Weekly Vulnerabilities Reports > February 4 to 10, 2008
Overview
107 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 38 high severity vulnerabilities. This weekly summary report vulnerabilities in 109 products from 72 vendors including Mozilla, Joomla, IBM, Liferay, and Drupal. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", and "Code Injection".
- 93 reported vulnerabilities are remotely exploitables.
- 40 reported vulnerabilities have public exploit available.
- 34 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 105 reported vulnerabilities are exploitable by an anonymous user.
- Mozilla has the most reported vulnerabilities, with 7 reported vulnerabilities.
- Symantec has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
17 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-02-08 | CVE-2008-0659 | Aurigma Myspace | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.5.70 and earlier, as used in MySpace MySpaceUploader.ocx 1.0.0.4, allows remote attackers to execute arbitrary code via a long Action property. | 10.0 |
2008-02-08 | CVE-2008-0640 | Symantec | Improper Authentication vulnerability in Symantec Ghost Solutions Suite 1.1/2.0.0/2.0.1 Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing. | 10.0 |
2008-02-07 | CVE-2008-0657 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | 10.0 |
2008-02-07 | CVE-2008-0656 | EMC | Improper Input Validation vulnerability in EMC Documentum Administrator and Documentum Webtop Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute. | 10.0 |
2008-02-07 | CVE-2008-0647 | Ourgame COM | Buffer Errors vulnerability in Ourgame.Com Glworld and Hangameplugincn18 Activex Control Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld 2.6.1.29 (aka Lianzong Game Platform) allow remote attackers to execute arbitrary code via long arguments to the (1) hgs_startGame and (2) hgs_startNotify methods, as exploited in the wild as of February 2008. | 10.0 |
2008-02-07 | CVE-2008-0457 | Symantec | Improper Input Validation vulnerability in Symantec Backupexec System Recovery 7.0/7.01 Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors. | 10.0 |
2008-02-06 | CVE-2008-0620 | SAP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Sapgui, Saplpd and Sapsprint SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate. | 10.0 |
2008-02-05 | CVE-2008-0568 | Drupal | Authentication Bypass vulnerability in Drupal Secure Site Module 4.7/5.0 Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remote attackers to gain the privileges of a user who has authenticated from behind the same proxy server as the attacker. | 10.0 |
2008-02-05 | CVE-2007-5602 | Swiftview | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Swiftview Viewer Multiple stack-based buffer overflows in SwiftView Viewer before 8.3.5, as used by SwiftView and SwiftSend, allow remote attackers to execute arbitrary code via unspecified vectors to the (1) svocx.ocx ActiveX control or the (2) npsview.dll plugin for Mozilla and Firefox. | 10.0 |
2008-02-07 | CVE-2008-0655 | Adobe | Unspecified vulnerability in Adobe Acrobat Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors. | 9.8 |
2008-02-08 | CVE-2008-0419 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles. | 9.3 |
2008-02-08 | CVE-2008-0660 | Aurigma | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties. | 9.3 |
2008-02-08 | CVE-2008-0043 | Apple | Code Injection vulnerability in Apple Iphoto Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions. | 9.3 |
2008-02-06 | CVE-2008-0632 | Lightblog | Permissions, Privileges, and Access Controls vulnerability in Lightblog 9.5 Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root directory. | 9.3 |
2008-02-06 | CVE-2008-0619 | Nero | Buffer Errors vulnerability in Nero Mediaplayer 1.4.0.35 Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file. | 9.3 |
2008-02-06 | CVE-2008-0610 | Ultravnc | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ultravnc Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value. | 9.3 |
2008-02-05 | CVE-2008-0485 | Mplayer | Numeric Errors vulnerability in Mplayer Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag. | 9.3 |
38 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-02-08 | CVE-2008-0662 | Checkpoint | Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Vpn-1 Secureclient Ngair56/Ngxr60 The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials. | 7.8 |
2008-02-07 | CVE-2008-0646 | Deluge Team Rasterbar Software | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The bdecode_recursive function in include/libtorrent/bencode.hpp in Rasterbar Software libtorrent before 0.12.1, as used in Deluge before 0.5.8.3 and other products, allows context-dependent attackers to cause a denial of service (stack exhaustion and crash) via a crafted bencoded message. | 7.8 |
