Weekly Vulnerabilities Reports > February 11 to 17, 2008

Overview

180 new vulnerabilities reported during this period, including 46 critical vulnerabilities and 59 high severity vulnerabilities. This weekly summary report vulnerabilities in 180 products from 95 vendors including Microsoft, Joomla, IBM, Adobe, and Apple. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Code Injection".

  • 162 reported vulnerabilities are remotely exploitables.
  • 54 reported vulnerabilities have public exploit available.
  • 80 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 174 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 21 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 17 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

46 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-02-15 CVE-2008-0530 Cisco Buffer Errors vulnerability in Cisco products

Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP and SIP firmware might allow remote attackers to execute arbitrary code via a crafted DNS response.

10.0
2008-02-15 CVE-2008-0529 Cisco Buffer Errors vulnerability in Cisco products

Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command.

10.0
2008-02-15 CVE-2008-0528 Cisco Buffer Errors vulnerability in Cisco products

Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote attackers to execute arbitrary code via a SIP message with crafted MIME data.

10.0
2008-02-13 CVE-2008-0768 IBM
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Informix Dynamic Server and Informix Storage Manager

Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.

10.0
2008-02-13 CVE-2008-0766 Microsoft
Brooks Internet Software
Buffer Errors vulnerability in Brooks Internet Software products

Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print Manager (RPM) 4.5.1.11 and earlier (Elite and Select) for Windows allows remote attackers to execute arbitrary code via a long filename in a "Receive data file" LPD command.

10.0
2008-02-13 CVE-2008-0764 Larson Software Technology USE of Externally-Controlled Format String vulnerability in Larson Software Technology Network Print Server

Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114.

10.0
2008-02-13 CVE-2008-0763 Larson Software Technology Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Larson Software Technology Network Print Server

Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier allows remote attackers to execute arbitrary code via a long argument in a LICENSE command on TCP port 3114.

10.0
2008-02-13 CVE-2008-0639 Microsoft
Novell
Buffer Errors vulnerability in Novell Client 4.91

Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854.

10.0
2008-02-13 CVE-2007-6701 Microsoft
Novell
Buffer Errors vulnerability in Novell Client 4.91

Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than CVE-2007-2954.

10.0
2008-02-13 CVE-2007-6431 Adobe Remote Security vulnerability in Adobe Flash Media Server and Connect Enterprise Server 2

Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to "take control of the affected system" via unspecified vectors, a different issue than CVE-2007-6148 and CVE-2007-6149.

10.0
2008-02-13 CVE-2007-6149 Adobe Numeric Errors vulnerability in Adobe Connect Enterprise Server and Flash Media Server 2

Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allow remote attackers to execute arbitrary code via a Real Time Message Protocol (RTMP) message with a crafted integer field that is used for allocation.

10.0
2008-02-13 CVE-2007-6148 Adobe Resource Management Errors vulnerability in Adobe Connect Enterprise Server and Flash Media Server 2

Use-after-free vulnerability in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to execute arbitrary code via an unspecified sequence of Real Time Message Protocol (RTMP) requests.

10.0
2008-02-13 CVE-2008-0748 Sony Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sony Axruploadserver Activex Control and Imagestation

Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX control in AxRUploadServer.dll 1.0.0.38 in SonyISUpload.cab 1.0.0.38 for Sony ImageStation allows remote attackers to execute arbitrary code via a long argument to the SetLogging method.

10.0
2008-02-13 CVE-2008-0743 Joovili Code Injection vulnerability in Joovili

PHP remote file inclusion vulnerability in members_help.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter.

10.0
2008-02-13 CVE-2008-0741 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) has unknown impact and attack vectors.

10.0
2008-02-13 CVE-2008-0735 Auracms SQL Injection vulnerability in Auracms 2.2

SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter.

10.0
2008-02-13 CVE-2007-3676 IBM Resource Management Errors vulnerability in IBM DB2

IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access.

10.0
2008-02-12 CVE-2008-0102 Microsoft Resource Management Errors vulnerability in Microsoft Publisher 2000/2002/2003

Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."

10.0
2008-02-12 CVE-2008-0080 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Webdav Mini-Redirector

Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.

10.0
2008-02-12 CVE-2007-0065 Microsoft Code Injection vulnerability in Microsoft Office and Visual Basic

Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.

