Weekly Vulnerabilities Reports > March 3 to 9, 2008

Overview

99 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 16 high severity vulnerabilities. This weekly summary report vulnerabilities in 93 products from 72 vendors including SUN, IBM, Deslock, Linux, and Openbsd. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", and "SQL Injection".

  • 84 reported vulnerabilities are remotely exploitables.
  • 21 reported vulnerabilities have public exploit available.
  • 35 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 97 reported vulnerabilities are exploitable by an anonymous user.
  • SUN has the most reported vulnerabilities, with 15 reported vulnerabilities.
  • SUN has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

15 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-03-05 CVE-2008-1167 Sarg Buffer Errors vulnerability in Sarg Squid Analysis Report Generator 2.2.3.1

Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header.

10.0
2008-03-04 CVE-2007-6703 Synce Denial Of Service vulnerability in SynCE 'vdccm' Daemon Remote

Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) might allow attackers to cause a denial of service via unspecified vectors.

10.0
2008-03-09 CVE-2008-1217 IBM Code Injection vulnerability in IBM Lotus Notes 6.5/7.0.2/8.0.0

Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote attackers to execute arbitrary code via a crafted attachment in an e-mail message sent over SMTP, a variant of CVE-2007-6706.

9.3
2008-03-09 CVE-2007-6706 IBM Code Injection vulnerability in IBM Lotus Notes

Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP.

9.3
2008-03-08 CVE-2008-1210 Pnotepad Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pnotepad Programmers Notepad

Stack-based buffer overflow in the ctags parsing code in Programmer's Notepad before 2.0.8.718 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted .c file, when the victim selects the Jump To dialog.

9.3
2008-03-06 CVE-2008-1200 Microsoft Remote vulnerability in Microsoft Jet Database Engine MDB File Parsing

Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll).

9.3
2008-03-06 CVE-2008-1195 SUN
Canonical
7PK - Security Features vulnerability in multiple products

Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.

9.3
2008-03-06 CVE-2008-1193 SUN Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE

Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.

9.3
2008-03-06 CVE-2008-1190 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue.

9.3
2008-03-06 CVE-2008-1188 SUN Buffer Errors vulnerability in SUN JDK and JRE

Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."

9.3
2008-03-06 CVE-2008-1186 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue."

9.3
2008-03-06 CVE-2008-1185 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186, aka "the first issue."

9.3
2008-03-04 CVE-2008-1136 Synce Improper Input Validation vulnerability in Synce 0.10.0/0.92

The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679.

9.3
2008-03-03 CVE-2008-1120 ICQ USE of Externally-Controlled Format String vulnerability in ICQ Mirabilis ICQ 6

Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation.

9.3
2008-03-03 CVE-2008-1116 Rising Antivirus International Remote Code Execution vulnerability in Rising Antivirus International Rising web Scan Object 18.0.7

Insecure method vulnerability in the Web Scan Object ActiveX control (OL2005.dll) in Rising Antivirus Online Scanner allows remote attackers to force the download and execution of arbitrary code by setting the BaseURL property and invoking the UpdateEngine method.

9.3

16 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-03-05 CVE-2008-1169 Simm Comm Path Traversal vulnerability in Simm-Comm SCI Photo Chat

Directory traversal vulnerability in the embedded HTTP server in SCI Photo Chat Server 3.4.9 and earlier allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot forward slash) in the GET command.

7.8
2008-03-03 CVE-2008-1113 Cisco
Vocera Communications
Information Exposure vulnerability in Vocera Communications Vocera Communications Badge

Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.

7.8
2008-03-08 CVE-2008-1214 Linux
Numara
Code Injection vulnerability in Numara Footprints 8.1

MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allows remote attackers to execute arbitrary code via shell metacharacters in the PROJECTNUM parameter.

