Weekly Vulnerabilities Reports > February 25 to March 2, 2008

Overview

88 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 25 high severity vulnerabilities. This weekly summary report vulnerabilities in 129 products from 67 vendors including Double Take Software, Redhat, Xoops, Wordpress, and Symantec. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Code Injection", and "Resource Management Errors".

  • 81 reported vulnerabilities are remotely exploitables.
  • 20 reported vulnerabilities have public exploit available.
  • 32 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 85 reported vulnerabilities are exploitable by an anonymous user.
  • Double Take Software has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • Videolan has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-02-27 CVE-2008-1049 Positive Software Unspecified vulnerability in Positive Software H-Sphere and Sitestudio

Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors.

10.0
2008-02-27 CVE-2008-1040 Fujitsu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fujitsu products

Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI.

10.0
2008-02-25 CVE-2008-0935 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint and Iprint Client

Stack-based buffer overflow in the Novell iPrint Control ActiveX control in ienipp.ocx in Novell iPrint Client before 4.34 allows remote attackers to execute arbitrary code via a long argument to the ExecuteRequest method.

10.0
2008-02-29 CVE-2007-6016 Symantec Buffer Errors vulnerability in Symantec Backup Exec for Windows Server 11D/12.0

Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method.

9.3
2008-02-26 CVE-2008-0984 Miro
Videolan
Resource Management Errors vulnerability in multiple products

The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.

9.3

25 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-02-28 CVE-2008-1058 Openbsd Remote Denial of Service vulnerability in Openbsd 4.1/4.2

The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 allows attackers to cause a denial of service (panic) via crafted TCP packets.

7.8
2008-02-28 CVE-2008-1057 Openbsd Remote Denial of Service vulnerability in Openbsd 4.2

The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers.

7.8
2008-02-29 CVE-2008-0385 Urulu SQL Injection vulnerability in Urulu 2.1

SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with (1) statprt/js/request or (2) dyn/js/request in the PATH_INFO.

7.5
2008-02-29 CVE-2008-0304 Linux
Microsoft
Mozilla
Buffer Errors vulnerability in Mozilla Seamonkey and Thunderbird

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview.

7.5
2008-02-29 CVE-2008-1077 Mamboportal COM SQL Injection vulnerability in Mamboportal.Com Simpleboard 1.0.3Stable

SQL injection vulnerability in index.php in the Simpleboard (com_simpleboard) 1.0.3 Stable component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action.

7.5
2008-02-28 CVE-2008-1066 Smarty Improper Input Validation vulnerability in Smarty

The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.

7.5
2008-02-28 CVE-2008-1065 Xoops SQL Injection vulnerability in Xoops XM Memberstats 2.0E

Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter.

7.5
2008-02-28 CVE-2007-5397 Activepdf Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Activepdf Server

Heap-based buffer overflow in the activePDF Server service (aka APServer.exe) in activePDF Server 3.8.4 and 3.8.5.14, and possibly other versions before 3.8.6.16, allows remote attackers to execute arbitrary code via a packet with a size field that is less than the actual size of the data.

7.5
2008-02-28 CVE-2008-1060 Wordpress Code Injection vulnerability in Wordpress Sniplets Plugin 1.1.2/1.2.2

Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter.

7.5
2008-02-28 CVE-2008-1059 Wordpress Code Injection vulnerability in Wordpress Sniplets Plugin 1.1.2/1.2.2

PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.

7.5
2008-02-27 CVE-2008-1055 Netwin USE of Externally-Controlled Format String vulnerability in Netwin Surgemail and Webmail

Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.

7.5
2008-02-27 CVE-2008-1053 Phpnuke SQL Injection vulnerability in PHPnuke Kose Yazilari Module

Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php.

7.5
2008-02-27 CVE-2008-1050 Softbiz SQL Injection vulnerability in Softbiz Jokes and Funny Pictures Script

SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.

7.5
2008-02-27 CVE-2008-1044 Move Networks INC Buffer Errors vulnerability in Move Networks INC Move Media Player and Qunatum Streaming Player

Stack-based buffer overflow in the Quantum Streaming Player (Quantum Streaming IE Player) ActiveX control (aka QSP2IE.QSP2IE) in qsp2ie07076007.dll 7.7.6.7 and qsp2ie07074039.dll 7.7.4.39 in Move Media Player allows remote attackers to execute arbitrary code via a long argument to the UploadLogs method, a different vector than CVE-2007-4722.

