Weekly Vulnerabilities Reports > March 31 to April 6, 2008
Overview
109 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 112 products from 81 vendors including Apple, IBM, HP, Wireshark, and Myiosoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", and "Path Traversal".
- 85 reported vulnerabilities are remotely exploitables.
- 29 reported vulnerabilities have public exploit available.
- 45 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 102 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 11 reported vulnerabilities.
- Cisco has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
10 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-04-06 | CVE-2008-1602 | Orbit Downloader | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Orbit Downloader Orbit Downloader 2.6.3/2.6.4 Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows remote attackers to execute arbitrary code via a long download URL, which is not properly handled during Unicode conversion for a balloon notification after a download has failed. | 10.0 |
2008-04-04 | CVE-2008-1681 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Content Manager Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege. | 10.0 |
2008-04-04 | CVE-2008-1154 | Cisco | Improper Authentication vulnerability in Cisco products The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2008-04-02 | CVE-2008-1331 | Alcatel Lucent | Improper Input Validation vulnerability in Alcatel-Lucent Omnipcx Office cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter. | 10.0 |
2008-04-02 | CVE-2008-1633 | Mondo | Unspecified vulnerability in Mondo Rescue Prior to 2.2.5 Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown impact and attack vectors, related to the use of (1) /tmp and (2) MINDI_CACHE. | 10.0 |
2008-04-01 | CVE-2008-1611 | Tftp Server | Buffer Errors vulnerability in Tftp-Server Winagents Tftp Server Sp1.4 Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request. | 10.0 |
2008-03-31 | CVE-2008-1558 | Mplayer | Numeric Errors vulnerability in Mplayer 1.0Rc2 Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. | 10.0 |
2008-04-06 | CVE-2008-0311 | Borland | Buffer Errors vulnerability in Borland Caliberrm 2006 Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request. | 9.3 |
2008-04-04 | CVE-2007-5661 | Macrovision | Code Injection vulnerability in Macrovision Installshield The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine. | 9.3 |
2008-04-02 | CVE-2008-1647 | Chilkat Software | Improper Input Validation vulnerability in Chilkat Software Chilkathttp Activex The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. | 9.3 |
29 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-04-04 | CVE-2008-0555 | Apache SSL | Improper Input Validation vulnerability in Apache-Ssl 1.3.341.57 The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables. | 7.5 |
2008-04-02 | CVE-2008-1651 | Myiosoft | Path Traversal vulnerability in Myiosoft Easynews 4.0Tr Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-04-02 | CVE-2008-1650 | Myiosoft | SQL Injection vulnerability in Myiosoft Easynews 4.0Tr SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_News action. | 7.5 |
2008-04-02 | CVE-2008-1646 | Arnos Toolbox Wordpress | SQL Injection vulnerability in multiple products SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter. | 7.5 |
2008-04-02 | CVE-2008-1645 | Guillaume Meister | Path Traversal vulnerability in Guillaume Meister PHP Spammanager 0.53 Directory traversal vulnerability in body.php in phpSpamManager (phpSM) 0.53 beta allows remote attackers to read arbitrary local files via a .. | 7.5 |
2008-04-02 | CVE-2008-1644 | Savas Place | SQL Injection vulnerability in Savas Place Savas Link Manager 2.0 SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. | 7.5 |
2008-04-02 | CVE-2008-1642 | Savas Place | Path Traversal vulnerability in Savas Place Savas Guestbook 2.0 Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter. | 7.5 |
2008-04-02 | CVE-2008-1641 | Efestech | SQL Injection vulnerability in Efestech Video 5.0 SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter. | 7.5 |
2008-04-02 | CVE-2008-1640 | JGS XA | SQL Injection vulnerability in Jgs-Xa JGS Treffen 2.0.1 SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treffen 2.0.2 and earlier addon for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the view_id parameter in an ansicht action. | 7.5 |
2008-04-02 | CVE-2008-1639 | Neat WEB | SQL Injection vulnerability in Neat web Neat-Web 0.2 SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php. | 7.5 |