7.5
2008-03-06 CVE-2008-1177 Affiliate Market SQL Injection vulnerability in Affiliate Market Affiliate Market 0.1Beta

SQL injection vulnerability in shop/detail.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-03-06 CVE-2008-0986 Google Numeric Errors vulnerability in Google Android SDK M5Rc14

Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.

7.5
2008-03-05 CVE-2008-1164 Phpcomasy SQL Injection vulnerability in PHPcomasy 0.8

SQL injection vulnerability in index.php in phpComasy 0.8 allows remote attackers to execute arbitrary SQL commands via the mod_project_id parameter in a project_detail action.

7.5
2008-03-05 CVE-2008-1163 Phparcadescript SQL Injection vulnerability in PHParcadescript 1.0/2.0/3.0

SQL injection vulnerability in index.php in phpArcadeScript 1.0 through 3.0 RC2 allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action.

7.5
2008-03-05 CVE-2008-1162 PHP WEB Scripts SQL Injection vulnerability in PHP web Scripts Dynamic Photo Gallery 1.0.2

SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Photo Gallery 1.02 allows remote attackers to execute arbitrary SQL commands via the albumID parameter.

7.5
2008-03-04 CVE-2008-1137 Joomla
Mambo
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

7.5
2008-03-04 CVE-2008-1079 Beehive Software Unspecified vulnerability in Beehive Software Sendfile.Net

The outboxWriteUnsent function in FTPThread.class in SendFile.jar for Beehive Software SendFile.NET uses hard-coded credentials for an FTP server, which allows remote attackers to gain privileges.

7.5
2008-03-03 CVE-2008-1122 Dream4 SQL Injection vulnerability in Dream4 Koobi PRO 5.7

SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php.

7.5
2008-03-03 CVE-2008-1121 Eazyportal SQL Injection vulnerability in Eazyportal

SQL injection vulnerability in index.php in eazyPortal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the session_vars cookie.

7.5
2008-03-04 CVE-2008-1140 Deslock Permissions, Privileges, and Access Controls vulnerability in Deslock

DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \\.\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the "ring0 SYSTEM" vulnerability.

7.2
2008-03-04 CVE-2008-1139 Deslock Permissions, Privileges, and Access Controls vulnerability in Deslock

DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, aka the "ring0 link list zero SYSTEM" vulnerability.

7.2
2008-03-04 CVE-2008-0930 Debian
Freshmeat
Link Following vulnerability in Freshmeat Xwine 1.0.1

w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file.

7.2
2008-03-06 CVE-2008-1198 Redhat Unspecified vulnerability in Redhat Enterprise Linux 3.0/4.0/5.0

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.

7.1

63 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-03-09 CVE-2008-1216 IBM Improper Input Validation vulnerability in IBM Lotus Quickr Server 8.0

IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element.

6.8
2008-03-06 CVE-2008-1196 SUN Buffer Errors vulnerability in SUN Jdk, JRE and SDK

Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file.

6.8
2008-03-06 CVE-2008-1192 SUN 7PK - Security Features vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors.

6.8
2008-03-06 CVE-2008-1191 SUN Unspecified vulnerability in SUN JDK and JRE

Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue."

6.8
2008-03-06 CVE-2008-1189 SUN Buffer Errors vulnerability in SUN Jdk, JRE and SDK

Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue.

6.8
2008-03-06 CVE-2008-1187 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.

6.8
2008-03-06 CVE-2008-0985 Google Buffer Errors vulnerability in Google Android SDK M3Rc37A

Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.

6.8
2008-03-06 CVE-2008-0072 Linux
Gnome
USE of Externally-Controlled Format String vulnerability in Gnome Evolution

Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.

6.8
2008-03-05 CVE-2008-1170 Kcwiki Code Injection vulnerability in Kcwiki 1.0

Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php.

6.8
2008-03-05 CVE-2008-1097 Imagemagick Resource Management Errors vulnerability in Imagemagick Graphicsmagick and Imagemagick

Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.