7.5
2008-02-27 CVE-2008-1043 Linux WEB Shop Code Injection vulnerability in Linux web Shop PHP User Base 1.3

PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter.

7.5
2008-02-27 CVE-2008-1039 Porar SQL Injection vulnerability in Porar Webboard

SQL injection vulnerability in question.asp in PORAR WEBBOARD allows remote attackers to execute arbitrary SQL commands via the QID parameter.

7.5
2008-02-25 CVE-2008-0973 Double Take Software Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Double-Take Software Double-Take 4.5/5.0.0.2865

Buffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) 4.5.0.1629, and other 4.5.0.x versions, allows remote attackers to have an unknown impact via a packet with a long string in the username field.

7.5
2008-02-25 CVE-2008-0943 Aeries SQL Injection vulnerability in Aeries Student Information System 3.7.2.2/3.8.2.8

Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp.

7.5
2008-02-25 CVE-2008-0942 Aeries SQL Injection vulnerability in Aeries Student Information System 3.7.2.2/3.8.2.8

SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter.

7.5
2008-02-25 CVE-2008-0932 Debian
Redhat
THE Sword Project
Improper Input Validation vulnerability in the Sword Project Diatheke Front END and Sword

diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.

7.5
2008-02-25 CVE-2008-0939 Wordpress SQL Injection vulnerability in Wordpress Photo Album Plugin 1.1

Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function.

7.5
2008-02-25 CVE-2008-0936 Xoops SQL Injection vulnerability in Xoops Prayer List Module 1.04

SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.

7.5
2008-02-25 CVE-2008-0934 Nukec
PHP Nuke
SQL Injection vulnerability in multiple products

SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action.

7.5
2008-02-29 CVE-2008-1078 Gentoo
Rpath
Link Following vulnerability in multiple products

expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file.

7.2
2008-02-28 CVE-2008-0308 Symantec Resource Management Errors vulnerability in Symantec products

Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).

7.1

57 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-02-28 CVE-2008-1056 Symark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symark Powerbroker

Multiple stack-based buffer overflows in Symark PowerBroker 2.8 through 5.0.1 allow local users to gain privileges via a long argv[0] string when executing (1) pbrun, (2) pbsh, or (3) pbksh.

6.9
2008-02-26 CVE-2008-0923 Vmware Path Traversal vulnerability in VMWare products

Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing ..

6.9
2008-02-29 CVE-2008-1110 Xine Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib and Xine-Plugin

Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header.

6.8
2008-02-29 CVE-2008-1095 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Solaris and Sunos

Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly.

6.8
2008-02-29 CVE-2008-1081 Opera Code Injection vulnerability in Opera Browser

Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties.

6.8
2008-02-29 CVE-2008-1080 Opera Improper Input Validation vulnerability in Opera Browser

Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input.

6.8
2008-02-29 CVE-2008-1074 Group E Code Injection vulnerability in Group E Group E 1.6.41

PHP remote file inclusion vulnerability in lib/head_auth.php in GROUP-E 1.6.41 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[PREPEND_FILE] parameter.

6.8
2008-02-28 CVE-2008-1069 Quantum Game Library Code Injection vulnerability in Quantum Game Library Quantum Game Library 0.7.2C

Multiple PHP remote file inclusion vulnerabilities in Quantum Game Library 0.7.2c allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) server_request.php and (2) qlib/smarty.inc.php.

6.8
2008-02-28 CVE-2008-1068 Portail WEB PHP Code Injection vulnerability in Portail web PHP Portail web PHP

Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.php, and (3) Bleu/index.php in template/, different vectors than CVE-2008-0645.

6.8
2008-02-28 CVE-2008-1067 Phpqladmin Code Injection vulnerability in PHPqladmin 2.2.7

Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[path] parameter to (1) ezmlm.php and (2) tools/update_translations.php.

6.8
2008-02-28 CVE-2008-0411 Debian
Mandrakesoft
Redhat
Rpath
Suse
Ghostscript
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ghostscript 0/8.0.1/8.15

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

6.8
2008-02-28 CVE-2008-0309 Symantec Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec products

Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).

6.8
2008-02-27 CVE-2008-1051 Phpprofiles Code Injection vulnerability in PHPprofiles 4.5.2

PHP remote file inclusion vulnerability in include/body_comm.inc.php in phpProfiles 4.5.2 BETA allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.

