Weekly Vulnerabilities Reports > March 17 to 23, 2008

Overview

122 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 110 products from 61 vendors including Apple, Vmware, Microsoft, Plone, and MIT. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Permissions, Privileges, and Access Controls", and "Information Exposure".

  • 103 reported vulnerabilities are remotely exploitables.
  • 27 reported vulnerabilities have public exploit available.
  • 48 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 115 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 43 reported vulnerabilities.
  • MIT has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-03-20 CVE-2008-1393 Plone Credentials Management vulnerability in Plone CMS

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.

10.0
2008-03-20 CVE-2008-1392 Microsoft
Vmware
Configuration vulnerability in VMWare Ace, Player and VMWare Workstation

The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.

10.0
2008-03-19 CVE-2008-0947 MIT Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in MIT Kerberos 5

Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.

10.0
2008-03-18 CVE-2008-0053 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Cups

Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.

10.0
2008-03-18 CVE-2008-1369 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Sunos 5.10

A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors.

10.0
2008-03-18 CVE-2008-0949 IBM Remote vulnerability in IBM Informix Dynamic Server

Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet.

10.0
2008-03-19 CVE-2008-0062 MIT
Debian
Canonical
Fedoraproject
Improper Initialization vulnerability in multiple products

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

9.8
2008-03-20 CVE-2007-6254 SAP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Business Objects

Stack-based buffer overflow in the SAP Business Objects BusinessObjects RptViewerAX ActiveX control in RptViewerAX.dll in Business Objects 6.5 before CHF74 allows remote attackers to execute arbitrary code via unspecified vectors.

9.3
2008-03-19 CVE-2008-0948 MIT Buffer Errors vulnerability in MIT Kerberos 5 1.2.2

Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.

9.3
2008-03-18 CVE-2008-0047 Apple
Cups
Buffer Errors vulnerability in Cups 1.3.5

Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.

9.3
2008-03-17 CVE-2008-0888 Info ZIP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Info-Zip Unzip

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

9.3

28 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-03-20 CVE-2008-1332 Asterisk Permissions, Privileges, and Access Controls vulnerability in Asterisk products

Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.

8.8
2008-03-18 CVE-2008-1000 Apple Path Traversal vulnerability in Apple mac OS X and mac OS X Server

Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.

8.5
2008-03-18 CVE-2008-0727 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Informix Dynamic Server

Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value.

8.5
2008-03-20 CVE-2008-1429 Silc Remote Denial of Service vulnerability in SILC Server 'NEW_CLIENT'

Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows remote attackers to cause a denial of service (daemon crash) via a NEW_CLIENT packet without a nickname.

7.8
2008-03-20 CVE-2008-1364 Vmware Resource Management Errors vulnerability in VMWare products

Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service.

7.8
2008-03-20 CVE-2008-1430 Iatek SQL Injection vulnerability in Iatek Aspapp

SQL injection vulnerability in links.asp in ASPapp allows remote attackers to execute arbitrary SQL commands via the CatId parameter.

7.5
2008-03-20 CVE-2008-1427 Joobi
Joomla
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php.

7.5
2008-03-20 CVE-2008-1426 Kaphotoservice SQL Injection vulnerability in Kaphotoservice

SQL injection vulnerability in album.asp in KAPhotoservice allows remote attackers to execute arbitrary SQL commands via the albumid parameter.

7.5
2008-03-20 CVE-2008-1425 Easy Clanpage SQL Injection vulnerability in Easy-Clanpage 2.2

SQL injection vulnerability in index.php in the gallery module in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a kate action.

7.5
2008-03-20 CVE-2008-1409 Exero Path Traversal vulnerability in Exero CMS 1.0.1

Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to (1) index.php, (2) editpassword.php, and (3) avatar.php in usercp/; (4) custompage.php; (5) errors/404.php; (6) memberslist.php and (7) profile.php in members/; (8) index.php and (9) fullview.php in news/; and (10) nopermission.php.

