Weekly Vulnerabilities Reports > March 10 to 16, 2008
Overview
120 new vulnerabilities reported during this period, including 37 critical vulnerabilities and 26 high severity vulnerabilities. This weekly summary report vulnerabilities in 104 products from 69 vendors including Microsoft, Linksys, Zyxel, Adobe, and Snom. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "SQL Injection", "Path Traversal", and "Code Injection".
- 116 reported vulnerabilities are remotely exploitables.
- 28 reported vulnerabilities have public exploit available.
- 53 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 115 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 12 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 10 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
37 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-03-14 | CVE-2008-1157 | Cisco | Improper Input Validation vulnerability in Cisco Ciscoworks Internetwork Performance Monitor 2.6 Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands. | 10.0 |
2008-03-14 | CVE-2008-1117 | Netopia | Path Traversal vulnerability in Netopia Timbuktu PRO 8.6.5 Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. | 10.0 |
2008-03-14 | CVE-2008-0532 | Cisco | Buffer Errors vulnerability in Cisco products Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors. | 10.0 |
2008-03-13 | CVE-2008-1320 | ASG | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in ASG Asg-Sentry Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (crash) via (1) a long request to FxIAList on TCP port 6162, or (2) an SNMP request with a long community string to FxAgent on UDP port 6161. | 10.0 |
2008-03-12 | CVE-2008-1310 | Packettrap | Path Traversal vulnerability in Packettrap Pt360 Tool Suite 1.1.33.1.0 Directory traversal vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to read and overwrite arbitrary files via directory traversal sequences in the pathname. | 10.0 |
2008-03-12 | CVE-2008-1307 | Kingsoft | Buffer Errors vulnerability in Kingsoft Antivirus Online Update Module 2007.12.29.29 Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in UpdateOcx2.dll in Beijing KingSoft Antivirus Online Update Module 2007.12.29.29 allows remote attackers to execute arbitrary code via a long argument to the SetUninstallName method. | 10.0 |
2008-03-10 | CVE-2008-1268 | Linksys | Improper Authentication vulnerability in Linksys Wrt54G 7 The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password. | 10.0 |
2008-03-10 | CVE-2008-1262 | Airspan | Improper Authentication vulnerability in Airspan Wimax Prost 4.1 The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/. | 10.0 |
2008-03-10 | CVE-2008-1256 | Zyxel | Remote Security vulnerability in P-660Hw The ZyXEL P-660HW series router has "admin" as its default password, which allows remote attackers to gain administrative access. | 10.0 |
2008-03-10 | CVE-2008-1255 | Zyxel | Permissions, Privileges, and Access Controls vulnerability in Zyxel P-660Hw The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user. | 10.0 |
2008-03-10 | CVE-2008-1252 | Deutsche Telekom | Information Exposure vulnerability in Deutsche Telekom Speedport W500 DSL Router b_banner.stm (aka the login page) on the Deutsche Telekom Speedport W500 DSL router allows remote attackers to obtain the logon password by reading the pwd field in the HTML source. | 10.0 |
2008-03-10 | CVE-2008-1247 | Linksys | Permissions, Privileges, and Access Controls vulnerability in Linksys Wrt54G The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. | 10.0 |
2008-03-10 | CVE-2008-1244 | Belkin | Improper Authentication vulnerability in Belkin F5D7230-4 cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. | 10.0 |
2008-03-10 | CVE-2008-1242 | Belkin | Permissions, Privileges, and Access Controls vulnerability in Belkin F5D7230-4 The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user, a different vulnerability than CVE-2005-3802. | 10.0 |
2008-03-10 | CVE-2008-1249 | Snom | Improper Input Validation vulnerability in Snom 320 SIP Phone snomControl.swf in the central phone server for the Snom 320 SIP Phone allows remote attackers to cause a denial of service (application crash and corruption of call logs) via a "'); (double quote, quote, close parenthesis, semicolon) sequence in the "Call a number" field. | 9.4 |
2008-03-13 | CVE-2008-1335 | Netbsd | Unspecified vulnerability in Netbsd and Netbsd Current The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905. | 9.3 |