10.0
2008-02-12 CVE-2008-0075 Microsoft Code Injection vulnerability in Microsoft Internet Information Server 6.0

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.

10.0
2008-02-12 CVE-2008-0728 Clamav Resource Management Errors vulnerability in Clamav

The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."

10.0
2008-02-12 CVE-2008-0318 Clam Anti Virus Numeric Errors vulnerability in Clam Anti-Virus Clamav

Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.

10.0
2008-02-12 CVE-2008-0040 Apple Resource Management Errors vulnerability in Apple mac OS X 10.5/10.5.1

Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption.

10.0
2008-02-12 CVE-2008-0725 Titan Buffer Errors vulnerability in Titan FTP Server 6.0.5.549

Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command.

10.0
2008-02-12 CVE-2008-0215 HP Permissions, Privileges, and Access Controls vulnerability in HP products

Multiple unspecified vulnerabilities in HP Storage Essentials Storage Resource Management (SRM) before 6.0.0 allow remote attackers to obtain unspecified access to a managed device via unknown attack vectors.

10.0
2008-02-12 CVE-2008-0671 Tintin Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tintin Tintin++ and Wintin++

Stack-based buffer overflow in the add_line_buffer function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to execute arbitrary code via a long chat message, related to conversion from LF to CRLF.

10.0
2008-02-15 CVE-2008-0531 Cisco Buffer Errors vulnerability in Cisco products

Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote SIP servers to execute arbitrary code via a crafted challenge/response message.

9.3
2008-02-13 CVE-2008-0747 Cowon America Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cowon America Jetaudio Basic

Stack-based buffer overflow in COWON America jetAudio 7.0.5 and earlier allows user-assisted remote attackers to execute arbitrary code via a long URL in a .asx file, a different vulnerability than CVE-2007-5487.

9.3
2008-02-13 CVE-2008-0103 Microsoft Resource Management Errors vulnerability in Microsoft Office

Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."

9.3
2008-02-12 CVE-2008-0109 Microsoft Resource Management Errors vulnerability in Microsoft Office and Word

Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.

9.3
2008-02-12 CVE-2008-0108 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office and Works

Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."

9.3
2008-02-12 CVE-2008-0105 Microsoft Improper Input Validation vulnerability in Microsoft Office and Works

Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."

9.3
2008-02-12 CVE-2008-0104 Microsoft Code Injection vulnerability in Microsoft Office and Publisher

Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."

9.3
2008-02-12 CVE-2008-0078 Microsoft Code Injection vulnerability in Microsoft Activex, IE and Internet Explorer

Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."

9.3
2008-02-12 CVE-2008-0077 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 6/7

Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."

9.3
2008-02-12 CVE-2008-0076 Microsoft Code Injection vulnerability in Microsoft IE and Internet Explorer

Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."

9.3
2008-02-12 CVE-2007-0216 Microsoft Improper Input Validation vulnerability in Microsoft Office and Works

wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."

9.3
2008-02-12 CVE-2008-0726 Adobe Numeric Errors vulnerability in Adobe Acrobat and Acrobat Reader

Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption.

9.3
2008-02-12 CVE-2007-5663 Adobe Code Injection vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in.

9.3
2008-02-12 CVE-2007-5659 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods.

9.3
2008-02-12 CVE-2008-0420 Mozilla Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read.

9.3
2008-02-12 CVE-2008-0715 Acdsee Buffer Errors vulnerability in Acdsee Photo Manager 10.0/8.1/9.0

Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 allows user-assisted remote attackers to execute arbitrary code via a malformed XBM file.

9.3
2008-02-12 CVE-2008-0702 South River Technologies Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in South River Technologies Titan FTP Server 6.0.5.549/6.03

Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641.

9.3
2008-02-11 CVE-2008-0668 Redhat
Gnome
Numeric Errors vulnerability in Gnome Gnumeric

The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow.

9.3
2008-02-12 CVE-2008-0699 IBM Remote Security vulnerability in IBM DB2 8.2/9.1/9.5

Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.

9.0

59 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-02-15 CVE-2008-0527 Cisco Improper Input Validation vulnerability in Cisco products

The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request.