7.5
2008-03-20 CVE-2008-1395 Plone Improper Authentication vulnerability in Plone CMS

Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes it easier for context-dependent attackers to reuse a logged-out session.

7.5
2008-03-20 CVE-2008-1394 Plone Credentials Management vulnerability in Plone CMS

Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.

7.5
2008-03-19 CVE-2008-0063 MIT
Apple
Opensuse
Suse
Debian
Canonical
Fedoraproject
Use of Uninitialized Resource vulnerability in multiple products

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

7.5
2008-03-17 CVE-2008-1354 Advanced Data Solutions SQL Injection vulnerability in Advanced Data Solutions Virtual Support Office XP 2

SQL injection vulnerability in MyIssuesView.asp in Advanced Data Solutions Virtual Support Office-XP (VSO-XP) allows remote attackers to execute arbitrary SQL commands via the Issue_ID parameter.

7.5
2008-03-17 CVE-2008-1351 Xoops SQL Injection vulnerability in Xoops Tutoriais Module 2.1B

SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through a printpage action to index.php.

7.5
2008-03-17 CVE-2008-1350 Fully Modded Phpbb SQL Injection vulnerability in Fully Modded PHPbb Fully Modded PHPbb

SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action.

7.5
2008-03-17 CVE-2008-1349 Exv2 SQL Injection vulnerability in Exv2 Bamagalerie and Exv2

SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2008-03-17 CVE-2008-1346 Myiosoft SQL Injection vulnerability in Myiosoft Easycalendar 4.0Tr

SQL injection vulnerability in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action.

7.5
2008-03-17 CVE-2008-1344 Myiosoft SQL Injection vulnerability in Myiosoft Easycalendar 4.0Tr

Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in a dayview action to plugins/calendar/calendar_backend.php and the (2) page parameter to ajaxp_backend.php.

7.5
2008-03-17 CVE-2008-1341 Lagarde SQL Injection vulnerability in Lagarde Storefront 6.0

SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter.

7.5
2008-03-20 CVE-2008-1363 Microsoft
Vmware
Permissions, Privileges, and Access Controls vulnerability in VMWare products

VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process."

7.2
2008-03-20 CVE-2008-1362 Vmware Permissions, Privileges, and Access Controls vulnerability in VMWare products

VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361.

7.2
2008-03-20 CVE-2008-0707 HP Permissions, Privileges, and Access Controls vulnerability in HP Storageworks Library and Tape Tools

HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX B.11.11 and B.11.23 allows local users to gain privileges via unspecified vectors.

7.2
2008-03-18 CVE-2008-0055 Apple Race Condition vulnerability in Apple mac OS X and mac OS X Server

Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges.

7.2
2008-03-20 CVE-2008-1402 Microsoft
MG Soft
Resource Management Errors vulnerability in Mg-Soft NET Inspector

MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to cause a (1) denial of service (exception and crash) via a UDP packet to the SNMP Trap Service (MgWTrap3.exe) or (2) denial of service (device freeze or memory consumption) via a malformed request to the Net Inspector Server (niengine).

7.1
2008-03-20 CVE-2008-1340 Vmware Resource Management Errors vulnerability in VMWare products

Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger "memory exhaustion and memory corruption."

7.1
2008-03-18 CVE-2008-0999 Apple Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server

Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference.

7.1
2008-03-18 CVE-2008-0045 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names.

7.1

73 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-03-20 CVE-2008-1417 Axyl Link Following vulnerability in Axyl 2.1.7

The prerm script in axyl 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the axyl.conf temporary file.

6.9
2008-03-18 CVE-2008-0998 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.

6.9
2008-03-18 CVE-2008-0989 Apple USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server

Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.

6.9
2008-03-18 CVE-2008-0051 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data.

6.9
2008-03-20 CVE-2008-1416 Phpauction Code Injection vulnerability in PHPauction GPL 2.51

Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) converter.inc.php, (2) messages.inc.php, and (3) settings.inc.php in includes/.

