Weekly Vulnerabilities Reports > March 24 to 30, 2008

Overview

114 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 37 high severity vulnerabilities. This weekly summary report vulnerabilities in 130 products from 86 vendors including Zyxel, Mozilla, Cisco, Joomla, and Microsoft. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", and "Permissions, Privileges, and Access Controls".

  • 110 reported vulnerabilities are remotely exploitables.
  • 28 reported vulnerabilities have public exploit available.
  • 47 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 108 reported vulnerabilities are exploitable by an anonymous user.
  • Zyxel has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-03-28 CVE-2008-0704 HP Permissions, Privileges, and Access Controls vulnerability in HP Open VMS Tcp-Ip Services

Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Services on OpenVMS on the Alpha platform with 5.4 before ECO 7, and on the Integrity and Alpha platforms with 5.5 before ECO 3 and 5.6 before ECO 2, allows remote attackers to obtain unspecified access via unknown vectors.

10.0
2008-03-25 CVE-2008-1491 Asus Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Asus Remote Console 2.0.0.19/2.0.0.24

Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623.

10.0
2008-03-24 CVE-2007-6711 Freewebshop Permissions, Privileges, and Access Controls vulnerability in Freewebshop 2.2.5/2.2.6/2.2.7Wip12

Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2.2.6 and 2.2.7WIP1/2 allows remote attackers to gain administrator privileges via unknown vectors.

10.0
2008-03-27 CVE-2008-1530 Gnupg Resource Management Errors vulnerability in Gnupg 1.4.8/2.0.8

GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."

9.3
2008-03-27 CVE-2008-1235 Mozilla Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals."

9.3
2008-03-25 CVE-2008-1490 Aurigma
Piczo
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4.ocx 4.1.36.0, as used with Piczo (aka Pizco) and possibly other online services, allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long Action property, a different CLSID than CVE-2008-0659.

9.3
2008-03-25 CVE-2008-1092 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Word

Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008.

9.3
2008-03-24 CVE-2008-1472 Computer Associates
Unicenter
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.

9.3
2008-03-24 CVE-2008-0951 Microsoft Code Injection vulnerability in Microsoft Windows Vista

Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions.

9.3
2008-03-24 CVE-2008-1465 Detodas
Joomla
Mambo Foundation
SQL Injection vulnerability in Detodas COM Restaurante 1.0

SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562.

9.3
2008-03-24 CVE-2008-1390 Asterisk Credentials Management vulnerability in Asterisk products

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.

9.3
2008-03-25 CVE-2008-1498 Netwin Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netwin Surgemail

Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command.

9.0
2008-03-25 CVE-2008-1497 Netwin Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netwin Surgemail

Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.

9.0

37 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-03-28 CVE-2008-1546 Mitsubishi Electric Remote Authentication Bypass vulnerability in Mitsubishi Electric GB 50/50A

servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command.

7.8
2008-03-27 CVE-2008-1152 Cisco Resource Management Errors vulnerability in Cisco IOS and IOS

The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets.

7.8
2008-03-24 CVE-2008-1461 Xnview Buffer Errors vulnerability in Xnview 1.92.1

Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line.

7.6
2008-03-28 CVE-2008-1543 Airspan Credentials Management vulnerability in Airspan Prost web Management

The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262.

7.5
2008-03-28 CVE-2008-1542 Airspan Credentials Management vulnerability in Airspan Base Station Distribution Unit

Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262.

7.5
2008-03-28 CVE-2008-1540 Joomla
Mambo
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

7.5
2008-03-28 CVE-2008-1539 Futurenuke SQL Injection vulnerability in Futurenuke PHP Nuke Platinum 7.6.B.5

SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary SQL commands via the p parameter to modules.php for the Forums module.

7.5
2008-03-28 CVE-2008-1535 Matti Kiviharju Improper Input Validation vulnerability in Matti Kiviharju Rekry Component 1.0.0

SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php.

7.5
2008-03-28 CVE-2008-1534 Powerscripts Path Traversal vulnerability in Powerscripts Powerphpboard 1.00B

Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b allow remote attackers to include and execute arbitrary local files via a ..

7.5
2008-03-28 CVE-2008-0926 Novell Improper Authentication vulnerability in Novell Edirectory

The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files.

