Weekly Vulnerabilities Reports > March 17 to 23, 2008
Overview
122 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 110 products from 61 vendors including Apple, Vmware, Microsoft, Plone, and MIT. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Permissions, Privileges, and Access Controls", and "Information Exposure".
- 103 reported vulnerabilities are remotely exploitables.
- 27 reported vulnerabilities have public exploit available.
- 48 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 115 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 43 reported vulnerabilities.
- MIT has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
11 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-03-20 | CVE-2008-1393 | Plone | Credentials Management vulnerability in Plone CMS Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network. | 10.0 |
2008-03-20 | CVE-2008-1392 | Microsoft Vmware | Configuration vulnerability in VMWare Ace, Player and VMWare Workstation The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors. | 10.0 |
2008-03-19 | CVE-2008-0947 | MIT | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in MIT Kerberos 5 Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors. | 10.0 |
2008-03-18 | CVE-2008-0053 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Cups Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file. | 10.0 |
2008-03-18 | CVE-2008-1369 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Sunos 5.10 A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors. | 10.0 |
2008-03-18 | CVE-2008-0949 | IBM | Remote vulnerability in IBM Informix Dynamic Server Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet. | 10.0 |
2008-03-19 | CVE-2008-0062 | MIT Debian Canonical Fedoraproject | Improper Initialization vulnerability in multiple products KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. | 9.8 |
2008-03-20 | CVE-2007-6254 | SAP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Business Objects Stack-based buffer overflow in the SAP Business Objects BusinessObjects RptViewerAX ActiveX control in RptViewerAX.dll in Business Objects 6.5 before CHF74 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2008-03-19 | CVE-2008-0948 | MIT | Buffer Errors vulnerability in MIT Kerberos 5 1.2.2 Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors. | 9.3 |
2008-03-18 | CVE-2008-0047 | Apple Cups | Buffer Errors vulnerability in Cups 1.3.5 Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. | 9.3 |
2008-03-17 | CVE-2008-0888 | Info ZIP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Info-Zip Unzip The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data. | 9.3 |
28 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-03-20 | CVE-2008-1332 | Asterisk | Permissions, Privileges, and Access Controls vulnerability in Asterisk products Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header. | 8.8 |
2008-03-18 | CVE-2008-1000 | Apple | Path Traversal vulnerability in Apple mac OS X and mac OS X Server Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments. | 8.5 |
2008-03-18 | CVE-2008-0727 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Informix Dynamic Server Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value. | 8.5 |
2008-03-20 | CVE-2008-1429 | Silc | Remote Denial of Service vulnerability in SILC Server 'NEW_CLIENT' Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows remote attackers to cause a denial of service (daemon crash) via a NEW_CLIENT packet without a nickname. | 7.8 |
2008-03-20 | CVE-2008-1364 | Vmware | Resource Management Errors vulnerability in VMWare products Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service. | 7.8 |
2008-03-20 | CVE-2008-1430 | Iatek | SQL Injection vulnerability in Iatek Aspapp SQL injection vulnerability in links.asp in ASPapp allows remote attackers to execute arbitrary SQL commands via the CatId parameter. | 7.5 |
2008-03-20 | CVE-2008-1427 | Joobi Joomla | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php. | 7.5 |
2008-03-20 | CVE-2008-1426 | Kaphotoservice | SQL Injection vulnerability in Kaphotoservice SQL injection vulnerability in album.asp in KAPhotoservice allows remote attackers to execute arbitrary SQL commands via the albumid parameter. | 7.5 |
2008-03-20 | CVE-2008-1425 | Easy Clanpage | SQL Injection vulnerability in Easy-Clanpage 2.2 SQL injection vulnerability in index.php in the gallery module in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a kate action. | 7.5 |