6.8
2008-03-20 CVE-2008-1412 F Secure Improper Input Validation vulnerability in F-Secure products

Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

6.8
2008-03-20 CVE-2008-1407 Exv2 SQL Injection vulnerability in Exv2 1.60

SQL injection vulnerability in index.php in the WebChat 1.60 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.

6.8
2008-03-20 CVE-2008-1406 Exv2 SQL Injection vulnerability in Exv2 1.8

SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the lid parameter in an ImprAnn action.

6.8
2008-03-20 CVE-2008-1405 Fuzzylime Code Injection vulnerability in Fuzzylime 3.01

PHP remote file inclusion vulnerability in code/display.php in fuzzylime (cms) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter.

6.8
2008-03-20 CVE-2008-1404 Exv2 SQL Injection vulnerability in Exv2 2.0.3

SQL injection vulnerability in index.php in the Viso (Industry Book) 2.04 and 2.03 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the kid parameter.

6.8
2008-03-20 CVE-2008-1403 Bootmanage Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bootmanage Administrator and Tftpd

Stack-based buffer overflow in the TFTP server in BootManage TFTPD 1.99 and earlier in BootManage Administrator 7.1 and earlier allows remote attackers to execute arbitrary code via a request with a long filename.

6.8
2008-03-20 CVE-2008-1398 Auracms SQL Injection vulnerability in Auracms 2.0/2.1/2.2.1

SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.

6.8
2008-03-20 CVE-2008-1361 Vmware Permissions, Privileges, and Access Controls vulnerability in VMWare products

VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362.

6.8
2008-03-19 CVE-2008-1010 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari

Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript.

6.8
2008-03-18 CVE-2008-0987 Apple Buffer Errors vulnerability in Apple Aperture and Iphoto

Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image.

6.8
2008-03-18 CVE-2008-0060 Apple Code Injection vulnerability in Apple mac OS X and mac OS X Server

Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.

6.8
2008-03-18 CVE-2008-0056 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.

6.8
2008-03-18 CVE-2008-0052 Apple Information Exposure vulnerability in Apple mac OS X and mac OS X Server

CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.

6.8
2008-03-18 CVE-2008-0997 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer.

6.8
2008-03-18 CVE-2008-0057 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list.

6.8
2008-03-18 CVE-2008-0048 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API.

6.8
2008-03-18 CVE-2008-1370 Wildmary Code Injection vulnerability in Wildmary YAP Blog 1.1

PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

6.8
2008-03-20 CVE-2008-1397 Checkpoint Permissions, Privileges, and Access Controls vulnerability in Checkpoint products

Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint.

6.5
2008-03-17 CVE-2008-1358 Altn Buffer Errors vulnerability in Altn Mdaemon 9.6.4

Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY.

6.5
2008-03-18 CVE-2008-0054 Apple Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server

Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.

6.4
2008-03-17 CVE-2008-1365 Trend Micro Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Officescan Corporate Edition

Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.

6.4
2008-03-17 CVE-2008-1356 SUN Improper Authentication vulnerability in SUN Solaris 10

Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash.

6.3
2008-03-20 CVE-2008-1333 Asterisk USE of Externally-Controlled Format String vulnerability in Asterisk Open Source

Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function.

5.8
2008-03-18 CVE-2008-0992 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.

5.8
2008-03-18 CVE-2008-0059 Apple Race Condition vulnerability in Apple mac OS X and mac OS X Server

Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."

5.8
2008-03-18 CVE-2008-0058 Apple Race Condition vulnerability in Apple mac OS X and mac OS X Server

Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.

5.8
2008-03-18 CVE-2008-0044 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL.

5.8
2008-03-17 CVE-2008-1357 Mcafee USE of Externally-Controlled Format String vulnerability in Mcafee products

Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082.

5.4
2008-03-20 CVE-2008-1415 Riceball Path Traversal vulnerability in Riceball multiple Time Sheets 5.0

Directory traversal vulnerability in index.php in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to read arbitrary files via "../..//" (modified dot dot) sequences in the tab parameter.