7.8
2008-02-15 CVE-2008-0526 Cisco Improper Input Validation vulnerability in Cisco products

Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet.

7.8
2008-02-12 CVE-2008-0084 Microsoft Remote Denial Of Service vulnerability in Microsoft Windows Vista DHCP

Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet.

7.8
2008-02-12 CVE-2008-0698 IBM Buffer Errors vulnerability in IBM DB2 8.2Fixpack15

Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access."

7.8
2008-02-12 CVE-2008-0693 Print Manager Plus Buffer Errors vulnerability in Print Manager Plus Client Billing and Authentication 7.0.127.16

Stack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 Client Billing and Authentication 7.0.127.16 allows remote attackers to cause a denial of service (service outage) via a series of long packets to TCP port 48101.

7.8
2008-02-12 CVE-2008-0680 Microtik Denial of Service vulnerability in MikroTik RouterOS SNMP SET

SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request.

7.8
2008-02-15 CVE-2008-0803 Lookstrike Code Injection vulnerability in Lookstrike LAN Manager 0.9

Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan Manager 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the sys_conf[path][real] parameter to (1) modules\class\Table.php; (2) db_admins.php, (3) db_alert.php, (4) db_double.php, (5) db_games.php, (6) db_matches.php, (7) db_match_teams.php, (8) db_news.php, (9) db_platform.php, (10) db_players.php, (11) db_server_group.php, (12) db_server_ip.php, (13) db_teams.php, (14) db_team_players.php, (15) db_tournaments.php, (16) db_tournament_teams.php, and (17) db_trees.php in modules\class\db\; and (18) Match.php, (19) MatchTeam.php, (20) Rule.php, (21) RuleBuilder.php, (22) RulePool.php, (23) RuleSingle.php, (24) RuleTree.php, (25) Tournament.php, (26) TournamentTeam.php, (27) Tree.php, and (28) TreeSingle.php in modules\class\tournament\.

7.5
2008-02-15 CVE-2008-0802 Joomla
Mediaslide
SQL Injection vulnerability in multiple products

SQL injection vulnerability in index.php in the MediaSlide (com_mediaslide) 0.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the albumnum parameter in a contact action.

7.5
2008-02-15 CVE-2008-0801 Paxxgallery
Joomla
Mambo Foundation
SQL Injection vulnerability in Paxxgallery COM Paxxgallery 0.2

SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter.

7.5
2008-02-15 CVE-2008-0800 Joomla SQL Injection vulnerability in Joomla COM Mcquiz 0.9

SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) 0.9 Final component for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.

7.5
2008-02-15 CVE-2008-0799 Joomla
Mambo
SQL Injection vulnerability in multiple products

SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.

7.5
2008-02-15 CVE-2008-0796 Nuboard SQL Injection vulnerability in Nuboard 0.5

SQL injection vulnerability in threads.php in Nuboard 0.5 allows remote attackers to execute arbitrary SQL commands via the ssid parameter.

7.5
2008-02-15 CVE-2008-0795 Joomla
Mambo
Mgfi
SQL Injection vulnerability in multiple products

SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.

7.5
2008-02-15 CVE-2008-0789 LI Scripts SQL Injection vulnerability in Li-Scripts Li-Countdown

SQL injection vulnerability in countdown.php in LI-Scripts LI-Countdown allows remote attackers to execute arbitrary SQL commands via the years parameter.

7.5
2008-02-14 CVE-2008-0785 Cacti SQL Injection vulnerability in Cacti

Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login.

7.5
2008-02-14 CVE-2008-0778 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods.

7.5
2008-02-14 CVE-2008-0776 Itechscripts SQL Injection vulnerability in Itechscripts Itechbids 6.0

SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.

7.5
2008-02-14 CVE-2008-0773 Joomla
Mambo
Phil Taylor
SQL Injection vulnerability in multiple products

SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-02-14 CVE-2008-0772 Joomla
Mambo
SQL Injection vulnerability in multiple products

SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task.

7.5
2008-02-14 CVE-2008-0771 Site2Nite SQL Injection vulnerability in Site2Nite Real Estate web

Multiple SQL injection vulnerabilities in default.asp in Site2Nite allow remote attackers to execute arbitrary SQL commands via the (1) txtUserName and (2) txtPassword parameters.