2008-03-20 | CVE-2008-1409 | Exero | Path Traversal vulnerability in Exero CMS 1.0.1 Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to (1) index.php, (2) editpassword.php, and (3) avatar.php in usercp/; (4) custompage.php; (5) errors/404.php; (6) memberslist.php and (7) profile.php in members/; (8) index.php and (9) fullview.php in news/; and (10) nopermission.php. | 7.5 |
2008-03-20 | CVE-2008-1395 | Plone | Improper Authentication vulnerability in Plone CMS Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes it easier for context-dependent attackers to reuse a logged-out session. | 7.5 |
2008-03-20 | CVE-2008-1394 | Plone | Credentials Management vulnerability in Plone CMS Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network. | 7.5 |
2008-03-19 | CVE-2008-0063 | MIT Apple Opensuse Suse Debian Canonical Fedoraproject | Use of Uninitialized Resource vulnerability in multiple products The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | 7.5 |
2008-03-17 | CVE-2008-1354 | Advanced Data Solutions | SQL Injection vulnerability in Advanced Data Solutions Virtual Support Office XP 2 SQL injection vulnerability in MyIssuesView.asp in Advanced Data Solutions Virtual Support Office-XP (VSO-XP) allows remote attackers to execute arbitrary SQL commands via the Issue_ID parameter. | 7.5 |
2008-03-17 | CVE-2008-1351 | Xoops | SQL Injection vulnerability in Xoops Tutoriais Module 2.1B SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through a printpage action to index.php. | 7.5 |
2008-03-17 | CVE-2008-1350 | Fully Modded Phpbb | SQL Injection vulnerability in Fully Modded PHPbb Fully Modded PHPbb SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action. | 7.5 |
2008-03-17 | CVE-2008-1349 | Exv2 | SQL Injection vulnerability in Exv2 Bamagalerie and Exv2 SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
2008-03-17 | CVE-2008-1346 | Myiosoft | SQL Injection vulnerability in Myiosoft Easycalendar 4.0Tr SQL injection vulnerability in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action. | 7.5 |
2008-03-17 | CVE-2008-1344 | Myiosoft | SQL Injection vulnerability in Myiosoft Easycalendar 4.0Tr Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in a dayview action to plugins/calendar/calendar_backend.php and the (2) page parameter to ajaxp_backend.php. | 7.5 |
2008-03-17 | CVE-2008-1341 | Lagarde | SQL Injection vulnerability in Lagarde Storefront 6.0 SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter. | 7.5 |
2008-03-20 | CVE-2008-1363 | Microsoft Vmware | Permissions, Privileges, and Access Controls vulnerability in VMWare products VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process." | 7.2 |
2008-03-20 | CVE-2008-1362 | Vmware | Permissions, Privileges, and Access Controls vulnerability in VMWare products VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361. | 7.2 |
2008-03-20 | CVE-2008-0707 | HP | Permissions, Privileges, and Access Controls vulnerability in HP Storageworks Library and Tape Tools HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX B.11.11 and B.11.23 allows local users to gain privileges via unspecified vectors. | 7.2 |
2008-03-18 | CVE-2008-0055 | Apple | Race Condition vulnerability in Apple mac OS X and mac OS X Server Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. | 7.2 |
2008-03-20 | CVE-2008-1402 | Microsoft MG Soft | Resource Management Errors vulnerability in Mg-Soft NET Inspector MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to cause a (1) denial of service (exception and crash) via a UDP packet to the SNMP Trap Service (MgWTrap3.exe) or (2) denial of service (device freeze or memory consumption) via a malformed request to the Net Inspector Server (niengine). | 7.1 |
2008-03-20 | CVE-2008-1340 | Vmware | Resource Management Errors vulnerability in VMWare products Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger "memory exhaustion and memory corruption." | 7.1 |
2008-03-18 | CVE-2008-0999 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference. | 7.1 |
2008-03-18 | CVE-2008-0045 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. | 7.1 |
73 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-03-20 | CVE-2008-1417 | Axyl | Link Following vulnerability in Axyl 2.1.7 The prerm script in axyl 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the axyl.conf temporary file. | 6.9 |
2008-03-18 | CVE-2008-0998 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects. | 6.9 |
2008-03-18 | CVE-2008-0989 | Apple | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname. | 6.9 |
2008-03-18 | CVE-2008-0051 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data. | 6.9 |