5.0
2008-03-20 CVE-2008-1411 Acronis Improper Input Validation vulnerability in Acronis Snap Deploy 2.0.0.1076

The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.

5.0
2008-03-20 CVE-2008-1400 MG Soft Path Traversal vulnerability in Mg-Soft NET Inspector 6.5.0.828

Directory traversal vulnerability in the Net Inspector HTTP Server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot slash) in the URI.

5.0
2008-03-18 CVE-2008-0050 Apple Information Exposure vulnerability in Apple mac OS X and mac OS X Server

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.

5.0
2008-03-18 CVE-2008-0046 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions.

5.0
2008-03-17 CVE-2008-1366 Trend Micro Improper Input Validation vulnerability in Trend Micro Officescan Corporate Edition

Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or (2) invalid characters in unspecified CGI arguments, which triggers a NULL pointer dereference.

5.0
2008-03-17 CVE-2008-1352 Hangzhou Network Technology Development Path Traversal vulnerability in Hangzhou Network Technology Development Ediorcms 3.0

Directory traversal vulnerability in search.php in EdiorCMS (ecms) 3.0 allows remote attackers to read arbitrary files via a ..

5.0
2008-03-17 CVE-2008-1343 SCO Path Traversal vulnerability in SCO Unixware 7.1.4

Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors.

4.9
2008-03-18 CVE-2008-0990 Apple Information Exposure vulnerability in Apple mac OS X and mac OS X Server

notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications.

4.4
2008-03-20 CVE-2008-1432 Manageengine Cross-Site Scripting vulnerability in Manageengine Supportcenter Plus 7.0.0

Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299.

4.3
2008-03-20 CVE-2008-1428 Drupal Cross-Site Scripting vulnerability in Drupal Ubercart Module

Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product.

4.3
2008-03-20 CVE-2008-1414 Riceball Cross-Site Scripting vulnerability in Riceball multiple Time Sheets

Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php, (3) invoices.php, (4) smartlinks.php, and (5) todo.php, as demonstrated using a META tag.

4.3
2008-03-20 CVE-2008-1413 Snews Cross-Site Scripting vulnerability in Snews CMS RUS 2.1/2.3/2.4

Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus 2.1 through 2.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

4.3
2008-03-20 CVE-2008-1410 Acronis Path Traversal vulnerability in Acronis Snap Deploy 2.0.0.1076

Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.

4.3
2008-03-20 CVE-2008-1401 MG Soft USE of Externally-Controlled Format String vulnerability in Mg-Soft NET Inspector

Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file.

4.3
2008-03-20 CVE-2008-1399 Clansphere Cross-Site Scripting vulnerability in Clansphere 2008

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Clansphere 2008 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-03-20 CVE-2008-1012 Apple Improper Input Validation vulnerability in Apple Airport Extreme Base Station

Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input validation."

4.3
2008-03-20 CVE-2008-1396 Plone Credentials Management vulnerability in Plone CMS

Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network.

4.3
2008-03-20 CVE-2008-0164 Plone Cross-Site Request Forgery (CSRF) vulnerability in Plone CMS 3.0.5/3.0.6

Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page.

4.3
2008-03-20 CVE-2007-4592 IBM Cross-Site Scripting vulnerability in IBM Rational Clearquest

Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.

4.3
2008-03-19 CVE-2008-1011 Apple Cross-Site Scripting vulnerability in Apple Safari

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame.

4.3
2008-03-19 CVE-2008-1009 Apple Cross-Site Scripting vulnerability in Apple Safari

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.

4.3
2008-03-19 CVE-2008-1008 Apple Cross-Site Scripting vulnerability in Apple Safari

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.

4.3
2008-03-19 CVE-2008-1007 Apple Cross-Site Scripting vulnerability in Apple Safari

WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

4.3
2008-03-19 CVE-2008-1006 Apple Cross-Site Scripting vulnerability in Apple Safari

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.

4.3
2008-03-19 CVE-2008-1004 Apple Cross-Site Scripting vulnerability in Apple Safari

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector.