2008-03-13 | CVE-2008-1319 | Versant | Remote Arbitrary Command Execution vulnerability in Versant Object Database 7.0.1 Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers to execute arbitrary commands via a request to TCP port 5019 with a modified VERSANT_ROOT field. | 9.3 |
2008-03-12 | CVE-2008-1309 | Realnetworks | Resource Management Errors vulnerability in Realnetworks Realplayer 10.0/10.5/11 The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory. | 9.3 |
2008-03-12 | CVE-2007-6253 | Adobe | Buffer Errors vulnerability in Adobe Form Client and Form Designer Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client 5.0 allow remote attackers to execute arbitrary code via unknown vectors in the (1) Adobe File Dialog Button (FileDlg.dll) and the (2) Adobe Copy to Server Object (SvrCopy.dll) ActiveX controls. | 9.3 |
2008-03-11 | CVE-2008-0307 | SAP | Numeric Errors vulnerability in SAP Maxdb 7.6.0.37 Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption. | 9.3 |
2008-03-11 | CVE-2008-0118 | Microsoft | Code Injection vulnerability in Microsoft Office Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability." | 9.3 |
2008-03-11 | CVE-2008-0117 | Microsoft | Remote Code Execution vulnerability in Microsoft Excel Conditional Formatting Values Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." | 9.3 |
2008-03-11 | CVE-2008-0116 | Microsoft | Improper Input Validation vulnerability in Microsoft products Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." | 9.3 |
2008-03-11 | CVE-2008-0115 | Microsoft | Code Injection vulnerability in Microsoft products Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability." | 9.3 |
2008-03-11 | CVE-2008-0114 | Microsoft | Code Injection vulnerability in Microsoft Excel, Excel Viewer and Office Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption. | 9.3 |
2008-03-11 | CVE-2008-0113 | Microsoft | Code Injection vulnerability in Microsoft Excel Viewer 2003 Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability." | 9.3 |
2008-03-11 | CVE-2008-0112 | Microsoft | Code Injection vulnerability in Microsoft Excel and Office Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability." | 9.3 |
2008-03-11 | CVE-2008-0111 | Microsoft | Code Injection vulnerability in Microsoft products Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability." | 9.3 |
2008-03-11 | CVE-2008-0110 | Microsoft | Code Injection vulnerability in Microsoft Office Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI. | 9.3 |
2008-03-11 | CVE-2007-1201 | Microsoft | Code Injection vulnerability in Microsoft products Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability." | 9.3 |
2008-03-10 | CVE-2008-1282 | B21Soft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in B21Soft Bfup Buffer overflow in the BFup ActiveX control (BFup.dll) in B21Soft BFup before 1.0.802.29 allows remote attackers to execute arbitrary code via a long FilePath parameter. | 9.3 |
2008-03-10 | CVE-2008-1259 | Zyxel | Improper Authentication vulnerability in Zyxel P-2602Hw-D1A The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated within the previous 5 minutes. | 9.3 |
2008-03-10 | CVE-2008-1250 | Snom | Cross-Site Request Forgery (CSRF) vulnerability in Snom 320 SIP Phone Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containing an XSS sequence. | 9.3 |
2008-03-10 | CVE-2008-1231 | Jspwiki | Path Traversal vulnerability in Jspwiki 2.4.104/2.5.139/2.5.139Beta Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to include and execute arbitrary local .jsp files, and obtain sensitive information, via a .. | 9.3 |
2008-03-10 | CVE-2008-1230 | Jspwiki | Permissions, Privileges, and Access Controls vulnerability in Jspwiki 2.4.104/2.5.139/2.5.139Beta Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified manipulation that attaches a .jsp file to an "entry page." Reference links suggest possible solution upgrade to latest version (2.6.1) at: http://www.jspwiki.org/wiki/JSPWikiDownload | 9.3 |
2008-03-10 | CVE-2008-1277 | Mailenable | Improper Input Validation vulnerability in Mailenable Enterprise and Mailenable Professional The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service (crash) via (1) SEARCH and (2) APPEND commands without required arguments, which triggers a NULL pointer dereference. | 9.0 |