7.5
2008-02-14 CVE-2008-0770 Ibproarcade SQL Injection vulnerability in Ibproarcade

SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the g_display_order cookie parameter.

7.5
2008-02-13 CVE-2008-0762 Joomla SQL Injection vulnerability in Joomla COM Iomezun

SQL injection vulnerability in index.php in the com_iomezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.

7.5
2008-02-13 CVE-2008-0761 Joomla SQL Injection vulnerability in Joomla COM Pcchess

SQL injection vulnerability in index.php in the Prince Clan Chess Club (com_pcchess) 0.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a players action.

7.5
2008-02-13 CVE-2008-0755 Cyan Soft USE of Externally-Controlled Format String vulnerability in Cyan Soft products

Format string vulnerability in the ReportSysLogEvent function in the LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; might allow remote attackers to execute arbitrary code via format string specifiers in the queue name in a request.

7.5
2008-02-13 CVE-2008-0754 Joomla SQL Injection vulnerability in Joomla COM Rapidrecipe 1.6.5

Multiple SQL injection vulnerabilities in index.php in the Rapid Recipe (com_rapidrecipe) 1.6.5 component for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a showuser action or (2) the category_id parameter in a viewcategorysrecipes action.

7.5
2008-02-13 CVE-2008-0753 Vwar SQL Injection vulnerability in Vwar Virtual WAR 1.5

SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter.

7.5
2008-02-13 CVE-2008-0752 Joomla
Mambo
SQL Injection vulnerability in multiple products

SQL injection vulnerability in index.php in the Neogallery (com_neogallery) 1.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show action.

7.5
2008-02-13 CVE-2008-0750 Husrev SQL Injection vulnerability in Husrev Blackboard 2.0.2

SQL injection vulnerability in philboard_forum.asp in Husrev BlackBoard 2.0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

7.5
2008-02-13 CVE-2008-0746 Joomla
Mambo
SQL Injection vulnerability in multiple products

SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

7.5
2008-02-13 CVE-2008-0745 Domphp Path Traversal vulnerability in Domphp 0.82

Directory traversal vulnerability in aides/index.php in DomPHP 0.82 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-02-13 CVE-2008-0744 Preprojects COM SQL Injection vulnerability in Preprojects.Com PRE Hotels & Resorts Management System

SQL injection vulnerability in user_login.asp in PreProjects.com Pre Hotels & Resorts Management System allows remote attackers to execute arbitrary SQL commands via the login page.

7.5
2008-02-13 CVE-2008-0742 Powerscripts Path Traversal vulnerability in Powerscripts Powernews 2.5.6

Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a ..

7.5
2008-02-13 CVE-2008-0739 Shoppingtree SQL Injection vulnerability in Shoppingtree Candypress Store 4.1.1.26

SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and earlier 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the FedExAccount parameter.

7.5
2008-02-13 CVE-2008-0738 Shoppingtree SQL Injection vulnerability in Shoppingtree Candypress Store 4.1.1.26

Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idcust parameter to (a) ajax_getTiers.asp and (b) ajax_getCust.asp in ajax/, and the (2) tableName parameter to (c) ajax/ajax_tableFields.asp.

7.5
2008-02-13 CVE-2008-0737 Shoppingtree SQL Injection vulnerability in Shoppingtree Candypress Store 4.1/4.1.1.26

SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the helpfield parameter.

7.5
2008-02-13 CVE-2008-0734 Limbo CMS SQL Injection vulnerability in Limbo CMS Limbo CMS

SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php.

7.5
2008-02-13 CVE-2008-0733 CS Team SQL Injection vulnerability in CS Team Counter Strike Portal

SQL injection vulnerability in index.php in CS Team Counter Strike Portals allows remote attackers to execute arbitrary SQL commands via the id parameter, as demonstrated using the downloads page.

7.5
2008-02-12 CVE-2008-0731 Linux
Suse
Novell
Permissions, Privileges, and Access Controls vulnerability in Novell Apparmor

The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmored task.

7.5
2008-02-12 CVE-2008-0721 Mambo SQL Injection vulnerability in Mambo COM Sermon 0.2

SQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter.