6.8
2008-02-27 CVE-2008-1046 Quinsonnas Code Injection vulnerability in Quinsonnas Mail Checker 1.55

PHP remote file inclusion vulnerability in footer.php in Quinsonnas Mail Checker 1.55 allows remote attackers to execute arbitrary PHP code via a URL in the op[footer_body] parameter.

6.8
2008-02-27 CVE-2008-1042 Linux WEB Shop Path Traversal vulnerability in Linux web Shop PHP Download Manager

Directory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-02-27 CVE-2008-1038 Drbenhur COM Code Injection vulnerability in Drbenhur.Com Dbhcms 1.1.3/1.1.4

PHP remote file inclusion vulnerability in mod/mod.extmanager.php in DBHcms 1.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the extmanager_install parameter.

6.8
2008-02-25 CVE-2008-0937 Tinyevent
Xoops
SQL Injection vulnerability in multiple products

SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811.

6.8
2008-02-29 CVE-2008-0303 Canon Unspecified vulnerability in Canon products

The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce.

6.4
2008-02-27 CVE-2008-1054 Netwin Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netwin Surgemail

Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables.

6.4
2008-02-27 CVE-2008-1052 Netwin Buffer Errors vulnerability in Netwin Surgeftp 2.3A2

The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.

6.4
2008-02-25 CVE-2008-0981 Spyce Path Traversal vulnerability in Spyce 2.1.3

Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.

6.4
2008-02-25 CVE-2008-0982 Spyce Improper Input Validation vulnerability in Spyce 2.1.3

Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to obtain sensitive information via a direct request for spyce/examples/automaton.spy, which reveals the path in an error message.

5.8
2008-02-29 CVE-2007-6017 Symantec Improper Input Validation vulnerability in Symantec Backup Exec for Windows Server 11D/12.0

The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes the unsafe Save method, which allows remote attackers to cause a denial of service (browser crash), or create or overwrite arbitrary files, via string values of the (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, and (19) _MonthText11 properties.

5.1
2008-02-28 CVE-2008-1070 Wireshark Denial of Service vulnerability in Wireshark 0.99.7

The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.

5.0
2008-02-28 CVE-2008-1062 Intervideo Improper Input Validation vulnerability in Intervideo Windvd Media Center 2.11.15.0

InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with two CRLF sequences.

5.0
2008-02-26 CVE-2008-0983 Lighttpd Resource Management Errors vulnerability in Lighttpd

lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.

5.0
2008-02-26 CVE-2008-0597 Redhat
Easy Software Products
Resource Management Errors vulnerability in Easy Software products Cups 1.1.17/1.1.22

Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.

5.0
2008-02-26 CVE-2008-0596 Redhat
Easy Software Products
Resource Management Errors vulnerability in Easy Software products Cups 1.1.17/1.1.22

Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers.

5.0
2008-02-25 CVE-2008-0979 Double Take Software
HP
Resource Management Errors vulnerability in multiple products

Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain packet that triggers the recursive calling of a function.

5.0
2008-02-25 CVE-2008-0978 Double Take Software Information Exposure vulnerability in Double-Take Software Double-Take 4.5/5.0.0.2865

Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type (1) 0x2728, which provides operating system and path information; (2) 0x274e, which lists Ethernet adapters; (3) 0x2726, which provides filesystem information; (4) 0x274f, which specifies the printer driver; or (5) 0x2757, which provides recent log entries.

5.0
2008-02-25 CVE-2008-0977 Double Take Software Resource Management Errors vulnerability in Double-Take Software Double-Take 4.5/5.0.0.2865

Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain long packet that triggers an attempt to allocate a large amount of memory.

5.0
2008-02-25 CVE-2008-0976 Double Take Software
HP
Resource Management Errors vulnerability in multiple products

Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed packet, as demonstrated by a packet of type (1) 0x2722 or (2) 0x272a.

5.0
2008-02-25 CVE-2008-0975 Double Take Software Denial of Service and Information Disclosure vulnerability in Double-Take 4.5/5.0.0.2865

Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (CPU consumption) via a -1 value in the field that specifies the size of the vector<T> value.

5.0
2008-02-25 CVE-2008-0974 Double Take Software
HP
Resource Management Errors vulnerability in multiple products

Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon termination) via (1) a large vector<T> value, which raises a "vector<T> too long" exception; or (2) a certain packet that raises an ospace/time/src\date.cpp exception.

5.0
2008-02-25 CVE-2008-0944 Ipswitch Numeric Errors vulnerability in Ipswitch Instant Messaging 2.0.8.1

Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero.