2008-03-20 | CVE-2008-1416 | Phpauction | Code Injection vulnerability in PHPauction GPL 2.51 Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) converter.inc.php, (2) messages.inc.php, and (3) settings.inc.php in includes/. | 6.8 |
2008-03-20 | CVE-2008-1412 | F Secure | Improper Input Validation vulnerability in F-Secure products Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats. | 6.8 |
2008-03-20 | CVE-2008-1407 | Exv2 | SQL Injection vulnerability in Exv2 1.60 SQL injection vulnerability in index.php in the WebChat 1.60 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the roomid parameter. | 6.8 |
2008-03-20 | CVE-2008-1406 | Exv2 | SQL Injection vulnerability in Exv2 1.8 SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the lid parameter in an ImprAnn action. | 6.8 |
2008-03-20 | CVE-2008-1405 | Fuzzylime | Code Injection vulnerability in Fuzzylime 3.01 PHP remote file inclusion vulnerability in code/display.php in fuzzylime (cms) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter. | 6.8 |
2008-03-20 | CVE-2008-1404 | Exv2 | SQL Injection vulnerability in Exv2 2.0.3 SQL injection vulnerability in index.php in the Viso (Industry Book) 2.04 and 2.03 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the kid parameter. | 6.8 |
2008-03-20 | CVE-2008-1403 | Bootmanage | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bootmanage Administrator and Tftpd Stack-based buffer overflow in the TFTP server in BootManage TFTPD 1.99 and earlier in BootManage Administrator 7.1 and earlier allows remote attackers to execute arbitrary code via a request with a long filename. | 6.8 |
2008-03-20 | CVE-2008-1398 | Auracms | SQL Injection vulnerability in Auracms 2.0/2.1/2.2.1 SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header. | 6.8 |
2008-03-20 | CVE-2008-1361 | Vmware | Permissions, Privileges, and Access Controls vulnerability in VMWare products VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362. | 6.8 |
2008-03-19 | CVE-2008-1010 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript. | 6.8 |
2008-03-18 | CVE-2008-0987 | Apple | Buffer Errors vulnerability in Apple Aperture and Iphoto Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image. | 6.8 |
2008-03-18 | CVE-2008-0060 | Apple | Code Injection vulnerability in Apple mac OS X and mac OS X Server Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link. | 6.8 |
2008-03-18 | CVE-2008-0056 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. | 6.8 |
2008-03-18 | CVE-2008-0052 | Apple | Information Exposure vulnerability in Apple mac OS X and mac OS X Server CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set. | 6.8 |
2008-03-18 | CVE-2008-0997 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer. | 6.8 |
2008-03-18 | CVE-2008-0057 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list. | 6.8 |
2008-03-18 | CVE-2008-0048 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API. | 6.8 |
2008-03-18 | CVE-2008-1370 | Wildmary | Code Injection vulnerability in Wildmary YAP Blog 1.1 PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 6.8 |
2008-03-20 | CVE-2008-1397 | Checkpoint | Permissions, Privileges, and Access Controls vulnerability in Checkpoint products Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint. | 6.5 |
2008-03-17 | CVE-2008-1358 | Altn | Buffer Errors vulnerability in Altn Mdaemon 9.6.4 Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY. | 6.5 |
2008-03-18 | CVE-2008-0054 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. | 6.4 |
2008-03-17 | CVE-2008-1365 | Trend Micro | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Officescan Corporate Edition Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors. | 6.4 |
2008-03-17 | CVE-2008-1356 | SUN | Improper Authentication vulnerability in SUN Solaris 10 Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash. | 6.3 |
2008-03-20 | CVE-2008-1333 | Asterisk | USE of Externally-Controlled Format String vulnerability in Asterisk Open Source Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function. | 5.8 |
2008-03-18 | CVE-2008-0992 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value. | 5.8 |
2008-03-18 | CVE-2008-0059 | Apple | Race Condition vulnerability in Apple mac OS X and mac OS X Server Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." | 5.8 |
2008-03-18 | CVE-2008-0058 | Apple | Race Condition vulnerability in Apple mac OS X and mac OS X Server Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object. | 5.8 |
2008-03-18 | CVE-2008-0044 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL. | 5.8 |
