Weekly Vulnerabilities Reports > March 10 to 16, 2008

Overview

127 new vulnerabilities reported during this period, including 38 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 111 products from 72 vendors including Microsoft, Linksys, Zyxel, Adobe, and Cisco. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Path Traversal".

  • 122 reported vulnerabilities are remotely exploitables.
  • 28 reported vulnerabilities have public exploit available.
  • 57 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 121 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 12 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 10 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

38 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-03-14 CVE-2008-1157 Cisco Improper Input Validation vulnerability in Cisco Ciscoworks Internetwork Performance Monitor 2.6

Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands.

10.0
2008-03-14 CVE-2008-1117 Netopia Path Traversal vulnerability in Netopia Timbuktu PRO 8.6.5

Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences.

10.0
2008-03-14 CVE-2008-0532 Cisco Buffer Errors vulnerability in Cisco products

Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors.

10.0
2008-03-13 CVE-2008-1320 ASG Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in ASG Asg-Sentry

Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (crash) via (1) a long request to FxIAList on TCP port 6162, or (2) an SNMP request with a long community string to FxAgent on UDP port 6161.

10.0
2008-03-12 CVE-2008-1310 Packettrap Path Traversal vulnerability in Packettrap Pt360 Tool Suite 1.1.33.1.0

Directory traversal vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to read and overwrite arbitrary files via directory traversal sequences in the pathname.

10.0
2008-03-12 CVE-2008-1307 Kingsoft Buffer Errors vulnerability in Kingsoft Antivirus Online Update Module 2007.12.29.29

Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in UpdateOcx2.dll in Beijing KingSoft Antivirus Online Update Module 2007.12.29.29 allows remote attackers to execute arbitrary code via a long argument to the SetUninstallName method.

10.0
2008-03-10 CVE-2008-1268 Linksys Improper Authentication vulnerability in Linksys Wrt54G 7

The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password.

10.0
2008-03-10 CVE-2008-1262 Airspan Improper Authentication vulnerability in Airspan Wimax Prost 4.1

The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/.

10.0
2008-03-10 CVE-2008-1256 Zyxel Remote Security vulnerability in P-660Hw

The ZyXEL P-660HW series router has "admin" as its default password, which allows remote attackers to gain administrative access.

10.0
2008-03-10 CVE-2008-1255 Zyxel Permissions, Privileges, and Access Controls vulnerability in Zyxel P-660Hw

The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user.

10.0
2008-03-10 CVE-2008-1252 Deutsche Telekom Information Exposure vulnerability in Deutsche Telekom Speedport W500 DSL Router

b_banner.stm (aka the login page) on the Deutsche Telekom Speedport W500 DSL router allows remote attackers to obtain the logon password by reading the pwd field in the HTML source.

10.0
2008-03-10 CVE-2008-1247 Linksys Permissions, Privileges, and Access Controls vulnerability in Linksys Wrt54G

The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri.

10.0
2008-03-10 CVE-2008-1244 Belkin Improper Authentication vulnerability in Belkin F5D7230-4

cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters.

10.0
2008-03-10 CVE-2008-1242 Belkin Permissions, Privileges, and Access Controls vulnerability in Belkin F5D7230-4

The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user, a different vulnerability than CVE-2005-3802.

10.0
2008-03-10 CVE-2008-1249 Snom Improper Input Validation vulnerability in Snom 320 SIP Phone

snomControl.swf in the central phone server for the Snom 320 SIP Phone allows remote attackers to cause a denial of service (application crash and corruption of call logs) via a "'); (double quote, quote, close parenthesis, semicolon) sequence in the "Call a number" field.

9.4
2008-03-13 CVE-2008-1335 Netbsd Unspecified vulnerability in Netbsd and Netbsd Current

The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905.

9.3
2008-03-13 CVE-2008-1319 Versant Remote Arbitrary Command Execution vulnerability in Versant Object Database 7.0.1

Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers to execute arbitrary commands via a request to TCP port 5019 with a modified VERSANT_ROOT field.

9.3
2008-03-12 CVE-2008-1309 Realnetworks Resource Management Errors vulnerability in Realnetworks Realplayer 10.0/10.5/11

The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.