6.8
2008-03-05 CVE-2008-1096 Imagemagick Buffer Errors vulnerability in Imagemagick Graphicsmagick and Imagemagick

The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.

6.8
2008-03-04 CVE-2008-1148 Apple
Dragonflybsd
Freebsd
Netbsd
Openbsd
Cosmicperl
Darwin
Navision
A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values.
6.8
2008-03-04 CVE-2008-1146 Apple
Dragonflybsd
Freebsd
Netbsd
Openbsd
Cosmicperl
Darwin
Navision
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values.
6.8
2008-03-03 CVE-2008-1128 Phpmytourney Code Injection vulnerability in PHPmytourney 2

PHP remote file inclusion vulnerability in tourney/index.php in phpMyTourney 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

6.8
2008-03-03 CVE-2008-1126 Barryvan Compo Code Injection vulnerability in Barryvan Compo Barryvan Compo Manager 0.3

PHP remote file inclusion vulnerability in main.php in Barryvan Compo Manager 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the pageURL parameter.

6.8
2008-03-03 CVE-2008-1124 Podcast Generator Code Injection vulnerability in Podcast Generator Podcast Generator

Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to (1) components/xmlparser/loadparser.php; (2) admin.php, (3) categories.php, (4) categories_add.php, (5) categories_remove.php, (6) edit.php, (7) editdel.php, (8) ftpfeature.php, (9) login.php, (10) pgRSSnews.php, (11) showcat.php, and (12) upload.php in core/admin/; and (13) archive_cat.php, (14) archive_nocat.php, and (15) recent_list.php in core/.

6.8
2008-03-03 CVE-2008-1123 Sitebuilder Code Injection vulnerability in Sitebuilder Elite 1.2

Multiple PHP remote file inclusion vulnerabilities in SiteBuilder Elite 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the CarpPath parameter to (1) files/carprss.php and (2) files/amazon-bestsellers.php.

6.8
2008-03-03 CVE-2007-6252 Learn2 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Learn2 Strunner

Multiple stack-based buffer overflows in the Learn2 Corporation STRunner (aka Street Technologies) ActiveX control in iestm32.dll allow remote attackers to execute arbitrary code via unspecified vectors.

6.8
2008-03-04 CVE-2008-1130 IBM Improper Authentication vulnerability in IBM Websphere MQ 5.3/6

Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel.

6.6
2008-03-04 CVE-2008-1134 Omegasoft Improper Authentication vulnerability in Omegasoft Interneserviceslosungen 7

OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports authentication with a cookie that lacks a shared secret, which allows remote attackers to login as an arbitrary user via a modified cookie.

6.4
2008-03-04 CVE-2008-0931 Debian
Xwine
Permissions, Privileges, and Access Controls vulnerability in Xwine 1.0.1

w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file.

6.3
2008-03-03 CVE-2008-1127 Crytek USE of Externally-Controlled Format String vulnerability in Crytek Crysis 1.1.1.5879

Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed.

6.0
2008-03-04 CVE-2008-1149 Phpmyadmin Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin

phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.

5.1
2008-03-08 CVE-2008-1207 Fujitsu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fujitsu products

Multiple unspecified vulnerabilities in Fujitsu Interstage Smart Repository, as used in multiple Fujitsu Interstage products, allow remote attackers to cause a denial of service (daemon crash) via (1) an invalid request or (2) a large amount of data sent to the registered attribute value.

5.0
2008-03-06 CVE-2008-1184 Dnssec Tools Credentials Management vulnerability in Dnssec-Tools

The DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks.

5.0
2008-03-06 CVE-2008-1181 Juniper Information Exposure vulnerability in Juniper Secure Access 2000 5.5

Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message.

5.0
2008-03-05 CVE-2008-1166 Flyspray Information Exposure vulnerability in Flyspray

Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

5.0
2008-03-05 CVE-2008-1099 Moinmoin Permissions, Privileges, and Access Controls vulnerability in Moinmoin

_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages.