2008-02-06 | CVE-2008-0628 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources. | 7.8 |
2008-02-06 | CVE-2008-0212 | HP Linux Microsoft SUN | Resource Management Errors vulnerability in HP Openview Network Node Manager 6.41/7.01/7.51 ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to cause a denial of service (crash) via a crafted TCP request that triggers an out-of-bounds memory access. | 7.8 |
2008-02-08 | CVE-2008-0214 | HP | Permissions, Privileges, and Access Controls vulnerability in HP Select Identity Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to gain access via unknown vectors. | 7.5 |
2008-02-07 | CVE-2008-0213 | HP | Code Injection vulnerability in HP Virtual Rooms Unspecified vulnerability in a certain ActiveX control for HP Virtual Rooms (HPVR) 6 and earlier allows remote attackers to execute arbitrary code via unknown vectors. | 7.5 |
2008-02-07 | CVE-2008-0654 | Azucar CMS | Path Traversal vulnerability in Azucar CMS Azucar CMS 1.3 Multiple directory traversal vulnerabilities in Azucar CMS 1.3 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-02-07 | CVE-2008-0653 | Joomla | SQL Injection vulnerability in Joomla COM Ynews 1.0.0 SQL injection vulnerability in index.php in the Ynews (com_ynews) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showYNews action. | 7.5 |
2008-02-07 | CVE-2008-0652 | Joomla Mambo | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action. | 7.5 |
2008-02-07 | CVE-2008-0651 | Pedro Santana Codice | SQL Injection vulnerability in Pedro Santana Codice CMS SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. | 7.5 |
2008-02-07 | CVE-2008-0650 | Simple OS CMS | SQL Injection vulnerability in Simple OS CMS Simple OS CMS 0.1Cbeta SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. | 7.5 |
2008-02-07 | CVE-2008-0649 | ADP | SQL Injection vulnerability in ADP Astanda Directory Project 1.2/1.3 SQL injection vulnerability in detail.php in Astanda Directory Project (ADP) 1.2 and 1.3 allows remote attackers to execute arbitrary SQL commands via the link_id parameter. | 7.5 |
2008-02-07 | CVE-2008-0645 | Portail WEB PHP | Code Injection vulnerability in Portail web PHP Portail web PHP 2.5.1.1 Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) config/conf-activation.php, (2) menu/item.php, and (3) modules/conf_modules.php in admin/system/; and (4) system/login.php. | 7.5 |
2008-02-06 | CVE-2008-0635 | Openads | Code Injection vulnerability in Openads 2.4/2.4.2 Unspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors. | 7.5 |
2008-02-06 | CVE-2008-0634 | Sejoong Namo | Buffer Errors vulnerability in Sejoong Namo Activesquare and Namoinstall.1 Activex Control Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1, as used in Sejoong Namo ActiveSquare6, allows remote attackers to execute arbitrary code via a long argument to the Install method, a different vulnerability than CVE-2008-0551. | 7.5 |
2008-02-06 | CVE-2008-0621 | SAP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Sapgui, Saplpd and Sapsprint Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands. | 7.5 |
2008-02-06 | CVE-2008-0614 | Photokorn | SQL Injection vulnerability in Photokorn Gallery 1.543 SQL injection vulnerability in index.php in Photokorn Gallery 1.543 allows remote attackers to execute arbitrary SQL commands via the pic parameter in a showpic action. | 7.5 |
2008-02-06 | CVE-2008-0612 | Xoops | Path Traversal vulnerability in Xoops 2.0.18 Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-02-06 | CVE-2008-0611 | Rmsoft Xoops | SQL Injection vulnerability in multiple products SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-02-06 | CVE-2008-0609 | Divideconcept | Path Traversal vulnerability in Divideconcept VHD web Pack 2.0 Directory traversal vulnerability in index.php in DivideConcept VHD Web Pack 2.0 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-02-06 | CVE-2008-0607 | Joomla Mambo Sigsiu NET | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) 2.5.3 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2008-02-06 | CVE-2008-0606 | Joomla Mambo Phil Taylor | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter. | 7.5 |
2008-02-06 | CVE-2008-0603 | Amazoop Joomla Mambo | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the amazOOP Awesom! (com_awesom) 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task. | 7.5 |
2008-02-06 | CVE-2008-0601 | ALL Club CMS | SQL Injection vulnerability in ALL Club CMS ALL Club CMS SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter. | 7.5 |
2008-02-05 | CVE-2008-0486 | Mplayer Xine | Numeric Errors vulnerability in multiple products Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. | 7.5 |