9.3
2008-03-12 CVE-2007-6253 Adobe Buffer Errors vulnerability in Adobe Form Client and Form Designer

Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client 5.0 allow remote attackers to execute arbitrary code via unknown vectors in the (1) Adobe File Dialog Button (FileDlg.dll) and the (2) Adobe Copy to Server Object (SvrCopy.dll) ActiveX controls.

9.3
2008-03-11 CVE-2008-0307 SAP Numeric Errors vulnerability in SAP Maxdb 7.6.0.37

Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption.

9.3
2008-03-11 CVE-2008-0118 Microsoft Code Injection vulnerability in Microsoft Office

Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2008-03-11 CVE-2008-0117 Microsoft Remote Code Execution vulnerability in Microsoft Excel Conditional Formatting Values

Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."

9.3
2008-03-11 CVE-2008-0116 Microsoft Improper Input Validation vulnerability in Microsoft products

Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."

9.3
2008-03-11 CVE-2008-0115 Microsoft Code Injection vulnerability in Microsoft products

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."

9.3
2008-03-11 CVE-2008-0114 Microsoft Code Injection vulnerability in Microsoft Excel, Excel Viewer and Office

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.

9.3
2008-03-11 CVE-2008-0113 Microsoft Code Injection vulnerability in Microsoft Excel Viewer 2003

Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."

9.3
2008-03-11 CVE-2008-0112 Microsoft Code Injection vulnerability in Microsoft Excel and Office

Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."

9.3
2008-03-11 CVE-2008-0111 Microsoft Code Injection vulnerability in Microsoft products

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."

9.3
2008-03-11 CVE-2008-0110 Microsoft Code Injection vulnerability in Microsoft Office

Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.

9.3
2008-03-11 CVE-2007-1201 Microsoft Code Injection vulnerability in Microsoft products

Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."

9.3
2008-03-10 CVE-2008-1282 B21Soft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in B21Soft Bfup

Buffer overflow in the BFup ActiveX control (BFup.dll) in B21Soft BFup before 1.0.802.29 allows remote attackers to execute arbitrary code via a long FilePath parameter.

9.3
2008-03-10 CVE-2008-1161 Matroska Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Matroska Demuxer

Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes.

9.3
2008-03-10 CVE-2008-1259 Zyxel Improper Authentication vulnerability in Zyxel P-2602Hw-D1A

The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated within the previous 5 minutes.

9.3
2008-03-10 CVE-2008-1250 Snom Cross-Site Request Forgery (CSRF) vulnerability in Snom 320 SIP Phone

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containing an XSS sequence.

9.3
2008-03-10 CVE-2008-1231 Jspwiki Path Traversal vulnerability in Jspwiki 2.4.104/2.5.139/2.5.139Beta

Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to include and execute arbitrary local .jsp files, and obtain sensitive information, via a ..

9.3
2008-03-10 CVE-2008-1230 Jspwiki Permissions, Privileges, and Access Controls vulnerability in Jspwiki 2.4.104/2.5.139/2.5.139Beta

Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified manipulation that attaches a .jsp file to an "entry page." Reference links suggest possible solution upgrade to latest version (2.6.1) at: http://www.jspwiki.org/wiki/JSPWikiDownload

9.3
2008-03-10 CVE-2008-1277 Mailenable Improper Input Validation vulnerability in Mailenable Enterprise and Mailenable Professional

The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service (crash) via (1) SEARCH and (2) APPEND commands without required arguments, which triggers a NULL pointer dereference.

9.0
2008-03-10 CVE-2008-1276 Mailenable Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mailenable Enterprise and Mailenable Professional

Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allow remote authenticated attackers to execute arbitrary code via long arguments to the (1) FETCH, (2) EXAMINE, and (3) UNSUBSCRIBE commands.

9.0

31 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-03-14 CVE-2008-1338 Perforce Numeric Errors vulnerability in Perforce Server

The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted.

7.8
2008-03-13 CVE-2008-1322 ASG Sentry Remote vulnerability in ASG-Sentry 7.0.0

The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection vulnerability.

7.8
2008-03-11 CVE-2008-1286 SUN
Linux
Unspecified vulnerability in SUN Java web Console 3.0.2/3.0.3/3.0.4

Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors.