2008-03-10 | CVE-2008-1276 | Mailenable | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mailenable Enterprise and Mailenable Professional Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allow remote authenticated attackers to execute arbitrary code via long arguments to the (1) FETCH, (2) EXAMINE, and (3) UNSUBSCRIBE commands. | 9.0 |
26 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-03-14 | CVE-2008-1338 | Perforce | Numeric Errors vulnerability in Perforce Server The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted. | 7.8 |
2008-03-13 | CVE-2008-1322 | ASG Sentry | Remote vulnerability in ASG-Sentry 7.0.0 The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection vulnerability. | 7.8 |
2008-03-11 | CVE-2008-1286 | SUN Linux | Unspecified vulnerability in SUN Java web Console 3.0.2/3.0.3/3.0.4 Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors. | 7.8 |
2008-03-10 | CVE-2008-1275 | Mailenable | Denial of Service vulnerability in Mailenable products Multiple unspecified vulnerabilities in the SMTP service in MailEnable Standard Edition 1.x, Professional Edition 3.x and earlier, and Enterprise Edition 3.x and earlier allow remote attackers to cause a denial of service (crash) via crafted (1) EXPN or (2) VRFY commands. | 7.8 |
2008-03-10 | CVE-2008-1267 | Siemens | Numeric Errors vulnerability in Siemens Speedstream 6520 The Siemens SpeedStream 6520 router allows remote attackers to cause a denial of service (web interface crash) via an HTTP request to basehelp_English.htm with a large integer in the Content-Length field. | 7.8 |
2008-03-10 | CVE-2008-1265 | Linksys | Improper Input Validation vulnerability in Linksys Wrt54G The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. | 7.8 |
2008-03-10 | CVE-2008-1245 | Belkin | Improper Input Validation vulnerability in Belkin F5D7230-4 cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service (control center outage) via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header. | 7.8 |
2008-03-14 | CVE-2008-1118 | Netopia | Improper Input Validation vulnerability in Netopia Timbuktu PRO 8.6.5 Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields. | 7.5 |
2008-03-13 | CVE-2008-1336 | Koobi | SQL Injection vulnerability in Koobi CMS SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows remote attackers to execute arbitrary SQL commands via the categ parameter in a links action to index.php, a different vector than CVE-2008-1122. | 7.5 |
2008-03-13 | CVE-2008-1334 | BT | Improper Authentication vulnerability in BT Home HUB cgi/b on the BT Home Hub router allows remote attackers to bypass authentication, and read or modify administrative settings or make arbitrary VoIP telephone calls, by placing a character at the end of the PATH_INFO, as demonstrated by (1) %5C (encoded backslash), (2) '%' (percent), and (3) '~' (tilde). | 7.5 |
2008-03-13 | CVE-2007-6709 | Linksys | Permissions, Privileges, and Access Controls vulnerability in Linksys Wag54Gs 1.00.06 The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. | 7.5 |
2008-03-13 | CVE-2008-1325 | Leinir Turthra | Path Traversal vulnerability in Leinir Turthra Uberghey CMS 0.3.1 Multiple directory traversal vulnerabilities in index.php in Uberghey CMS 0.3.1 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-03-13 | CVE-2008-1324 | Leinir | Path Traversal vulnerability in Leinir Travelsized CMS 0.4.1 Multiple directory traversal vulnerabilities in index.php in Travelsized CMS 0.4.1 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-03-12 | CVE-2008-1314 | Johannes Hass Phpnuke | SQL Injection vulnerability in Johannes Hass Gaestebuch Module 2.2 SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php. | 7.5 |
2008-03-12 | CVE-2008-1313 | Bill Roberts | SQL Injection vulnerability in Bill Roberts Bloo Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) post_id, (2) post_category_id, (3) post_year_month, and (4) static_page_id parameters; and unspecified other vectors. | 7.5 |
2008-03-12 | CVE-2008-1308 | Phpnuke Sudirman Angriawan | SQL Injection vulnerability in Sudirman Angriawan Nukec30 3.0 SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php. | 7.5 |
2008-03-12 | CVE-2008-1305 | Chieminger Phpbb | SQL Injection vulnerability in Chieminger Filebase Module 2.0 SQL injection vulnerability in filebase.php in the Filebase mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-03-12 | CVE-2008-1297 | Ewriting Joomla Mambo | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action. | 7.5 |
2008-03-12 | CVE-2008-1203 | Adobe | Unspecified vulnerability in Adobe Coldfusion 7.0/8.0 The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection. | 7.5 |