5.0
2008-03-04 CVE-2008-1111 Lighttpd Information Exposure vulnerability in Lighttpd 1.4.18

mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information.

5.0
2008-03-04 CVE-2008-1135 Omegasoft Information Exposure vulnerability in Omegasoft Interneserviceslosungen 7

OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames.

5.0
2008-03-04 CVE-2007-6702 Goahead Software Information Exposure vulnerability in Goahead Software Fs4104-Aw Device and Goahead Webserver

goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603.

5.0
2008-03-03 CVE-2008-1125 Podcast Generator Path Traversal vulnerability in Podcast Generator Podcast Generator

Multiple directory traversal vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to read arbitrary files via a ..

5.0
2008-03-03 CVE-2008-1119 Centreon Path Traversal vulnerability in Centreon

Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2008-03-08 CVE-2008-1205 SUN Local Denial of Service vulnerability in SUN Solaris 10

Unspecified vulnerability in the ipsecah kernel module in Sun Solaris 10, when a key management daemon for IPsec security associations is running, allows local users to cause a denial of service (panic) via unspecified vectors.

4.9
2008-03-04 CVE-2008-1141 Deslock Resource Management Errors vulnerability in Deslock

Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (kernel memory consumption) via a series of DLMFENC_IOCTL requests to \\.\DLKPFSD_Device that allocate "link list structures."

4.9
2008-03-04 CVE-2008-1138 Deslock Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Deslock

DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (system crash) via a certain ZERO_MEM DLMFENC_IOCTL request to \\.\DLKPFSD_Device, aka the "ring0 link list zero" vulnerability.

4.9
2008-03-03 CVE-2008-1115 SUN Local Denial of Service vulnerability in SUN Solaris 8

Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands.

4.9
2008-03-04 CVE-2008-1132 NET Activity Viewer Permissions, Privileges, and Access Controls vulnerability in NET Activity Viewer NET Activity Viewer 0.2.1

Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action.

4.7
2008-03-03 CVE-2008-0928 Qemu Permissions, Privileges, and Access Controls vulnerability in Qemu

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.

4.7
2008-03-09 CVE-2008-1215 Freebsd
Netbsd
Openbsd
Permissions, Privileges, and Access Controls vulnerability in multiple products

Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters.

4.6
2008-03-06 CVE-2008-1199 Dovecot Configuration vulnerability in Dovecot

Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.

4.4
2008-03-08 CVE-2008-1213 Linux
Numara
Cross-Site Scripting vulnerability in Numara Footprints 8.1

Cross-site scripting (XSS) vulnerability in Numara FootPrints for Linux 8.1 allows remote attackers to inject arbitrary web script or HTML via the Title form field when setting an appointment.

4.3
2008-03-08 CVE-2008-1212 Podcast Generator Cross-Site Scripting vulnerability in Podcast Generator Podcast Generator 0.96.2

Cross-site scripting (XSS) vulnerability in set_permissions.php in Podcast Generator 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the scriptlang parameter.

4.3
2008-03-08 CVE-2008-1211 Bosdev Cross-Site Scripting vulnerability in Bosdev Bosdates

Cross-site scripting (XSS) vulnerability in BosDates 3.x and 4.x allows remote attackers to inject arbitrary web script or HTML via (1) the type parameter in calendar.php and (2) the category parameter in calendar_search.php.

4.3
2008-03-08 CVE-2008-1209 Xitex Cross-Site Scripting vulnerability in Xitex Webcontent M1

Cross-site scripting (XSS) vulnerability in redirect.do in Xitex WebContent M1 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.

4.3
2008-03-08 CVE-2008-1208 Checkpoint Cross-Site Scripting vulnerability in Checkpoint Vpn-1 UTM Edge W Embedded NGX 7.0.48

Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter.