7.8
2008-03-10 CVE-2008-1275 Mailenable Denial of Service vulnerability in Mailenable products

Multiple unspecified vulnerabilities in the SMTP service in MailEnable Standard Edition 1.x, Professional Edition 3.x and earlier, and Enterprise Edition 3.x and earlier allow remote attackers to cause a denial of service (crash) via crafted (1) EXPN or (2) VRFY commands.

7.8
2008-03-10 CVE-2008-1267 Siemens Numeric Errors vulnerability in Siemens Speedstream 6520

The Siemens SpeedStream 6520 router allows remote attackers to cause a denial of service (web interface crash) via an HTTP request to basehelp_English.htm with a large integer in the Content-Length field.

7.8
2008-03-10 CVE-2008-1266 D Link Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in D-Link Di-524

Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value.

7.8
2008-03-10 CVE-2008-1265 Linksys Improper Input Validation vulnerability in Linksys Wrt54G

The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface.

7.8
2008-03-10 CVE-2008-1245 Belkin Improper Input Validation vulnerability in Belkin F5D7230-4

cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service (control center outage) via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header.

7.8
2008-03-14 CVE-2008-1118 Netopia Improper Input Validation vulnerability in Netopia Timbuktu PRO 8.6.5

Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields.

7.5
2008-03-13 CVE-2008-1336 Koobi SQL Injection vulnerability in Koobi CMS

SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows remote attackers to execute arbitrary SQL commands via the categ parameter in a links action to index.php, a different vector than CVE-2008-1122.

7.5
2008-03-13 CVE-2008-1334 BT Improper Authentication vulnerability in BT Home HUB

cgi/b on the BT Home Hub router allows remote attackers to bypass authentication, and read or modify administrative settings or make arbitrary VoIP telephone calls, by placing a character at the end of the PATH_INFO, as demonstrated by (1) %5C (encoded backslash), (2) '%' (percent), and (3) '~' (tilde).

7.5
2008-03-13 CVE-2007-6709 Linksys Permissions, Privileges, and Access Controls vulnerability in Linksys Wag54Gs 1.00.06

The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.

7.5
2008-03-13 CVE-2008-1327 Gallarific Improper Authentication vulnerability in Gallarific

Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request.

7.5
2008-03-13 CVE-2008-1325 Leinir Turthra Path Traversal vulnerability in Leinir Turthra Uberghey CMS 0.3.1

Multiple directory traversal vulnerabilities in index.php in Uberghey CMS 0.3.1 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2008-03-13 CVE-2008-1324 Leinir Path Traversal vulnerability in Leinir Travelsized CMS 0.4.1

Multiple directory traversal vulnerabilities in index.php in Travelsized CMS 0.4.1 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2008-03-13 CVE-2008-1315 PHP Nuke SQL Injection vulnerability in PHP-Nuke Zclassifieds

SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php.

7.5
2008-03-12 CVE-2008-1314 Johannes Hass
Phpnuke
SQL Injection vulnerability in Johannes Hass Gaestebuch Module 2.2

SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php.

7.5
2008-03-12 CVE-2008-1313 Bill Roberts SQL Injection vulnerability in Bill Roberts Bloo

Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) post_id, (2) post_category_id, (3) post_year_month, and (4) static_page_id parameters; and unspecified other vectors.

7.5
2008-03-12 CVE-2008-1308 Phpnuke
Sudirman Angriawan
SQL Injection vulnerability in Sudirman Angriawan Nukec30 3.0

SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php.

7.5
2008-03-12 CVE-2008-1305 Chieminger
Phpbb
SQL Injection vulnerability in Chieminger Filebase Module 2.0

SQL injection vulnerability in filebase.php in the Filebase mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-03-12 CVE-2008-1298 Kyantonius
PHP Nuke
SQL Injection vulnerability in multiple products

SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php.

7.5
2008-03-12 CVE-2008-1297 Ewriting
Joomla
Mambo
SQL Injection vulnerability in multiple products

SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.

7.5
2008-03-12 CVE-2008-1203 Adobe Unspecified vulnerability in Adobe Coldfusion 7.0/8.0

The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection.