7.5
2008-03-27 CVE-2008-1391 Freebsd
Netbsd
Numeric Errors vulnerability in multiple products

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.

7.5
2008-03-26 CVE-2008-1527 Zyxel Cryptographic Issues vulnerability in Zyxel Prestige 660, Prestige 661 and Zynos

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), support authentication over HTTP via a hash string in the hiddenPassword field, which allows remote attackers to obtain access via a replay attack.

7.5
2008-03-26 CVE-2008-1524 Zyxel Configuration vulnerability in Zyxel Prestige 660, Prestige 661 and Zynos

The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has "public" as its default community for both (1) read and (2) write operations, which allows remote attackers to perform administrative actions via SNMP, as demonstrated by reading the Dynamic DNS service password or inserting an XSS sequence into the system.sysName.0 variable, which is displayed on the System Status page.

7.5
2008-03-26 CVE-2008-1522 Zyxel Configuration vulnerability in Zyxel Prestige 660, Prestige 661 and Zynos

ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), have (1) "user" as their default password for the "user" account and (2) "1234" as their default password for the "admin" account, which makes it easier for remote attackers to obtain access.

7.5
2008-03-25 CVE-2008-1512 Phpbb Path Traversal vulnerability in PHPbb Module XS 2.3.1/2.4.0

Directory traversal vulnerability in admin/admin_xs.php in eXtreme Styles module (XS-Mod) 2.3.1 and 2.4.0 for phpBB allows remote attackers to include and execute arbitrary files via a ..

7.5
2008-03-25 CVE-2008-1511 Oocomments Code Injection vulnerability in Oocomments 1.0

Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and (2) classes/class_comments.php.

7.5
2008-03-25 CVE-2008-1509 Xlportal SQL Injection vulnerability in Xlportal

SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the query parameter.

7.5
2008-03-25 CVE-2008-1508 Efestech SQL Injection vulnerability in Efestech E-Kontor

SQL injection vulnerability in EfesTech E-Kontör and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-03-25 CVE-2008-1507 Peel Configuration vulnerability in Peel 1.0B/2.6/2.7

PEEL, possibly 3.x and earlier, has (1) a default [email protected] account with password admin, and (2) a default [email protected] account with password cinema, which allows remote attackers to gain administrative access.

7.5
2008-03-25 CVE-2008-1505 Joomla
Sstreamtv
Code Injection vulnerability in Sstreamtv Custompages

PHP remote file inclusion vulnerability in the SSTREAMTV custompages (com_custompages) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the cpage parameter to index.php.

7.5
2008-03-25 CVE-2008-1496 Peel SQL Injection vulnerability in Peel 1.0B/2.6/2.7

Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in factures/facture_html.php.

7.5
2008-03-25 CVE-2008-1494 Easy Clanpage SQL Injection vulnerability in Easy-Clanpage 2.2

SQL injection vulnerability in inc/module/online.php in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a user details action, a different vector than CVE-2008-1425.

7.5
2008-03-25 CVE-2008-1493 Cuteflow BIN Path Traversal vulnerability in Cuteflow-Bin Cuteflow BIN 1.5

Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-03-25 CVE-2008-1492 Coronamatrix Improper Input Validation vulnerability in Coronamatrix PHPaddressbook 2.11

Multiple directory traversal vulnerabilities in CoronaMatrix phpAddressBook 2.11 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2008-03-25 CVE-2008-1160 Zyxel Unspecified vulnerability in Zyxel Zywall 1050

ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.

7.5
2008-03-24 CVE-2008-1466 W Agora Code Injection vulnerability in W-Agora 4.0

Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php.

7.5
2008-03-24 CVE-2008-1464 Gallarific SQL Injection vulnerability in Gallarific 1.1

Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) query parameter to (a) search.php; (2) gusername and (3) gpassword parameters to (b) login.php; and the (4) username and (5) password parameters to (c) gadmin/index.php in a signin action.

7.5
2008-03-24 CVE-2008-1460 Joomla
Mambo
Joomlapixel
SQL Injection vulnerability in Joomlapixel COM Joovideo 1.0/1.2.2

SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

7.5
2008-03-24 CVE-2008-1459 Joomla
Mambo
Joomlaitalia
Mamboitalia
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

7.5
2008-03-24 CVE-2008-1289 Asterisk Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Asterisk products

Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.

7.5
2008-03-24 CVE-2008-1473 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution

The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack.