2008-02-05 | CVE-2008-0579 | Joomla | SQL Injection vulnerability in Joomla COM Buslicense SQL injection vulnerability in index.php in the buslicense (com_buslicense) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in a list action. | 7.5 |
2008-02-05 | CVE-2008-0567 | Chronoengine | Code Injection vulnerability in Chronoengine Chronoforms 2.3.5 Multiple PHP remote file inclusion vulnerabilities in ChronoEngine ChronoForms (com_chronocontact) 2.3.5 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) PPS/File.php, (2) Writer.php, and (3) PPS.php in excelwriter/; and (4) BIFFwriter.php, (5) Workbook.php, (6) Worksheet.php, and (7) Format.php in excelwriter/Writer/. | 7.5 |
2008-02-04 | CVE-2008-0562 | Mamboserver | SQL Injection vulnerability in Mamboserver Joomla and Mambo SQL injection vulnerability in index.php in the Restaurant (com_restaurant) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | 7.5 |
2008-02-04 | CVE-2008-0561 | Arthur Konze Webdesign Joomla Mambo | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | 7.5 |
2008-02-04 | CVE-2008-0557 | Mamboserver | SQL Injection vulnerability in Mamboserver Catalogshop 1.0B1 SQL injection vulnerability in index.php in the CatalogShop (com_catalogshop) 1.0b1 componenent for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | 7.5 |
2008-02-08 | CVE-2008-0007 | Linux | Resource Management Errors vulnerability in Linux Kernel Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset. | 7.2 |
2008-02-05 | CVE-2008-0588 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3 Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. | 7.2 |
2008-02-05 | CVE-2008-0587 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3 Buffer overflow in the uspchrp program in devices.chrp.base.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. | 7.2 |
2008-02-05 | CVE-2008-0586 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3 Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd program in bos.clvm.enh. | 7.2 |
2008-02-05 | CVE-2008-0584 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3 Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) swap, (2) swapoff, and (3) swapon programs. | 7.2 |
2008-02-05 | CVE-2008-0581 | Moernaut | Permissions, Privileges, and Access Controls vulnerability in Moernaut Lsrunase and Supercrypt Geert Moernaut LSrunasE allows local users to gain privileges by obtaining the encrypted password from a batch file, and constructing a modified batch file that specifies this password in the /password switch and specifies an arbitrary program in the /command switch. | 7.2 |
2008-02-05 | CVE-2008-0573 | Safenet | Permissions, Privileges, and Access Controls vulnerability in Safenet products IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote allows local users to gain privileges via a crafted IPSECDRV_IOCTL IOCTL request. | 7.2 |
2008-02-05 | CVE-2007-4130 | Redhat | Improper Input Validation vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation. | 7.2 |
48 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-02-08 | CVE-2008-0661 | Illustrate | Buffer Errors vulnerability in Illustrate Dbpoweramp Audio Player 2.0 Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. | 6.8 |
2008-02-08 | CVE-2008-0554 | Netpbm | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netpbm Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484. | 6.8 |
2008-02-07 | CVE-2008-0648 | Opensiteadmin | Code Injection vulnerability in Opensiteadmin Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0.9.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) indexFooter.php; and (2) DatabaseManager.php, (3) FieldManager.php, (4) Filter.php, (5) Form.php, (6) FormManager.php, (7) LoginManager.php, and (8) Filters/SingleFilter.php in scripts/classes/. | 6.8 |
2008-02-07 | CVE-2008-0553 | TCL TK | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in TCL TK TCL TK Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484. | 6.8 |
2008-02-06 | CVE-2008-0630 | Mplayer | Buffer Errors vulnerability in Mplayer 1.02Rc2 Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL, which causes the buffer to be reused by the unescape code. | 6.8 |
2008-02-06 | CVE-2008-0604 | Xlight FTP Server | Credentials Management vulnerability in Xlight FTP Server Xlight FTP Server The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions. | 6.8 |
2008-02-06 | CVE-2008-0602 | ALL Club CMS | Path Traversal vulnerability in ALL Club CMS ALL Club CMS Directory traversal vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the class_name parameter. | 6.8 |
2008-02-05 | CVE-2008-0572 | Mindmeld | Code Injection vulnerability in Mindmeld 1.2.0.10 Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 allow remote attackers to execute arbitrary PHP code via a URL in the MM_GLOBALS[home] parameter to (1) acweb/admin_index.php; and (2) ask.inc.php, (3) learn.inc.php, (4) manage.inc.php, (5) mind.inc.php, and (6) sensory.inc.php in include/. | 6.8 |