7.5
2008-03-11 CVE-2008-0301 Mapbender SQL Injection vulnerability in Mapbender

Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors.

7.5
2008-03-10 CVE-2008-1272 Bmscripts SQL Injection vulnerability in Bmscripts BM Classifieds

Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter to pfriendly.php.

7.5
2008-03-10 CVE-2008-1264 Linksys Improper Authentication vulnerability in Linksys Wrt54G

The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file.

7.5
2008-03-10 CVE-2008-1227 Silc Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Silc Toolkit

Stack-based buffer overflow in the silc_fingerprint function in lib/silcutil/silcutil.c in Secure Internet Live Conferencing (SILC) Toolkit 1.1.5, and unspecified earlier versions, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via long input data.

7.5
2008-03-10 CVE-2008-1223 Dokeos Remote Code Execution and Cross-Site Scripting vulnerability in Dokeos Open Source Learning and Knowledge Management Tool 1.8.4

Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified vectors.

7.5
2008-03-10 CVE-2008-1220 Phpnuke SQL Injection vulnerability in PHPnuke 4Nchat 0.91

SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php.

7.5
2008-03-10 CVE-2008-1219 Phpnuke SQL Injection vulnerability in PHPnuke Kutubisitte Component 1.1

SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php.

7.5
2008-03-10 CVE-2008-1269 Alice Improper Authentication vulnerability in Alice Gate2 Plus Wi-Fi

cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request.

7.1

58 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-03-11 CVE-2008-0306 SAP Local Privilege Escalation vulnerability in SAP Maxdb 7.6.0.37

sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings.

6.9
2008-03-10 CVE-2008-1274 IBM Local Privilege Escalation vulnerability in IBM AIX 6.1.0

Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows local users to execute arbitrary code via a malicious program in the man directory.

6.9
2008-03-13 CVE-2008-1323 Woltlab Cross-Site Request Forgery (CSRF) vulnerability in Woltlab Burning Board Lite 2.0

Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete action.

6.8
2008-03-13 CVE-2008-1316 QT Cute SQL Injection vulnerability in Qt-Cute Quicktalk Forum 1.3/1.4/1.5.0.3

SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickTalk Forum 1.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

6.8
2008-03-12 CVE-2008-1295 Gregory Kokanosky SQL Injection vulnerability in Gregory Kokanosky PHPmynewsletter

SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msg_id parameter.

6.8
2008-03-11 CVE-2008-0300 Mapbender Code Injection vulnerability in Mapbender

mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.

6.8
2008-03-10 CVE-2008-1218 Dovecot Credentials Management vulnerability in Dovecot

Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.

6.8
2008-03-10 CVE-2008-1254 Zyxel Cross-Site Request Forgery (CSRF) vulnerability in Zyxel P-660Hw

Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors.

6.8
2008-03-10 CVE-2008-1246 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco PIX ASA Finesse Operation System 7.1/7.2

** DISPUTED ** The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local users to gain privileges by entering characters at the enable prompt, erasing these characters via the Backspace key, and then holding down the Backspace key for one second after erasing the final character.

6.8
2008-03-11 CVE-2008-1284 Horde Path Traversal vulnerability in Horde Groupware, Groupware Webmail Edition and Horde

Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.

6.0
2008-03-10 CVE-2008-1248 Snom Cross-Site Request Forgery (CSRF) vulnerability in Snom 320 SIP Phone

The web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to make arbitrary phone calls via the "Call a number" field.

5.8
2008-03-14 CVE-2008-1337 Netopia Improper Input Validation vulnerability in Netopia Timbuktu PRO 8.6.5

The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of service (CPU consumption and daemon termination) via an invalid or partial message.

5.0
2008-03-13 CVE-2008-1321 ASG Sentry Improper Authentication vulnerability in Asg-Sentry

The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier does require authentication, which allows remote attackers to cause a denial of service (service termination) via the exit command to TCP port 6162, or have other impacts via other commands.

5.0
2008-03-13 CVE-2008-1318 Mediawiki Information Exposure vulnerability in Mediawiki 1.11/1.11.1

Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results.