5.0
2008-02-25 CVE-2008-0946 Ipswitch Path Traversal vulnerability in Ipswitch Imserver and Instant Messaging

Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a ..

4.9
2008-02-28 CVE-2008-1072 Wireshark Denial of Service vulnerability in Wireshark 0.99.7

The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug.

4.7
2008-02-25 CVE-2008-0938 SUN Information Exposure vulnerability in SUN Solaris 10

Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126.

4.7
2008-02-25 CVE-2008-0933 SUN Race Condition vulnerability in SUN Solaris 10.0

Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.

4.7
2008-02-29 CVE-2008-0595 D BUS
Mandrakesoft
RED HAT
Redhat
Permissions, Privileges, and Access Controls vulnerability in multiple products

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

4.6
2008-02-29 CVE-2008-1082 Opera Cross-Site Scripting vulnerability in Opera Browser

Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation.

4.3
2008-02-29 CVE-2008-1076 Interspire Cross-Site Scripting vulnerability in Interspire Shopping Cart 1

Cross-site scripting (XSS) vulnerability in search.php in Interspire Shopping Cart 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.

4.3
2008-02-29 CVE-2008-1075 Maianscriptworld Cross-Site Scripting vulnerability in Maianscriptworld Maian Cart 1.1

Cross-site scripting (XSS) vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command.

4.3
2008-02-29 CVE-2008-1073 Internet Security Systems Cross-Site Scripting vulnerability in Internet Security Systems Internet Scanner 7.0Sp2

Cross-site scripting (XSS) vulnerability in the report interface in Internet Security Systems (ISS) Internet Scanner 7.0 Service Pack 2 Build 7.2.2005.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-02-28 CVE-2008-1071 Wireshark Resource Management Errors vulnerability in Wireshark

The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.

4.3
2008-02-28 CVE-2008-1064 Xoops Cross-Site Scripting vulnerability in Xoops Rmsoft Gallery System 2.0

Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2008-02-28 CVE-2008-1063 Xoops Cross-Site Scripting vulnerability in Xoops Xm-Memberstats 2.0

Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter.

4.3
2008-02-28 CVE-2008-0124 S9Y Cross-Site Scripting vulnerability in S9Y Serendipity

Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.

4.3
2008-02-28 CVE-2008-1061 Wordpress Cross-Site Scripting vulnerability in Wordpress Sniplets Plugin 1.1.2/1.2.2

Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.

4.3
2008-02-27 CVE-2008-1048 Plume CMS Cross-Site Scripting vulnerability in Plume-Cms Plume CMS 1.2.2

Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.

4.3
2008-02-27 CVE-2008-1047 Tiki Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1

Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-02-27 CVE-2008-1045 Alkacon Cross-Site Scripting vulnerability in Alkacon Opencms 7.0.3

Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter.

4.3
2008-02-27 CVE-2008-1041 Matts Whois Cross-Site Scripting vulnerability in Matts Whois Matts Whois

Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter.

4.3
2008-02-27 CVE-2008-1037 Packeteer Cross-Site Scripting vulnerability in Packeteer Packetshaper and Policycenter

Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into an Error Report page.

4.3
2008-02-25 CVE-2008-0980 Spyce Cross-Site Scripting vulnerability in Spyce 2.1.3

Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python Server Pages (PSP) 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the url or type parameter to docs/examples/redirect.spy; (2) the x parameter to docs/examples/handlervalidate.spy; (3) the name parameter to spyce/examples/request.spy; (4) the Name parameter to spyce/examples/getpost.spy; (5) the mytextarea parameter, the mypass parameter, or an empty parameter to spyce/examples/formtag.spy; (6) the newline parameter to the default URI under demos/chat/; (7) the text1 parameter to docs/examples/formintro.spy; or (8) the mytext or mydate parameter to docs/examples/formtag.spy.

4.3
2008-02-25 CVE-2008-0941 Aeries Cross-Site Scripting vulnerability in Aeries Student Information System 3.7.2.2/3.8.2.8

Cross-site scripting (XSS) vulnerability in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote authenticated users to inject arbitrary web script or HTML via an event.

4.3
2008-02-25 CVE-2008-0940 Webgui Cross-Site Scripting vulnerability in Webgui

Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-02-25 CVE-2008-0945 Ipswitch USE of Externally-Controlled Format String vulnerability in Ipswitch Imserver and Instant Messaging

Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field.

3.5