2008-02-05 | CVE-2008-0566 | Deltascripts | Code Injection vulnerability in Deltascripts PHP Links 1.3 PHP remote file inclusion vulnerability in includes/smarty.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_public_program parameter. | 6.8 |
2008-02-05 | CVE-2008-0565 | Deltascripts | SQL Injection vulnerability in Deltascripts PHP Links SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.8 |
2008-02-05 | CVE-2008-0585 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3 sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permissions for unspecified WebSM Remote Client files, which allows local users to "alter the behavior of" this client by overwriting these files. | 6.6 |
2008-02-08 | CVE-2008-0664 | Wordpress | Permissions, Privileges, and Access Controls vulnerability in Wordpress The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors. | 6.4 |
2008-02-05 | CVE-2008-0577 | Drupal | Permissions, Privileges, and Access Controls vulnerability in Drupal Project Issue Tracking Module 4.7/5.0 The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal (1) does not restrict the extensions of attached files when the Upload module is enabled for issue nodes, which allows remote attackers to upload and possibly execute arbitrary files; and (2) accepts the .html extension within the bundled file-upload functionality, which allows remote attackers to upload files containing arbitrary web script or HTML. | 6.4 |
2008-02-05 | CVE-2008-0569 | Drupal | Permissions, Privileges, and Access Controls vulnerability in Drupal Comment Upload Module 4.7/5.0 The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors. | 6.4 |
2008-02-06 | CVE-2008-0633 | Anon Proxy Server | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Anon Proxy Server Anon Proxy Server Buffer overflow in Anon Proxy Server 0.102 and earlier, when user authentication is enabled, allows remote attackers to cause a denial of service (exception) via a user name with a large number of quotes, which triggers the overflow during escaping. | 6.0 |
2008-02-09 | CVE-2008-0594 | Mozilla | Remote vulnerability in Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.11 Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks. | 5.0 |
2008-02-06 | CVE-2008-0613 | Xoops | Link Following vulnerability in Xoops 2.0.18 Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter. | 5.0 |
2008-02-06 | CVE-2008-0608 | Ipswitch | Buffer Errors vulnerability in Ipswitch WS FTP 6.1 The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823. | 5.0 |
2008-02-05 | CVE-2008-0570 | Drupal | Improper Input Validation vulnerability in Drupal Openid 5 The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers. | 5.0 |
2008-02-04 | CVE-2008-0559 | Nilsons Blogger | Path Traversal vulnerability in Nilsons Blogger Nilsons Blogger 0.11 Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. | 5.0 |
2008-02-05 | CVE-2008-0589 | IBM | Information Exposure vulnerability in IBM AIX 5.2/5.3/6.1 The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors. | 4.9 |
2008-02-09 | CVE-2008-0593 | Mozilla | Information Exposure vulnerability in Mozilla Firefox and Seamonkey Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems. | 4.3 |
2008-02-09 | CVE-2008-0592 | Mozilla | Remote vulnerability in Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.11 Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser. | 4.3 |
2008-02-09 | CVE-2008-0591 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2". | 4.3 |
2008-02-08 | CVE-2008-0418 | Mozilla | Path Traversal vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js. | 4.3 |
2008-02-08 | CVE-2008-0417 | Mozilla | Code Injection vulnerability in Mozilla Firefox CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password. | 4.3 |
2008-02-06 | CVE-2008-0631 | Afterlogic | Improper Input Validation vulnerability in Afterlogic Mailbee Objects 5.5 Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow remote attackers to (1) overwrite arbitrary files via the SaveToDisk method, or (2) modify files via the AddStringToFile method. | 4.3 |
2008-02-06 | CVE-2008-0629 | Mplayer | Buffer Errors vulnerability in Mplayer 1.02Rc2 Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r25824 allows remote user-assisted attackers to execute arbitrary code via a CDDB database entry containing a long album title. | 4.3 |
2008-02-06 | CVE-2008-0625 | Yahoo | Buffer Errors vulnerability in Yahoo Music Jukebox 2.2.2.56 Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in Yahoo! Music Jukebox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddBitmap method. | 4.3 |