4.3
2008-03-08 CVE-2008-1204 SUN Cross-Site Scripting vulnerability in SUN Java System Access Manager 7.0/7.02005Q4/7.1

Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows.

4.3
2008-03-06 CVE-2008-1194 SUN Unspecified vulnerability in SUN JDK and JRE

Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.

4.3
2008-03-06 CVE-2008-1183 Crafty Syntax Live Help Cross-Site Scripting vulnerability in Crafty Syntax Live Help Crafty Syntax Live Help 2.4.13/2.4.14/2.4.15

Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax Live Help (CSLH) before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) livehelp.php, (2) user_questions.php, and (3) leavemessage.php.

4.3
2008-03-06 CVE-2008-1182 BSD Perimeter Cross-Site Scripting vulnerability in BSD Perimeter Pfsense 1.0.1/1.2

Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-03-06 CVE-2008-1180 Juniper Cross-Site Scripting vulnerability in Juniper Secure Access 2000 5.5

Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the delivery_mode parameter.

4.3
2008-03-06 CVE-2008-1179 Centreon Cross-Site Scripting vulnerability in Centreon

Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters.

4.3
2008-03-06 CVE-2008-1178 Centreon Path Traversal vulnerability in Centreon

Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a ..

4.3
2008-03-06 CVE-2008-1175 Flicks Software Cross-Site Scripting vulnerability in Flicks Software Authentix 6.3B1

Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter to aspAdmin/deleteUser.asp, a different vector than CVE-2008-1174.

4.3
2008-03-06 CVE-2008-1174 Flicks Software Cross-Site Scripting vulnerability in Flicks Software Authentix 6.3B1

Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter.

4.3
2008-03-06 CVE-2008-1173 Torrenttrader Cross-Site Scripting vulnerability in Torrenttrader and Torrenttrader Classic

Cross-site scripting (XSS) vulnerability in account-inbox.php in TorrentTrader Classic 1.08 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2008-03-06 CVE-2008-1172 Torrenttrader Cross-Site Request Forgery (CSRF) vulnerability in Torrenttrader and Torrenttrader Classic

Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php in TorrentTrader Classic 1.08 allow remote attackers to perform certain actions as other users, as demonstrated by sending messages.

4.3
2008-03-05 CVE-2008-1168 Sarg Cross-Site Scripting vulnerability in Sarg Squid Analysis Report Generator 2.2.3.1

Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log.

4.3
2008-03-05 CVE-2008-1165 Flyspray Cross-Site Scripting vulnerability in Flyspray

Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php.

4.3
2008-03-05 CVE-2008-1098 Moinmoin Cross-Site Scripting vulnerability in Moinmoin

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name.

4.3
2008-03-04 CVE-2008-1133 Drupal Cross-Site Scripting vulnerability in Drupal

The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

4.3
2008-03-04 CVE-2008-1129 Xrms CRM Cross-Site Scripting vulnerability in Xrms CRM Xrms 1.99.2

Cross-site scripting (XSS) vulnerability in admin/users/self.php in XRMS CRM allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2008-03-03 CVE-2008-1114 Vocera Improper Input Validation vulnerability in Vocera Wireless Handset

Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.

4.3

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-03-06 CVE-2008-0883 Suse
Adobe
Link Following vulnerability in Adobe Acrobat Reader 8.1.2

acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.

3.7
2008-03-04 CVE-2008-1131 Drupal Cross-Site Scripting vulnerability in Drupal 6.0

Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms.

3.5
2008-03-09 CVE-2007-6705 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ

The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.

3.3
2008-03-06 CVE-2008-1176 Affiliate Market Cross-Site Scripting vulnerability in Affiliate Market Affiliate Market 0.1Beta

Cross-site scripting (XSS) vulnerability in function/sideblock.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to inject arbitrary web script or HTML via the sideblock4 parameter.

2.6
2008-03-05 CVE-2007-6704 F5 Cross-Site Scripting vulnerability in F5 Firepass 4100

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.

2.6