5.0
2008-03-12 CVE-2008-1312 Packettrap Remote Denial of Service vulnerability in Packettrap Pt360 Tool Suite 1.1.33.1.0

Unspecified vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to cause a denial of service (daemon crash) via a long TFTP packet, a different vulnerability than CVE-2008-1311.

5.0
2008-03-12 CVE-2008-1311 Packettrap Improper Input Validation vulnerability in Packettrap Pt360 Tool Suite PRO

The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '"' (quotation mark), or (3) "<>" (less than, greater than); or (4) a file with a long name.

5.0
2008-03-12 CVE-2008-1303 Perforce Improper Input Validation vulnerability in Perforce Server

The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference.

5.0
2008-03-12 CVE-2008-1302 Microsoft
Perforce
Numeric Errors vulnerability in Perforce Server

The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access.

5.0
2008-03-12 CVE-2008-0644 Adobe Cross-Site Scripting vulnerability in Adobe ColdFusion

Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.

5.0
2008-03-11 CVE-2008-1288 IBM Information Exposure vulnerability in IBM Rational Clearquest 7.0.0.2/7.0.1.1

IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies.

5.0
2008-03-11 CVE-2008-1287 IBM Configuration vulnerability in IBM Rational Clearquest 7.0.0.2/7.0.1.1

IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

5.0
2008-03-10 CVE-2008-1281 Argontechnology Path Traversal vulnerability in Argontechnology Client Management Services

Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a ..

5.0
2008-03-10 CVE-2008-1280 Acronis Improper Input Validation vulnerability in Acronis True Image and True Image Windows Agent

Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference.

5.0
2008-03-10 CVE-2008-1279 Acronis Improper Input Validation vulnerability in Acronis True Image

Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read.

5.0
2008-03-10 CVE-2008-1278 Remotelyanywhere Improper Input Validation vulnerability in Remotelyanywhere

The RemotelyAnywhere.exe service in the Remotely Anywhere Server and Workstation 8.0.668 and earlier allows remote attackers to cause a denial of service (crash) via an invalid Accept-Charset header, which triggers a NULL pointer dereference.

5.0
2008-03-10 CVE-2008-1270 Lighttpd Information Exposure vulnerability in Lighttpd

mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.

5.0
2008-03-10 CVE-2008-1261 Zyxel Remote Security vulnerability in Zyxel P-2602Hw-D1A 3.40(Ajz.1)

The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI.

5.0
2008-03-10 CVE-2008-1221 Microworld Technologies Path Traversal vulnerability in Microworld Technologies Escan, Escan Management Console and Escan Server

Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command.

5.0
2008-03-13 CVE-2008-1317 SUN Local Denial of Service vulnerability in SUN Solaris 10

Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues.

4.9
2008-03-12 CVE-2008-0890 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Directory Server

Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors.

4.6
2008-03-14 CVE-2008-0533 Cisco Cross-Site Scripting vulnerability in Cisco products

Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.

4.3
2008-03-13 CVE-2007-6708 Linksys Cross-Site Request Forgery (CSRF) vulnerability in Linksys Wag54Gs 1.00.06

Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi.

4.3
2008-03-13 CVE-2007-6707 Linksys Cross-Site Scripting vulnerability in Linksys Wag54Gs 1.00.06

Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574.

4.3
2008-03-13 CVE-2008-1326 Gallarific Cross-Site Scripting vulnerability in Gallarific

Cross-site scripting (XSS) vulnerability in search.php in Gallarific allows remote attackers to inject arbitrary web script or HTML via the query parameter.

4.3
2008-03-12 CVE-2008-1306 Besavvy Cross-Site Scripting vulnerability in Besavvy Savvy Content Manager

Multiple cross-site scripting (XSS) vulnerabilities in Savvy Content Manager (CM) allow remote attackers to inject arbitrary web script or HTML via the searchterms parameter to (1) searchresults.cfm, (2) search_results.cfm, and (3) search_results/index.cfm.

4.3
2008-03-12 CVE-2008-1304 Wordpress Cross-Site Scripting vulnerability in Wordpress 2.3.2

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.

4.3
2008-03-12 CVE-2008-1300 Alkacon Cross-Site Scripting vulnerability in Alkacon Opencms 7.0.3/7.0.4

Cross-site scripting (XSS) vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a different vector than CVE-2008-1045.