7.2
2008-03-24 CVE-2008-1471 Microsoft
Panda
Resource Management Errors vulnerability in Panda products

The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory.

7.2
2008-03-28 CVE-2008-1544 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer 5.01/6/7

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header.

7.1
2008-03-27 CVE-2008-1151 Cisco Resource Management Errors vulnerability in Cisco IOS

Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566.

7.1
2008-03-27 CVE-2008-1150 Cisco Resource Management Errors vulnerability in Cisco IOS

The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309.

7.1
2008-03-27 CVE-2008-1153 Cisco Denial Of Service vulnerability in Cisco IOS and IOS

Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device.

7.1
2008-03-27 CVE-2008-0537 Cisco Unspecified vulnerability in Cisco Route Switch Processor and Supervisor Engine

Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors.

7.1

63 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-03-24 CVE-2008-1483 Openbsd Permissions, Privileges, and Access Controls vulnerability in Openbsd Openssh 4.3P2

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.

6.9
2008-03-28 CVE-2008-1537 Powerscripts Path Traversal vulnerability in Powerscripts Powerbook 1.21

Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-03-28 CVE-2008-0924 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Edirectory

Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field.

6.8
2008-03-28 CVE-2008-1533 Joomla Unspecified vulnerability in Joomla! XML-RPC Blogger API

Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors.

6.8
2008-03-27 CVE-2008-1237 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.

6.8
2008-03-27 CVE-2008-1236 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.

6.8
2008-03-27 CVE-2008-1233 Mozilla Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."

6.8
2008-03-25 CVE-2008-1513 Danneo SQL Injection vulnerability in Danneo CMS

SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.

6.8
2008-03-25 CVE-2008-1489 Videolan Numeric Errors vulnerability in Videolan VLC 0.8.6E

Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.

6.8
2008-03-24 CVE-2008-1488 Pecl PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pecl-PHP Alternative PHP Cache

Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) 3.0.11 through 3.0.16 allows remote attackers to execute arbitrary code via a long filename.

6.8
2008-03-24 CVE-2008-1486 Phorum SQL Injection vulnerability in Phorum

SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.

6.8
2008-03-24 CVE-2008-1482 Xine Buffer Errors vulnerability in Xine Xine-Lib 1.1.11

Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.

6.8
2008-03-24 CVE-2008-0073 Redhat
Xine
Numeric Errors vulnerability in Xine Xine-Lib 1.1.10.1

Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.

6.8
2008-03-24 CVE-2008-1467 Centerim Code Injection vulnerability in Centerim 4.22.3

** DISPUTED ** CenterIM 4.22.3 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to "received URLs in the message window." NOTE: this issue has been disputed due to the user-assisted nature, since the URL must be selected and launched by the victim.

6.8
2008-03-24 CVE-2008-1462 Runcms SQL Injection vulnerability in Runcms

SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action.

6.8
2008-03-24 CVE-2008-1201 Adobe Code Injection vulnerability in Adobe Flash Basic/Professional

Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Windows allow user-assisted remote attackers to execute arbitrary code via a crafted .FLA file.

6.8
2008-03-26 CVE-2008-1521 Zyxel Permissions, Privileges, and Access Controls vulnerability in Zyxel Prestige 660, Prestige 661 and Zynos

ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to gain privileges by accessing administrative URIs, as demonstrated by rpSysAdmin.html.

6.5
2008-03-25 CVE-2008-1495 Peel Improper Input Validation vulnerability in Peel 1.0B/2.6/2.7

Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by (1) image/gif and (2) application/pdf.

6.5
2008-03-24 CVE-2008-1475 Roundup Tracker Permissions, Privileges, and Access Controls vulnerability in Roundup-Tracker Roundup

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.

6.4
2008-03-24 CVE-2008-1469 Gallarific Improper Authentication vulnerability in Gallarific 1.1

Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327.

6.4
2008-03-27 CVE-2008-1156 Cisco Information Exposure vulnerability in Cisco IOS and IOS

Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message.

5.1
2008-03-28 CVE-2008-1240 Mozilla Remote vulnerability in Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12

LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine.

5.0
2008-03-28 CVE-2008-1532 Perlbal Improper Input Validation vulnerability in Perlbal

Perlbal before 1.70, when buffered upload is enabled, allows remote attackers to cause a denial of service (crash) via a zero-byte chunked upload.