2008-03-17 | CVE-2008-1357 | Mcafee | USE of Externally-Controlled Format String vulnerability in Mcafee products Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. | 5.4 |
2008-03-20 | CVE-2008-1415 | Riceball | Path Traversal vulnerability in Riceball multiple Time Sheets 5.0 Directory traversal vulnerability in index.php in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to read arbitrary files via "../..//" (modified dot dot) sequences in the tab parameter. | 5.0 |
2008-03-20 | CVE-2008-1411 | Acronis | Improper Input Validation vulnerability in Acronis Snap Deploy 2.0.0.1076 The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference. | 5.0 |
2008-03-20 | CVE-2008-1400 | MG Soft | Path Traversal vulnerability in Mg-Soft NET Inspector 6.5.0.828 Directory traversal vulnerability in the Net Inspector HTTP Server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot slash) in the URI. | 5.0 |
2008-03-18 | CVE-2008-0050 | Apple | Information Exposure vulnerability in Apple mac OS X and mac OS X Server CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. | 5.0 |
2008-03-18 | CVE-2008-0046 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions. | 5.0 |
2008-03-17 | CVE-2008-1366 | Trend Micro | Improper Input Validation vulnerability in Trend Micro Officescan Corporate Edition Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or (2) invalid characters in unspecified CGI arguments, which triggers a NULL pointer dereference. | 5.0 |
2008-03-17 | CVE-2008-1352 | Hangzhou Network Technology Development | Path Traversal vulnerability in Hangzhou Network Technology Development Ediorcms 3.0 Directory traversal vulnerability in search.php in EdiorCMS (ecms) 3.0 allows remote attackers to read arbitrary files via a .. | 5.0 |
2008-03-17 | CVE-2008-1343 | SCO | Path Traversal vulnerability in SCO Unixware 7.1.4 Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors. | 4.9 |
2008-03-18 | CVE-2008-0990 | Apple | Information Exposure vulnerability in Apple mac OS X and mac OS X Server notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications. | 4.4 |
2008-03-20 | CVE-2008-1432 | Manageengine | Cross-Site Scripting vulnerability in Manageengine Supportcenter Plus 7.0.0 Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. | 4.3 |
2008-03-20 | CVE-2008-1428 | Drupal | Cross-Site Scripting vulnerability in Drupal Ubercart Module Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product. | 4.3 |
2008-03-20 | CVE-2008-1414 | Riceball | Cross-Site Scripting vulnerability in Riceball multiple Time Sheets Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php, (3) invoices.php, (4) smartlinks.php, and (5) todo.php, as demonstrated using a META tag. | 4.3 |
2008-03-20 | CVE-2008-1413 | Snews | Cross-Site Scripting vulnerability in Snews CMS RUS 2.1/2.3/2.4 Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus 2.1 through 2.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |
2008-03-20 | CVE-2008-1410 | Acronis | Path Traversal vulnerability in Acronis Snap Deploy 2.0.0.1076 Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service. | 4.3 |
2008-03-20 | CVE-2008-1401 | MG Soft | USE of Externally-Controlled Format String vulnerability in Mg-Soft NET Inspector Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file. | 4.3 |
2008-03-20 | CVE-2008-1399 | Clansphere | Cross-Site Scripting vulnerability in Clansphere 2008 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Clansphere 2008 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-03-20 | CVE-2008-1012 | Apple | Improper Input Validation vulnerability in Apple Airport Extreme Base Station Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input validation." | 4.3 |
2008-03-20 | CVE-2008-1396 | Plone | Credentials Management vulnerability in Plone CMS Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network. | 4.3 |
2008-03-20 | CVE-2008-0164 | Plone | Cross-Site Request Forgery (CSRF) vulnerability in Plone CMS 3.0.5/3.0.6 Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page. | 4.3 |
2008-03-20 | CVE-2007-4592 | IBM | Cross-Site Scripting vulnerability in IBM Rational Clearquest Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component. | 4.3 |
2008-03-19 | CVE-2008-1011 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame. | 4.3 |
2008-03-19 | CVE-2008-1009 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object. | 4.3 |
2008-03-19 | CVE-2008-1008 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property. | 4.3 |
2008-03-19 | CVE-2008-1007 | Apple | Cross-Site Scripting vulnerability in Apple Safari WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | 4.3 |