7.5
2008-02-12 CVE-2008-0719 Oscommerce SQL Injection vulnerability in Oscommerce Customer Testimonials and Oscommerce

SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter.

7.5
2008-02-12 CVE-2008-0696 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.2Fixpack15

IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors.

7.5
2008-02-12 CVE-2008-0695 Bookmarkx SQL Injection vulnerability in Bookmarkx Script 2007

SQL injection vulnerability in index.php in BookmarkX script 2007 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a showtopic action.

7.5
2008-02-12 CVE-2008-0692 Itechscripts SQL Injection vulnerability in Itechscripts Itechbids 3Gold/5.0

SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.

7.5
2008-02-12 CVE-2008-0690 Joomla SQL Injection vulnerability in Joomla COM Directory 2.3.2

SQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action.

7.5
2008-02-12 CVE-2008-0689 Joomla SQL Injection vulnerability in Joomla COM Marketplace 1.1.1/1.1.1Pl1

SQL injection vulnerability in index.php in the Marketplace (com_marketplace) 1.1.1 and 1.1.1-pl1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_category action.

7.5
2008-02-12 CVE-2008-0687 Youtube Code Injection vulnerability in Youtube Clone Script

Cross-site scripting (XSS) vulnerability in siteadmin/editor_files/includes/load_message.php in the Youtube Clone Script allows remote attackers to inject arbitrary web script or HTML via the lang[please_wait] parameter.

7.5
2008-02-12 CVE-2008-0686 Joomla
Mambo
SQL Injection vulnerability in multiple products

SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2008-02-12 CVE-2008-0685 Itechscripts SQL Injection vulnerability in Itechscripts Itechclassifieds 3.0

SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.

7.5
2008-02-12 CVE-2008-0683 Wordpress SQL Injection vulnerability in Wordpress ST Newsletter Plugin

SQL injection vulnerability in shiftthis-preview.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter.

7.5
2008-02-12 CVE-2008-0682 Wordpress SQL Injection vulnerability in Wordpress Wordspew

SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-02-12 CVE-2008-0677 A Blog SQL Injection vulnerability in A-Blog 2

SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action.

7.5
2008-02-12 CVE-2008-0675 THE Everything Development Company SQL Injection vulnerability in the Everything Development Company the Everything Development Engine

SQL injection vulnerability in cms/index.pl in The Everything Development Engine in The Everything Development System Pre-1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the node_id parameter.

7.5
2008-02-12 CVE-2008-0673 Tintin Multiple Security vulnerability in TinTin++ and WinTin++ '#chat' Command

TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory.

7.5
2008-02-12 CVE-2008-0670 Joomla SQL Injection vulnerability in Joomla COM Noticias 1.0

SQL injection vulnerability in index.php in the Noticias (com_noticias) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detalhe action.

7.5
2008-02-14 CVE-2008-0779 Fortinet Permissions, Privileges, and Access Controls vulnerability in Fortinet Forticlient Host Security

The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request.

7.2
2008-02-12 CVE-2008-0600 Linux Code Injection vulnerability in Linux Kernel

The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.

7.2
2008-02-12 CVE-2008-0074 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

7.2
2008-02-12 CVE-2008-0697 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.2Fixpack15

Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors.

7.2
2008-02-12 CVE-2008-0729 Apple Resource Management Errors vulnerability in Apple Mobile Safari

Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers to cause a denial of service (memory exhaustion and device crash) via certain JavaScript code that constructs a long string and an array containing long string elements, possibly a related issue to CVE-2006-3677.

7.1

68 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-02-13 CVE-2007-5757 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.0

Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library.

6.9
2008-02-15 CVE-2008-0788 Mybb Cross-Site Request Forgery (CSRF) vulnerability in Mybb

Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php.

6.8
2008-02-12 CVE-2008-0088 Microsoft Improper Input Validation vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.

6.8
2008-02-12 CVE-2008-0042 Apple Code Injection vulnerability in Apple mac OS X 10.4.11/10.5/10.5.1

Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes.

6.8
2008-02-12 CVE-2008-0039 Apple Code Injection vulnerability in Apple Mail

Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL.

6.8
2008-02-12 CVE-2008-0716 Symantec Privilege Escalation vulnerability in Symantec Altiris Notification Server Agents Shatter Attack

The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 allows local users to gain privileges via a "Shatter" style attack.