2008-03-11 | CVE-2008-0301 | Mapbender | SQL Injection vulnerability in Mapbender Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors. | 7.5 |
2008-03-10 | CVE-2008-1272 | Bmscripts | SQL Injection vulnerability in Bmscripts BM Classifieds Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter to pfriendly.php. | 7.5 |
2008-03-10 | CVE-2008-1264 | Linksys | Improper Authentication vulnerability in Linksys Wrt54G The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file. | 7.5 |
2008-03-10 | CVE-2008-1227 | Silc | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Silc Toolkit Stack-based buffer overflow in the silc_fingerprint function in lib/silcutil/silcutil.c in Secure Internet Live Conferencing (SILC) Toolkit 1.1.5, and unspecified earlier versions, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via long input data. | 7.5 |
2008-03-10 | CVE-2008-1223 | Dokeos | Remote Code Execution and Cross-Site Scripting vulnerability in Dokeos Open Source Learning and Knowledge Management Tool 1.8.4 Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified vectors. | 7.5 |
2008-03-10 | CVE-2008-1220 | Phpnuke | SQL Injection vulnerability in PHPnuke 4Nchat 0.91 SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. | 7.5 |
2008-03-10 | CVE-2008-1269 | Alice | Improper Authentication vulnerability in Alice Gate2 Plus Wi-Fi cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request. | 7.1 |
57 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-03-11 | CVE-2008-0306 | SAP | Local Privilege Escalation vulnerability in SAP Maxdb 7.6.0.37 sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings. | 6.9 |
2008-03-10 | CVE-2008-1274 | IBM | Local Privilege Escalation vulnerability in IBM AIX 6.1.0 Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows local users to execute arbitrary code via a malicious program in the man directory. | 6.9 |
2008-03-13 | CVE-2008-1323 | Woltlab | Cross-Site Request Forgery (CSRF) vulnerability in Woltlab Burning Board Lite 2.0 Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete action. | 6.8 |
2008-03-13 | CVE-2008-1316 | QT Cute | SQL Injection vulnerability in Qt-Cute Quicktalk Forum 1.3/1.4/1.5.0.3 SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickTalk Forum 1.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.8 |
2008-03-12 | CVE-2008-1295 | Gregory Kokanosky | SQL Injection vulnerability in Gregory Kokanosky PHPmynewsletter SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msg_id parameter. | 6.8 |
2008-03-11 | CVE-2008-0300 | Mapbender | Code Injection vulnerability in Mapbender mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences. | 6.8 |
2008-03-10 | CVE-2008-1218 | Dovecot | Credentials Management vulnerability in Dovecot Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified. | 6.8 |
2008-03-10 | CVE-2008-1254 | Zyxel | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel P-660Hw Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors. | 6.8 |
2008-03-11 | CVE-2008-1284 | Horde | Path Traversal vulnerability in Horde Groupware, Groupware Webmail Edition and Horde Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. | 6.0 |
2008-03-10 | CVE-2008-1248 | Snom | Cross-Site Request Forgery (CSRF) vulnerability in Snom 320 SIP Phone The web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to make arbitrary phone calls via the "Call a number" field. | 5.8 |
2008-03-14 | CVE-2008-1337 | Netopia | Improper Input Validation vulnerability in Netopia Timbuktu PRO 8.6.5 The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of service (CPU consumption and daemon termination) via an invalid or partial message. | 5.0 |
2008-03-13 | CVE-2008-1321 | ASG Sentry | Improper Authentication vulnerability in Asg-Sentry The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier does require authentication, which allows remote attackers to cause a denial of service (service termination) via the exit command to TCP port 6162, or have other impacts via other commands. | 5.0 |
2008-03-13 | CVE-2008-1318 | Mediawiki | Information Exposure vulnerability in Mediawiki 1.11/1.11.1 Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results. | 5.0 |
2008-03-12 | CVE-2008-1312 | Packettrap | Remote Denial of Service vulnerability in Packettrap Pt360 Tool Suite 1.1.33.1.0 Unspecified vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to cause a denial of service (daemon crash) via a long TFTP packet, a different vulnerability than CVE-2008-1311. | 5.0 |