2008-03-19 | CVE-2008-1006 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page. | 4.3 |
2008-03-19 | CVE-2008-1004 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector. | 4.3 |
2008-03-19 | CVE-2008-1003 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain. | 4.3 |
2008-03-19 | CVE-2008-1002 | Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL. | 4.3 |
2008-03-19 | CVE-2008-1001 | Microsoft Apple | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. | 4.3 |
2008-03-18 | CVE-2008-0988 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read. | 4.3 |
2008-03-18 | CVE-2008-1372 | Bzip | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bzip Bzip2 bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats. | 4.3 |
2008-03-18 | CVE-2008-1368 | Microsoft | Code Injection vulnerability in Microsoft Internet Explorer 5/6 CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. | 4.3 |
2008-03-17 | CVE-2008-1360 | Nagios | Cross-Site Scripting vulnerability in Nagios Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624. | 4.3 |
2008-03-17 | CVE-2008-1359 | Invision Power Services | Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913. | 4.3 |
2008-03-17 | CVE-2008-1355 | Jeeblestechnology | Cross-Site Scripting vulnerability in Jeeblestechnology Jeebles Directory 2.9.60 Cross-site scripting (XSS) vulnerability in index.php in Jeebles Technology Jeebles Directory 2.9.60 allows remote attackers to inject arbitrary web script or HTML via the path parameter. | 4.3 |
2008-03-17 | CVE-2008-1353 | Zabbix | Denial of Service vulnerability in ZABBIX File Checksum Request zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero. | 4.3 |
2008-03-17 | CVE-2008-1348 | Ewebsite | Cross-Site Scripting vulnerability in Ewebsite Eweather Cross-site scripting (XSS) vulnerability in index.php in the eWebsite eWeather (Weather) module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the chart parameter to modules.php. | 4.3 |
2008-03-17 | CVE-2008-1347 | Myiosoft | Cross-Site Scripting vulnerability in Myiosoft Easycalendar 4.0Tr Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the q parameter in an about action to the help system. | 4.3 |
2008-03-17 | CVE-2008-1345 | Myiosoft | Cross-Site Scripting vulnerability in Myiosoft Easycalendar 4.0Tr Cross-site scripting (XSS) vulnerability in plugins/calendar/calendar_backend.php in MyioSoft EasyCalendar 4.0tr and earlier allows remote attackers to inject arbitrary web script or HTML via the day parameter in a dayview action. | 4.3 |
2008-03-17 | CVE-2008-1342 | Polymita Technologies | Cross-Site Scripting vulnerability in Polymita Technologies BPM Suite and Collageportal Multiple cross-site scripting (XSS) vulnerabilities in the search feature in Polymita BPM-Suite and CollagePortal allow remote attackers to inject arbitrary web script or HTML via the (1) _q and (2) lucene_index_field_value parameters. | 4.3 |
10 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-03-18 | CVE-2008-1371 | Drake Team | Path Traversal vulnerability in Drake Team Drake CMS 0.4.11Rc8 Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. | 3.6 |
2008-03-18 | CVE-2008-1330 | Novell | Permissions, Privileges, and Access Controls vulnerability in Novell Groupwise Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker. | 3.5 |
2008-03-18 | CVE-2008-0995 | Apple | Information Exposure vulnerability in Apple mac OS X and mac OS X Server The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods. | 2.6 |
2008-03-18 | CVE-2008-0994 | Apple | Information Exposure vulnerability in Apple mac OS X and mac OS X Server Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods. | 2.6 |
2008-03-20 | CVE-2008-1431 | Raidsonic Technology | Cryptographic Issues vulnerability in Raidsonic Technology Firmware 2.6.0N RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key. | 2.1 |
2008-03-19 | CVE-2008-1005 | Apple | Information Exposure vulnerability in Apple Safari WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password. | 2.1 |
2008-03-18 | CVE-2008-0993 | Apple | Information Exposure vulnerability in Apple Podcast Producer Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings. | 2.1 |
2008-03-18 | CVE-2008-1383 | Gentoo | Cryptographic Issues vulnerability in Gentoo Linux The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate. | 1.9 |
2008-03-18 | CVE-2008-0049 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. | 1.9 |
2008-03-18 | CVE-2008-0996 | Apple | Information Exposure vulnerability in Apple mac OS X and mac OS X Server The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials. | 1.7 |