6.8
2008-02-12 CVE-2008-0714 Mihalism SQL Injection vulnerability in Mihalism Multi Host 3.0

SQL injection vulnerability in users.php in Mihalism Multi Host allows remote attackers to execute arbitrary SQL commands via the username parameter in a lost_password_go action.

6.8
2008-02-12 CVE-2008-0681 Phpshop SQL Injection vulnerability in PHPshop 0.8.1

SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action.

6.8
2008-02-12 CVE-2008-0678 Blogphp SQL Injection vulnerability in Blogphp 2.0

SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action.

6.8
2008-02-15 CVE-2008-0787 Mybulletinboard SQL Injection vulnerability in Mybulletinboard

SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.

6.5
2008-02-14 CVE-2008-0026 Cisco SQL Injection vulnerability in Cisco products

SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.

6.5
2008-02-15 CVE-2008-0794 Affiliate Market Path Traversal vulnerability in Affiliate Market Affiliate Market 0.1Beta

Directory traversal vulnerability in user/header.php in Affiliate Market 0.1 BETA allows remote attackers to include and execute arbitrary local files via a ..

6.4
2008-02-12 CVE-2007-5666 Adobe Code Injection vulnerability in Adobe Acrobat and Acrobat Reader

Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory.

6.2
2008-02-15 CVE-2008-0792 F Secure Permissions, Privileges, and Access Controls vulnerability in F-Secure products

Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.

5.8
2008-02-12 CVE-2008-0002 Apache Remote Information Disclosure vulnerability in Apache Tomcat Parameter Processing

Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.

5.8
2008-02-15 CVE-2008-0797 Itheora Path Traversal vulnerability in Itheora 1.0

Directory traversal vulnerability in lib/download.php in iTheora 1.0 rc1 allows remote attackers to read arbitrary files via directory traversal sequences in the url parameter.

5.0
2008-02-15 CVE-2008-0791 Intermate Improper Input Validation vulnerability in Intermate Winipds 3.3Revg5233021

ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to cause a denial of service (CPU consumption) via short packets on TCP port 5001 with the 3, 5, 7, 13, 14, or 15 packet types.

5.0
2008-02-15 CVE-2008-0790 Intermate Path Traversal vulnerability in Intermate Winipds 3.3Revg5233021

Directory traversal vulnerability in ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to read arbitrary files via a ..

5.0
2008-02-14 CVE-2008-0784 Cacti Information Exposure vulnerability in Cacti

graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.

5.0
2008-02-14 CVE-2008-0782 Moinmoin Path Traversal vulnerability in Moinmoin

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a ..

5.0
2008-02-13 CVE-2008-0767 Extremez
Extremez IP
Numeric Errors vulnerability in multiple products

ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier does not verify that a certain "number of URLs" field is consistent with the packet length, which allows remote attackers to cause a denial of service (daemon crash) via a large integer in this field in a packet to the Service Location Protocol (SLP) service on UDP port 427, triggering an out-of-bounds read.

5.0
2008-02-13 CVE-2008-0760 Safenet Path Traversal vulnerability in Safenet Sentinel Keys Server and Sentinel Protection Server

Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI.

5.0
2008-02-13 CVE-2008-0759 Group Logic Cryptographic Issues vulnerability in Group Logic Extremez-Ip File Server and Extremez-Ip Print Server

ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allows remote attackers to cause a denial of service (daemon crash) via an invalid UAM field in a request to the Apple Filing Protocol (AFP) service on TCP port 548.

5.0
2008-02-13 CVE-2008-0758 Group Logic Path Traversal vulnerability in Group Logic Extremez-Ip File Server and Extremez-Ip Print Server

Multiple directory traversal vulnerabilities in the Zidget/HTTP embedded HTTP server in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allow remote attackers to read arbitrary (1) gif, (2) png, (3) jpg, (4) xml, (5) ico, (6) zip, and (7) html files via a "..\" (dot dot backslash) sequence in the filename.

5.0
2008-02-13 CVE-2008-0756 Cyan Soft Applications Format String Vulnerability and Denial of Service vulnerability in cyan soft

The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; allows remote attackers to cause a denial of service (daemon crash) via a connection that begins with (1) a "Send queue state" LPD command 3 or (2) a "Send queue state" LPD command 4.