2008-03-12 | CVE-2008-1311 | Packettrap | Improper Input Validation vulnerability in Packettrap Pt360 Tool Suite PRO The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '"' (quotation mark), or (3) "<>" (less than, greater than); or (4) a file with a long name. | 5.0 |
2008-03-12 | CVE-2008-1303 | Perforce | Improper Input Validation vulnerability in Perforce Server The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference. | 5.0 |
2008-03-12 | CVE-2008-1302 | Microsoft Perforce | Numeric Errors vulnerability in Perforce Server The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access. | 5.0 |
2008-03-12 | CVE-2008-0644 | Adobe | Cross-Site Scripting vulnerability in Adobe ColdFusion Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function. | 5.0 |
2008-03-11 | CVE-2008-1288 | IBM | Information Exposure vulnerability in IBM Rational Clearquest 7.0.0.2/7.0.1.1 IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies. | 5.0 |
2008-03-11 | CVE-2008-1287 | IBM | Configuration vulnerability in IBM Rational Clearquest 7.0.0.2/7.0.1.1 IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames. | 5.0 |
2008-03-10 | CVE-2008-1281 | Argontechnology | Path Traversal vulnerability in Argontechnology Client Management Services Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. | 5.0 |
2008-03-10 | CVE-2008-1280 | Acronis | Improper Input Validation vulnerability in Acronis True Image and True Image Windows Agent Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference. | 5.0 |
2008-03-10 | CVE-2008-1279 | Acronis | Improper Input Validation vulnerability in Acronis True Image Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read. | 5.0 |
2008-03-10 | CVE-2008-1278 | Remotelyanywhere | Improper Input Validation vulnerability in Remotelyanywhere The RemotelyAnywhere.exe service in the Remotely Anywhere Server and Workstation 8.0.668 and earlier allows remote attackers to cause a denial of service (crash) via an invalid Accept-Charset header, which triggers a NULL pointer dereference. | 5.0 |
2008-03-10 | CVE-2008-1270 | Lighttpd | Information Exposure vulnerability in Lighttpd mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. | 5.0 |
2008-03-10 | CVE-2008-1261 | Zyxel | Remote Security vulnerability in Zyxel P-2602Hw-D1A 3.40(Ajz.1) The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI. | 5.0 |
2008-03-10 | CVE-2008-1221 | Microworld Technologies | Path Traversal vulnerability in Microworld Technologies Escan, Escan Management Console and Escan Server Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command. | 5.0 |
2008-03-13 | CVE-2008-1317 | SUN | Local Denial of Service vulnerability in SUN Solaris 10 Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues. | 4.9 |
2008-03-12 | CVE-2008-0890 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Directory Server Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors. | 4.6 |
2008-03-14 | CVE-2008-0533 | Cisco | Cross-Site Scripting vulnerability in Cisco products Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors. | 4.3 |
2008-03-13 | CVE-2007-6708 | Linksys | Cross-Site Request Forgery (CSRF) vulnerability in Linksys Wag54Gs 1.00.06 Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi. | 4.3 |
2008-03-13 | CVE-2007-6707 | Linksys | Cross-Site Scripting vulnerability in Linksys Wag54Gs 1.00.06 Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574. | 4.3 |
2008-03-13 | CVE-2008-1326 | Gallarific | Cross-Site Scripting vulnerability in Gallarific Cross-site scripting (XSS) vulnerability in search.php in Gallarific allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |
2008-03-12 | CVE-2008-1306 | Besavvy | Cross-Site Scripting vulnerability in Besavvy Savvy Content Manager Multiple cross-site scripting (XSS) vulnerabilities in Savvy Content Manager (CM) allow remote attackers to inject arbitrary web script or HTML via the searchterms parameter to (1) searchresults.cfm, (2) search_results.cfm, and (3) search_results/index.cfm. | 4.3 |
2008-03-12 | CVE-2008-1304 | Wordpress | Cross-Site Scripting vulnerability in Wordpress 2.3.2 Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php. | 4.3 |
2008-03-12 | CVE-2008-1300 | Alkacon | Cross-Site Scripting vulnerability in Alkacon Opencms 7.0.3/7.0.4 Cross-site scripting (XSS) vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a different vector than CVE-2008-1045. | 4.3 |