5.0
2008-03-27 CVE-2008-1384 PHP Numeric Errors vulnerability in PHP

Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions).

5.0
2008-03-27 CVE-2008-1238 Mozilla Improper Authentication vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms.

5.0
2008-03-26 CVE-2008-1529 Zyxel Credentials Management vulnerability in Zyxel Prestige 660, Prestige 661 and Zynos

ZyXEL Prestige routers have a minimum password length for the admin account that is too small, which makes it easier for remote attackers to guess passwords via brute force methods.

5.0
2008-03-26 CVE-2008-1526 Zyxel Cryptographic Issues vulnerability in Zyxel Prestige 660, Prestige 661 and Zynos

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords.

5.0
2008-03-26 CVE-2008-1525 Zyxel Configuration vulnerability in Zyxel Prestige 660, Prestige 661 and Zynos

The default SNMP configuration on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has a Trusted Host value of 0.0.0.0, which allows remote attackers to send SNMP requests from any source IP address.

5.0
2008-03-26 CVE-2008-1523 Zyxel Information Exposure vulnerability in Zyxel Prestige 660, Prestige 661 and Zynos

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain ISP and Dynamic DNS credentials by sending a direct request for (1) WAN.html, (2) wzPPPOE.html, and (3) rpDyDNS.html, and then reading the HTML source.

5.0
2008-03-25 CVE-2008-1506 Peel Information Exposure vulnerability in Peel 1.0B/2.6/2.7

PEEL, possibly 3.x and earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.

5.0
2008-03-25 CVE-2008-1501 Ircu
Quakenet
Remote Denial of Service vulnerability in snircd And ircu 'set_user_mode'

The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.12 and earlier, (2) snircd 1.3.4 and earlier, and unspecified other ircu derivatives allows remote attackers to cause a denial of service (daemon crash) via a malformed MODE command.

5.0
2008-03-24 CVE-2008-1478 ARI Pikivirta Improper Input Validation vulnerability in ARI Pikivirta Home FTP Server 1.4.5.89

Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of service (crash) by opening a FTP passive mode connection, then closing the original FTP connection.

5.0
2008-03-26 CVE-2008-1514 Linux Resource Management Errors vulnerability in Linux Kernel

arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions before 2.6.27-rc6, on s390 platforms allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite in 31-bit mode, which triggers an invalid dereference.

4.9
2008-03-28 CVE-2008-1545 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer 7.0/7.0.5730.11

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size.

4.3
2008-03-28 CVE-2008-1541 HIS Path Traversal vulnerability in HIS Webshop 2.50

Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS Webshop 2.50 allows remote attackers to read arbitrary files via a ..

4.3
2008-03-28 CVE-2008-1538 Manageengine Cross-Site Scripting vulnerability in Manageengine Eventlog Analyzer 5

Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.

4.3
2008-03-28 CVE-2008-1536 Picturespro Cross-Site Scripting vulnerability in Picturespro Photo Cart 4.1

Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro (aka Tim Grissett) Photo Cart 4.1 allows remote attackers to inject arbitrary web script or HTML via the amessage parameter.

4.3
2008-03-27 CVE-2008-1531 Lighttpd
Debian
Denial of Service vulnerability in Lighttpd SSL Error

The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.

4.3
2008-03-27 CVE-2008-1241 Mozilla Link Following vulnerability in Mozilla Firefox and Seamonkey

GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.

4.3
2008-03-27 CVE-2008-1234 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers."

4.3
2008-03-25 CVE-2008-1510 Alkacon Cross-Site Scripting vulnerability in Alkacon Opencms 7.0.3

Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter.

4.3
2008-03-25 CVE-2008-1504 Phpheaven Cross-Site Scripting vulnerability in PHPheaven PHPmychat 0.14.5

Cross-site scripting (XSS) vulnerability in setup.php3 in phpHeaven phpMyChat 0.14.5 allows remote attackers to inject arbitrary web script or HTML via the Lang parameter.