5.0
2008-02-13 CVE-2008-0736 Shoppingtree Information Exposure vulnerability in Shoppingtree Candypress Store 4.1/4.1.1.26

admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter.

5.0
2008-02-12 CVE-2008-0636 Level Platforms Information Exposure vulnerability in Level Platforms Managed Workplace Service Center 4/5/6

Level Platforms, Inc.

5.0
2008-02-12 CVE-2008-0041 Apple Information Exposure vulnerability in Apple mac OS X 10.5/10.5.1

Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls.

5.0
2008-02-12 CVE-2008-0724 THE Everything Development Company Credentials Management vulnerability in the Everything Development Company the Everything Development Engine

The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts.

5.0
2008-02-12 CVE-2008-0703 Sflog Path Traversal vulnerability in Sflog

Multiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a ..

5.0
2008-02-12 CVE-2008-0701 Magnolia Permissions, Privileges, and Access Controls vulnerability in Magnolia CE 3.5.1/3.5.2/3.5.3

ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content.

5.0
2008-02-12 CVE-2008-0672 Tintin Improper Input Validation vulnerability in Tintin Tintin++ and Wintin++

The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which triggers a NULL dereference.

5.0
2008-02-12 CVE-2007-5333 Apache
Apache Software Foundation
Information Exposure vulnerability in multiple products

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

5.0
2008-02-15 CVE-2008-0777 Freebsd Permissions, Privileges, and Access Controls vulnerability in Freebsd

The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files.

4.9
2008-02-12 CVE-2008-0718 SUN Improper Input Validation vulnerability in SUN Solaris 10/9

Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.

4.7
2008-02-12 CVE-2008-0730 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Solaris 10

The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of other users.

4.6
2008-02-12 CVE-2008-0163 Linux Link Following vulnerability in Linux Kernel 2.6.0

Linux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc.

4.4
2008-02-15 CVE-2008-0798 Artmedic Webdesign Path Traversal vulnerability in Artmedic Webdesign Artmedic Weblog 1.0

Multiple directory traversal vulnerabilities in artmedic webdesign weblog 1.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a ..

4.3
2008-02-15 CVE-2008-0793 Tendenci Cross-Site Scripting vulnerability in Tendenci CMS

Multiple cross-site scripting (XSS) vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) searchtext, (3) jobcategoryid, (4) contactcompany, and unspecified other parameters.

4.3
2008-02-15 CVE-2008-0642 Adobe Cross-Site Scripting vulnerability in Adobe Robohelp 6/7

Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-1280.

4.3
2008-02-14 CVE-2008-0786 Cacti Code Injection vulnerability in Cacti

CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

4.3
2008-02-14 CVE-2008-0783 Cacti Cross-Site Scripting vulnerability in Cacti

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action parameter to the draw_navigation_text function in lib/functions.php, reachable through index.php (aka the login page) or data_input.php; or (4) the login_username parameter to index.php.

4.3
2008-02-14 CVE-2008-0781 Moinmoin Cross-Site Scripting vulnerability in Moinmoin

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.

4.3
2008-02-14 CVE-2008-0780 Moinmoin Cross-Site Scripting vulnerability in Moinmoin

Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.

4.3
2008-02-14 CVE-2008-0775 Simple Machines Cross-Site Scripting vulnerability in Simple Machines SMF Shoutbox 1.14/1.15/1.16B

Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desired script, and end with ";".

4.3
2008-02-14 CVE-2008-0774 Loris Cross-Site Scripting vulnerability in Loris Hotel Reservation System

Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel Reservation System 3.01 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the hotel_name parameter.

4.3
2008-02-14 CVE-2008-0769 Opentext Cross-Site Scripting vulnerability in Opentext Livelink ECM

Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input.

4.3
2008-02-13 CVE-2008-0765 Artmedic Webdesign Cross-Site Scripting vulnerability in Artmedic Webdesign Artmedic Weblog

Multiple cross-site scripting (XSS) vulnerabilities in artmedic webdesign weblog allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to artmedic_print.php and the (2) jahrneu parameter to index.php.