2008-03-12 | CVE-2008-1299 | Microsoft Manageengine | Cross-Site Scripting vulnerability in Manageengine Servicedesk Plus 7.0.0 Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. | 4.3 |
2008-03-12 | CVE-2008-1296 | Encaps | Cross-Site Scripting vulnerability in Encaps Encapsgallery 1.11.2 Multiple cross-site scripting (XSS) vulnerabilities in EncapsGallery 1.11.2 allow remote attackers to inject arbitrary web script or HTML via the file parameter to (1) watermark.php and (2) catalog_watermark.php in core/. | 4.3 |
2008-03-12 | CVE-2008-1202 | Adobe | Cross-Site Scripting vulnerability in Adobe Livecycle Workflow 6.2 Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2008-03-12 | CVE-2008-0643 | Adobe | Cross-Site Scripting vulnerability in Adobe Coldfusion Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-03-11 | CVE-2008-1285 | SUN | Cross-Site Scripting vulnerability in SUN JSF Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2008-03-11 | CVE-2008-1283 | Silver Forge | Cross-Site Scripting vulnerability in Silver-Forge Neptune web Server 3.0 Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 allows remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in the 404 error page. | 4.3 |
2008-03-10 | CVE-2008-1273 | Imagevue | Cross-Site Scripting vulnerability in Imagevue 1.7 Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. | 4.3 |
2008-03-10 | CVE-2008-1260 | Zyxel | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel P-2602Hw-D1A Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware allow remote attackers to (1) make the admin web server available on the Internet (WAN) interface via the WWWAccessInterface parameter to Forms/RemMagWWW_1 or (2) change the IP whitelisting timeout via the StdioTimout parameter to Forms/rpSysAdmin_1. | 4.3 |
2008-03-10 | CVE-2008-1258 | D Link | Cross-Site Scripting vulnerability in D-Link Di-604 Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter. | 4.3 |
2008-03-10 | CVE-2008-1257 | Zyxel | Cross-Site Scripting vulnerability in Zyxel products Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter. | 4.3 |
2008-03-10 | CVE-2008-1253 | D Link | Cross-Site Scripting vulnerability in D-Link Dsl-G604T Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page. | 4.3 |
2008-03-10 | CVE-2008-1251 | Snom | Cross-Site Scripting vulnerability in Snom 320 SIP Phone Cross-site scripting (XSS) vulnerability in the web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-03-10 | CVE-2008-1243 | Linksys | Cross-Site Scripting vulnerability in Linksys Wrt300N Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI. | 4.3 |
2008-03-10 | CVE-2008-1229 | Jspwiki | Cross-Site Scripting vulnerability in Jspwiki 2.4.104/2.5.139/2.5.139Beta Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML via the editor parameter, a different vector than CVE-2007-5120.b. | 4.3 |
2008-03-10 | CVE-2008-1228 | Minigal | Cross-Site Scripting vulnerability in Minigal MG2 Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly Minigal) allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action. | 4.3 |
2008-03-10 | CVE-2008-1226 | Zimbra | Cross-Site Scripting vulnerability in Zimbra Collaboration Suite 4.0.3/4.5.6 Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image attachment. | 4.3 |
2008-03-10 | CVE-2008-1225 | Webct | Cross-Site Scripting vulnerability in Webct 4.1.5.8 Multiple cross-site scripting (XSS) vulnerabilities in WebCT Campus Edition 4.1.5.8, when "Don't wrap text" is enabled, allow remote authenticated users to inject arbitrary web script or HTML via a (1) mail message or (2) discussion board message. | 4.3 |
2008-03-10 | CVE-2008-1224 | Bosdev | Cross-Site Scripting vulnerability in Bosdev Bosclassifieds Classified ADS 3.0 Cross-site scripting (XSS) vulnerability in account.php in BosClassifieds Classified Ads System 3.0 allows remote attackers to inject arbitrary web script or HTML via the returnTo parameter. | 4.3 |
2008-03-10 | CVE-2008-1222 | Dokeos | Cross-Site Scripting vulnerability in Dokeos Open Source Learning and Knowledge Management Tool 1.8.4 Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-03-12 | CVE-2008-1301 | Alkacon | Path Traversal vulnerability in Alkacon Opencms 7.0.3/7.0.4 Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter. | 4.0 |
2008-03-10 | CVE-2008-1263 | Linksys | Cryptographic Issues vulnerability in Linksys Wrt54G The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI. | 4.0 |
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|