2008-02-06 | CVE-2008-0624 | Yahoo | Buffer Errors vulnerability in Yahoo Music Jukebox 2.2.2.56 Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! JukeBox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddButton method, a different vulnerability than CVE-2008-0623. | 4.3 |
2008-02-06 | CVE-2008-0623 | Yahoo | Buffer Errors vulnerability in Yahoo Music Jukebox 2.2.2.056 Stack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method. | 4.3 |
2008-02-06 | CVE-2008-0622 | Raidenhttpd | Cross-Site Scripting vulnerability in Raidenhttpd Cross-site scripting (XSS) vulnerability in RaidenHTTPD 2.0.19 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the ulang parameter. | 4.3 |
2008-02-06 | CVE-2008-0605 | Astrosoft | Cross-Site Scripting vulnerability in Astrosoft Helpdesk Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the (1) txtSearch parameter to operator/article/article_search_results.asp and the (2) Attach_Id parameter to operator/article/article_attachment.asp. | 4.3 |
2008-02-05 | CVE-2008-0583 | Skype Technologies | Code Injection vulnerability in Skype Technologies Skype Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454. | 4.3 |
2008-02-05 | CVE-2008-0582 | Skype Technologies | Code Injection vulnerability in Skype Technologies Skype Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler. | 4.3 |
2008-02-05 | CVE-2008-0578 | Tripwire | Cross-Site Scripting vulnerability in Tripwire Enterprise 7.0 Cross-site scripting (XSS) vulnerability in the web management login page in Tripwire Enterprise 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-02-05 | CVE-2008-0576 | Drupal | Cross-Site Scripting vulnerability in Drupal Project Issue Tracking Module 4.7/5 Cross-site scripting (XSS) vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors that write to summary table pages. | 4.3 |
2008-02-05 | CVE-2008-0575 | Webspell | Cross-Site Request Forgery (CSRF) vulnerability in Webspell 4.01.02 Cross-site request forgery (CSRF) vulnerability in admin/admincenter.php in webSPELL 4.01.02 allows remote attackers to assign the superadmin privilege level to arbitrary accounts as administrators via an "update member" action. | 4.3 |
2008-02-05 | CVE-2008-0574 | Webspell | Cross-Site Scripting vulnerability in Webspell 4.01.02 Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action. | 4.3 |
2008-02-05 | CVE-2008-0571 | Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Userpoints Module 4.7/5.0 The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and manipulate points. | 4.3 |
2008-02-05 | CVE-2008-0564 | Mailman | Cross-Site Scripting vulnerability in Mailman Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636. | 4.3 |
2008-02-05 | CVE-2008-0563 | Liferay | Cross-Site Request Forgery (CSRF) vulnerability in Liferay Enterprise Portal 4.3.6 Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. | 4.3 |
2008-02-05 | CVE-2008-0182 | Liferay | Cross-Site Request Forgery (CSRF) vulnerability in Liferay Enterprise Portal Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message. | 4.3 |
2008-02-05 | CVE-2008-0181 | Liferay | Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.6 Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message. | 4.3 |
2008-02-05 | CVE-2008-0180 | Liferay | Cross-Site Scripting vulnerability in Liferay Enterprise Portal Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile. | 4.3 |
2008-02-05 | CVE-2008-0178 | Liferay | Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.6 Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header. | 4.3 |
2008-02-04 | CVE-2008-0558 | Uniwin | Cross-Site Scripting vulnerability in Uniwin Ecart Professional Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional before 2.0.16 allows remote attackers to inject arbitrary web script or HTML via the rp parameter to cartView.asp and unspecified other components. | 4.3 |
2008-02-04 | CVE-2007-6699 | AOL | Buffer Errors vulnerability in AOL YGP Piceditor Activex Control 9.5.1.8 Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values. | 4.3 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-02-05 | CVE-2008-0179 | Liferay | Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.6 Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. | 2.6 |
2008-02-08 | CVE-2008-0663 | Novell | Unspecified vulnerability in Novell products Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field. | 2.1 |
2008-02-05 | CVE-2008-0580 | Geert Moernaut | Permissions, Privileges, and Access Controls vulnerability in Geert Moernaut Lsrunase and Supercrypt Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering. | 2.1 |
2008-02-05 | CVE-2007-6340 | Moernaut | Credentials Management vulnerability in Moernaut Lsrunase and Supercrypt Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords. | 2.1 |