4.3
2008-03-19 CVE-2008-1003 Apple Cross-Site Scripting vulnerability in Apple Safari

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain.

4.3
2008-03-19 CVE-2008-1002 Apple Cross-Site Scripting vulnerability in Apple Safari

Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL.

4.3
2008-03-19 CVE-2008-1001 Microsoft
Apple
Cross-Site Scripting vulnerability in Apple Safari

Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page.

4.3
2008-03-18 CVE-2008-0988 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read.

4.3
2008-03-18 CVE-2008-1372 Bzip Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bzip Bzip2

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

4.3
2008-03-18 CVE-2008-1368 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 5/6

CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166.

4.3
2008-03-17 CVE-2008-1360 Nagios Cross-Site Scripting vulnerability in Nagios

Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624.

4.3
2008-03-17 CVE-2008-1359 Invision Power Services Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board

Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913.

4.3
2008-03-17 CVE-2008-1355 Jeeblestechnology Cross-Site Scripting vulnerability in Jeeblestechnology Jeebles Directory 2.9.60

Cross-site scripting (XSS) vulnerability in index.php in Jeebles Technology Jeebles Directory 2.9.60 allows remote attackers to inject arbitrary web script or HTML via the path parameter.

4.3
2008-03-17 CVE-2008-1353 Zabbix Denial of Service vulnerability in ZABBIX File Checksum Request

zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero.

4.3
2008-03-17 CVE-2008-1348 Ewebsite Cross-Site Scripting vulnerability in Ewebsite Eweather

Cross-site scripting (XSS) vulnerability in index.php in the eWebsite eWeather (Weather) module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the chart parameter to modules.php.

4.3
2008-03-17 CVE-2008-1347 Myiosoft Cross-Site Scripting vulnerability in Myiosoft Easycalendar 4.0Tr

Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the q parameter in an about action to the help system.

4.3
2008-03-17 CVE-2008-1345 Myiosoft Cross-Site Scripting vulnerability in Myiosoft Easycalendar 4.0Tr

Cross-site scripting (XSS) vulnerability in plugins/calendar/calendar_backend.php in MyioSoft EasyCalendar 4.0tr and earlier allows remote attackers to inject arbitrary web script or HTML via the day parameter in a dayview action.

4.3
2008-03-17 CVE-2008-1342 Polymita Technologies Cross-Site Scripting vulnerability in Polymita Technologies BPM Suite and Collageportal

Multiple cross-site scripting (XSS) vulnerabilities in the search feature in Polymita BPM-Suite and CollagePortal allow remote attackers to inject arbitrary web script or HTML via the (1) _q and (2) lucene_index_field_value parameters.

4.3

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-03-18 CVE-2008-1371 Drake Team Path Traversal vulnerability in Drake Team Drake CMS 0.4.11Rc8

Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter.

3.6
2008-03-18 CVE-2008-1330 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Groupwise

Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker.

3.5
2008-03-18 CVE-2008-0995 Apple Information Exposure vulnerability in Apple mac OS X and mac OS X Server

The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.

2.6
2008-03-18 CVE-2008-0994 Apple Information Exposure vulnerability in Apple mac OS X and mac OS X Server

Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods.

2.6
2008-03-20 CVE-2008-1431 Raidsonic Technology Cryptographic Issues vulnerability in Raidsonic Technology Firmware 2.6.0N

RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key.

2.1
2008-03-19 CVE-2008-1005 Apple Information Exposure vulnerability in Apple Safari

WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.

2.1
2008-03-18 CVE-2008-0993 Apple Information Exposure vulnerability in Apple Podcast Producer

Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings.

2.1
2008-03-18 CVE-2008-1383 Gentoo Cryptographic Issues vulnerability in Gentoo Linux

The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.

1.9
2008-03-18 CVE-2008-0049 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications.

1.9
2008-03-18 CVE-2008-0996 Apple Information Exposure vulnerability in Apple mac OS X and mac OS X Server

The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.

1.7