4.3
2008-03-12 CVE-2008-1299 Microsoft
Manageengine
Cross-Site Scripting vulnerability in Manageengine Servicedesk Plus 7.0.0

Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.

4.3
2008-03-12 CVE-2008-1296 Encaps Cross-Site Scripting vulnerability in Encaps Encapsgallery 1.11.2

Multiple cross-site scripting (XSS) vulnerabilities in EncapsGallery 1.11.2 allow remote attackers to inject arbitrary web script or HTML via the file parameter to (1) watermark.php and (2) catalog_watermark.php in core/.

4.3
2008-03-12 CVE-2008-1202 Adobe Cross-Site Scripting vulnerability in Adobe Livecycle Workflow 6.2

Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2008-03-12 CVE-2008-0643 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-03-11 CVE-2008-1285 SUN Cross-Site Scripting vulnerability in SUN JSF

Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2008-03-11 CVE-2008-1283 Silver Forge Cross-Site Scripting vulnerability in Silver-Forge Neptune web Server 3.0

Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 allows remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in the 404 error page.

4.3
2008-03-10 CVE-2008-1273 Imagevue Cross-Site Scripting vulnerability in Imagevue 1.7

Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/.

4.3
2008-03-10 CVE-2008-1260 Zyxel Cross-Site Request Forgery (CSRF) vulnerability in Zyxel P-2602Hw-D1A

Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware allow remote attackers to (1) make the admin web server available on the Internet (WAN) interface via the WWWAccessInterface parameter to Forms/RemMagWWW_1 or (2) change the IP whitelisting timeout via the StdioTimout parameter to Forms/rpSysAdmin_1.

4.3
2008-03-10 CVE-2008-1258 D Link Cross-Site Scripting vulnerability in D-Link Di-604

Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter.

4.3
2008-03-10 CVE-2008-1257 Zyxel Cross-Site Scripting vulnerability in Zyxel products

Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter.

4.3
2008-03-10 CVE-2008-1253 D Link Cross-Site Scripting vulnerability in D-Link Dsl-G604T

Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page.

4.3
2008-03-10 CVE-2008-1251 Snom Cross-Site Scripting vulnerability in Snom 320 SIP Phone

Cross-site scripting (XSS) vulnerability in the web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-03-10 CVE-2008-1243 Linksys Cross-Site Scripting vulnerability in Linksys Wrt300N

Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI.

4.3
2008-03-10 CVE-2008-1229 Jspwiki Cross-Site Scripting vulnerability in Jspwiki 2.4.104/2.5.139/2.5.139Beta

Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML via the editor parameter, a different vector than CVE-2007-5120.b.

4.3
2008-03-10 CVE-2008-1228 Minigal Cross-Site Scripting vulnerability in Minigal MG2

Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly Minigal) allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action.

4.3
2008-03-10 CVE-2008-1226 Zimbra Cross-Site Scripting vulnerability in Zimbra Collaboration Suite 4.0.3/4.5.6

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image attachment.

4.3
2008-03-10 CVE-2008-1225 Webct Cross-Site Scripting vulnerability in Webct 4.1.5.8

Multiple cross-site scripting (XSS) vulnerabilities in WebCT Campus Edition 4.1.5.8, when "Don't wrap text" is enabled, allow remote authenticated users to inject arbitrary web script or HTML via a (1) mail message or (2) discussion board message.

4.3
2008-03-10 CVE-2008-1224 Bosdev Cross-Site Scripting vulnerability in Bosdev Bosclassifieds Classified ADS 3.0

Cross-site scripting (XSS) vulnerability in account.php in BosClassifieds Classified Ads System 3.0 allows remote attackers to inject arbitrary web script or HTML via the returnTo parameter.

4.3
2008-03-10 CVE-2008-1222 Dokeos Cross-Site Scripting vulnerability in Dokeos Open Source Learning and Knowledge Management Tool 1.8.4

Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-03-12 CVE-2008-1301 Alkacon Path Traversal vulnerability in Alkacon Opencms 7.0.3/7.0.4

Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter.

4.0
2008-03-10 CVE-2008-1263 Linksys Cryptographic Issues vulnerability in Linksys Wrt54G

The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI.

4.0

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS