.0 |
2008-01-31 | CVE-2008-0525 | Unix Lumension Security Novell | Link Following vulnerability in multiple products PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script. | 4.6 |
2008-01-31 | CVE-2008-0509 | IBM | Buffer Errors vulnerability in IBM AIX 4.3 Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25remote, related to piox25remote.sh. | 4.4 |
2008-02-01 | CVE-2008-0552 | Eticket | Cross-Site Scripting vulnerability in Eticket 1.5.6Rc4 Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
2008-02-01 | CVE-2008-0547 | Shoppingtree | Cross-Site Scripting vulnerability in Shoppingtree Candypress Store 4.1/4.1.1.26 Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and probably earlier 4.x and 3.x versions, allows remote attackers to inject arbitrary web script or HTML via the helpfield parameter. | 4.3 |
2008-02-01 | CVE-2008-0541 | Gerd Tentler | Cross-Site Scripting vulnerability in Gerd Tentler Simple Forum 3.2 Multiple cross-site scripting (XSS) vulnerabilities in forum.php in Gerd Tentler Simple Forum 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) open and (2) date_show parameters. | 4.3 |
2008-02-01 | CVE-2008-0540 | Trixbox | Cross-Site Scripting vulnerability in Trixbox 2.4.2.0 Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/. | 4.3 |
2008-02-01 | CVE-2007-6695 | Drake Team | Cross-Site Scripting vulnerability in Drake Team Drake CMS 0.4.9 Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter. | 4.3 |
2008-01-31 | CVE-2008-0523 | Softcart | Cross-Site Scripting vulnerability in Softcart 5.1.2.2 Multiple cross-site scripting (XSS) vulnerabilities in SoftCart.exe in SoftCart 5.1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) License_Plate, (2) License_State, (3) Ticket_Date, and (4) Ticket_Number parameters. | 4.3 |
2008-01-31 | CVE-2008-0522 | HAL Networks | Cross-Site Scripting vulnerability in HAL Networks Perl CGI Cart, PHP Cart and Shop HAL V1 Cross-site scripting (XSS) vulnerability in multiple Hal Networks shopping-cart products allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-01-31 | CVE-2008-0505 | Coppermine | Cross-Site Scripting vulnerability in Coppermine Photo Gallery Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters. | 4.3 |
2008-01-30 | CVE-2008-0497 | Nucleus CMS | Cross-Site Scripting vulnerability in Nucleus CMS Nucleus CMS 3.31 Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, which is not quoted when processing PHP_SELF. | 4.3 |
2008-01-30 | CVE-2008-0496 | Ampjuke | Cross-Site Scripting vulnerability in Ampjuke 0.7.0 Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 allows remote attackers to inject arbitrary web script or HTML via the limit parameter in a search action. | 4.3 |
2008-01-30 | CVE-2008-0494 | Endian | Cross-Site Scripting vulnerability in Endian Firewall 2.1.2 Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. | 4.3 |
2008-01-29 | CVE-2008-0474 | Manageengine | Cross-Site Scripting vulnerability in Manageengine Applications Manager 8.1Build8100 Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. | 4.3 |
2008-01-29 | CVE-2008-0472 | Woltlab | Cross-Site Request Forgery (CSRF) vulnerability in Woltlab Burning Board 2.3.6Pl2 Cross-site request forgery (CSRF) vulnerability in modcp.php in Woltlab Burning Board (wBB) 2.3.6 PL2 allows remote attackers to delete threads as moderators or administrators via a thread_del action. | 4.3 |
2008-01-29 | CVE-2008-0471 | Phpbb | Cross-Site Request Forgery (CSRF) vulnerability in PHPbb 2.0.22 Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action. | 4.3 |
2008-01-29 | CVE-2008-0409 | HFS | Cross-Site Scripting vulnerability in HFS Http File Server Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL. | 4.3 |
2008-02-01 | CVE-2007-6698 | Openldap | Resource Management Errors vulnerability in Openldap 2.0 The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability. | 4.0 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-02-01 | CVE-2007-6696 | Webcalendar | Cross-Site Scripting vulnerability in Webcalendar 1.1.6 Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. | 2.1 |