4.3
2008-03-25 CVE-2008-1503 F5 Cross-Site Scripting vulnerability in F5 Tmos 9.4.3

Cross-site scripting (XSS) vulnerability in the web management interface in F5 BIG-IP 9.4.3 allows remote attackers to inject arbitrary web script or HTML via (1) the name of a node object, or the (2) sysContact or (3) sysLocation SNMP configuration field, aka "Audit Log XSS." NOTE: these issues might be resultant from cross-site request forgery (CSRF) vulnerabilities.

4.3
2008-03-25 CVE-2008-1502 Egroupware
Moodle
Cross-Site Scripting vulnerability in multiple products

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

4.3
2008-03-25 CVE-2008-1500 Tinyportal Cross-Site Scripting vulnerability in Tinyportal 0.8.6/1.0.3

Cross-site scripting (XSS) vulnerability in index.php in TinyPortal 0.8.6 and 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter.

4.3
2008-03-25 CVE-2008-1499 Cpanel Cross-Site Scripting vulnerability in Cpanel 11.18.3/11.21

Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.

4.3
2008-03-24 CVE-2008-1487 Linpha Cross-Site Scripting vulnerability in Linpha

Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php.

4.3
2008-03-24 CVE-2008-1485 Punbb Cross-Site Scripting vulnerability in Punbb

Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php.

4.3
2008-03-24 CVE-2008-1481 Webspell Cross-Site Scripting vulnerability in Webspell 4.1.2

Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter.

4.3
2008-03-24 CVE-2008-1480 SUN Remote Denial of Service vulnerability in Sun Solaris 'rpc.metad'

rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial of service (daemon crash) via a malformed RPC request.

4.3
2008-03-24 CVE-2008-1479 Cyberfrogs Cross-Site Scripting vulnerability in Cyberfrogs Cfnetgs 0.24

Cross-site scripting (XSS) vulnerability in index.php in cyberfrogs.net cfnetgs 0.24 allows remote attackers to inject arbitrary web script or HTML via the directory parameter.

4.3
2008-03-24 CVE-2008-1477 Jcorporate Cross-Site Scripting vulnerability in Jcorporate Eforum 0.4

Multiple cross-site scripting (XSS) vulnerabilities in busca.php in eForum 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) busca and (2) link parameters.

4.3
2008-03-24 CVE-2008-1476 Serendipity Cross-Site Scripting vulnerability in Serendipity

Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks.

4.3
2008-03-24 CVE-2008-1474 Roundup Tracker Cross-Site Scripting vulnerability in Roundup-Tracker Roundup

Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).

4.3
2008-03-24 CVE-2008-1470 RSA Cross-Site Scripting vulnerability in RSA Webid 5.3

Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.

4.3
2008-03-24 CVE-2008-0125 Phpstats Cross-Site Scripting vulnerability in PHPstats 0.1Alpha

Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wagner phpstats 0.1 alpha allows remote attackers to inject arbitrary web script or HTML via the baseDir parameter.

4.3
2008-03-24 CVE-2008-1468 Namazu Cross-Site Scripting vulnerability in Namazu

Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350.

4.3
2008-03-24 CVE-2008-1463 Imperva Cross-Site Scripting vulnerability in Imperva Securesphere and Securesphere MX Management Server

Cross-site scripting (XSS) vulnerability in the management GUI in Imperva SecureSphere MX Management Server 5.0 allows remote attackers to inject arbitrary web script or HTML via an invalid or prohibited request to a web server protected by SecureSphere, which triggers injection into the "corrective action" section of an alert page.

4.3
2008-03-24 CVE-2008-1458 CS Cart Cross-Site Scripting vulnerability in Cs-Cart 1.3.2

Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action.

4.3
2008-03-24 CVE-2008-1292 Gentoo
Redhat
Viewvc
Information Exposure vulnerability in Viewvc 1.0.2/1.0.3

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.

4.3
2008-03-24 CVE-2008-1291 Gentoo
Redhat
Viewvc
Information Exposure vulnerability in Viewvc 1.0.2/1.0.3

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.

4.3
2008-03-24 CVE-2008-1290 Gentoo
Redhat
Viewvc
Information Exposure vulnerability in Viewvc 1.0.2/1.0.3

ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.

4.3
2008-03-26 CVE-2008-1528 Zyxel Improper Authentication vulnerability in Zyxel Prestige 660, Prestige 661 and Zynos

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys.

4.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-03-24 CVE-2008-1484 Punbb Permissions, Privileges, and Access Controls vulnerability in Punbb

The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account.

3.5