4.3
2008-02-13 CVE-2008-0757 Mercuryboard Cross-Site Scripting vulnerability in Mercuryboard Message Board

Cross-site scripting (XSS) vulnerability in index.php in MercuryBoard 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter (aka the message text area), which leads to an injection in the messenger during private message (PM) preview.

4.3
2008-02-13 CVE-2008-0751 Microsoft
S9Y
Cross-Site Scripting vulnerability in S9Y Serendipity Event Freetag

Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/.

4.3
2008-02-13 CVE-2008-0749 Calimero CMS Cross-Site Scripting vulnerability in Calimero.Cms 3.3

Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS 3.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a calimero_webpage action.

4.3
2008-02-12 CVE-2008-0037 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.5/10.5.1

X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server.

4.3
2008-02-12 CVE-2008-0416 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.

4.3
2008-02-12 CVE-2008-0723 Planetluc Cross-Site Scripting vulnerability in Planetluc Mynews

Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1.

4.3
2008-02-12 CVE-2008-0722 Pagetool Cross-Site Scripting vulnerability in Pagetool 1.07

Cross-site scripting (XSS) vulnerability in index.php in Pagetool 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter in a pagetool_search action.

4.3
2008-02-12 CVE-2008-0720 Webmin Cross-Site Scripting vulnerability in Webmin Usermin and Webmin

Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a "search box" or "open file box." NOTE: some of these details are obtained from third party information.

4.3
2008-02-12 CVE-2008-0717 IBM Cross-Site Scripting vulnerability in IBM Websphere Edge Server

Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response.

4.3
2008-02-12 CVE-2008-0700 Crux Software Cross-Site Scripting vulnerability in Crux Software Cruxcms 3.0

Cross-site scripting (XSS) vulnerability in search.php in Crux Software CruxCMS 3.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2008-02-12 CVE-2008-0694 IBM Cross-Site Scripting vulnerability in IBM OS 400 V5R3M0/V5R4M0

Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header.

4.3
2008-02-12 CVE-2008-0691 Simon Elvery
Wordpress
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], and (4) wp_footnotes_current_settings[post_footnotes] parameters.

4.3
2008-02-12 CVE-2008-0688 Smartscript Cross-Site Scripting vulnerability in Smartscript Domain Trader 2.0

Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript Domain Trader 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a viewcategory action.

4.3
2008-02-12 CVE-2008-0684 Itechscripts Cross-Site Scripting vulnerability in Itechscripts Itechclassifieds 3.0

Cross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to inject arbitrary web script or HTML via the CatID parameter.

4.3
2008-02-12 CVE-2008-0679 Blogphp Cross-Site Scripting vulnerability in Blogphp 2.0

Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2008-02-12 CVE-2008-0676 A Blog Cross-Site Scripting vulnerability in A-Blog 2

Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.

4.3
2008-02-12 CVE-2008-0669 Sift Cross-Site Scripting vulnerability in Sift Unity

Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity allows remote attackers to inject arbitrary web script or HTML via the qt parameter.

4.3
2008-02-12 CVE-2007-6286 Apache Duplicate Request Processing Security vulnerability in Apache Tomcat

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.

4.3
2008-02-11 CVE-2008-0667 Adobe Resource Management Errors vulnerability in Adobe Acrobat Reader

The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document.

4.3
2008-02-13 CVE-2008-0658 Openldap Resource Management Errors vulnerability in Openldap 2.3.39

slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.

4.0

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-02-11 CVE-2008-0666 Website Meta Language Link Following vulnerability in Website Meta Language Website Meta Language 2.0.11

Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.

3.6
2008-02-11 CVE-2008-0665 Website Meta Language Link Following vulnerability in Website Meta Language Website Meta Language 2.0.11

wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.

3.6
2008-02-13 CVE-2008-0740 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this file.

2.1
2008-02-12 CVE-2008-0732 Suse
Apache
Link Following vulnerability in Apache Geronimo

The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.

2.1
2008-02-12 CVE-2008-0010 Linux Improper Input Validation vulnerability in Linux Kernel

The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.

2.1
2008-02-12 CVE-2008-0009 Linux Improper Input Validation vulnerability in Linux Kernel

The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.

2.1
2008-02-12 CVE-2008-0038 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.5/10.5.1

Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.

1.9