2008-04-02 | CVE-2008-1635 | Raven PHP Scripts | Path Traversal vulnerability in Raven PHP Scripts Keep IT Simple Guest Book Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-04-02 | CVE-2008-1632 | Emedia Office Gmbh | SQL Injection vulnerability in Emedia Office Gmbh Cuteflow Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) listid parameter to pages/editmailinglist_step1.php, the (2) userid parameter to pages/edituser.php, the (3) fieldid parameter to pages/editfield.php, and the (4) templateid to pages/edittemplate_step1.php. | 7.5 |
2008-04-02 | CVE-2008-1631 | Emedia Office Gmbh | SQL Injection vulnerability in Emedia Office Gmbh Cuteflow 1.5.0/2.10.0 SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php. | 7.5 |
2008-04-02 | CVE-2008-1626 | Eggblog | Improper Input Validation vulnerability in Eggblog SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. | 7.5 |
2008-04-02 | CVE-2008-1624 | Whorl LTD | Path Traversal vulnerability in Whorl LTD Jshop Server 1/2 Directory traversal vulnerability in v2demo/page.php in Jshop Server 1.x through 2.x allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-04-02 | CVE-2008-1623 | Lotus WEB Studios INC | SQL Injection vulnerability in Lotus web Studios INC Smoothflash SQL injection vulnerability in admin_view_image.php in Smoothflash allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
2008-04-02 | CVE-2008-1620 | 2X | Path Traversal vulnerability in 2X Thinclientserver Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0.0 and earlier in 2X ThinClientServer 5.0_sp1-r3497 and earlier allows remote attackers to read or overwrite arbitrary files via a ... | 7.5 |
2008-04-01 | CVE-2008-1610 | Tallsoft Quick | Buffer Errors vulnerability in Tallsoft Quick Tftp Server PRO 2.1 Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long mode field in a read or write request. | 7.5 |
2008-04-01 | CVE-2008-1608 | Clever Copy | SQL Injection vulnerability in Clever Copy Clever Copy 3.0 SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583. | 7.5 |
2008-03-31 | CVE-2008-1591 | Postnuke | SQL Injection vulnerability in Postnuke The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable). | 7.5 |
2008-03-31 | CVE-2008-1568 | Comix | Improper Input Validation vulnerability in Comix 3.6.4 comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs. | 7.5 |
2008-03-31 | CVE-2008-1565 | Hotscripts Phpbb | Path Traversal vulnerability in multiple products Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0.5 module for phpBB allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-03-31 | CVE-2008-1551 | Runcms | SQL Injection vulnerability in Runcms Photo Module and Runcms SQL injection vulnerability in viewcat.php in the Photo 3.02 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
2008-03-31 | CVE-2008-1601 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3 Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges. | 7.2 |
2008-03-31 | CVE-2008-1600 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3/6.1 The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329. | 7.2 |
2008-03-31 | CVE-2008-1599 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3/6.1 The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat. | 7.2 |
2008-03-31 | CVE-2008-1596 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3/6.1 Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks in the TSD_FILES_LOCK policy for modifications performed via hard links, a different vulnerability than CVE-2007-6680. | 7.2 |
2008-03-31 | CVE-2008-1593 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3/6.1 The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function. | 7.2 |
2008-03-31 | CVE-2008-0706 | Compaq HP | Improper Authentication vulnerability in multiple products Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password. | 7.2 |
68 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-03-31 | CVE-2008-1570 | Policyd Weight | Race Condition vulnerability in Policyd-Weight 0.1.14Beta14 Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. | 6.9 |
2008-04-04 | CVE-2008-1682 | Elearningforce | Code Injection vulnerability in Elearningforce Online Flashquiz 1.0.2 PHP remote file inclusion vulnerability in quiz/common/db_config.inc.php in the Online FlashQuiz (com_onlineflashquiz) 1.0.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter. | 6.8 |
2008-04-04 | CVE-2008-1023 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file. | 6.8 |
2008-04-04 | CVE-2008-1022 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size. | 6.8 |
2008-04-04 | CVE-2008-1021 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding. | 6.8 |
2008-04-04 | CVE-2008-1020 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages. | 6.8 |
2008-04-04 | CVE-2008-1019 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop. | 6.8 |
2008-04-04 | CVE-2008-1018 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom. | 6.8 |
2008-04-04 | CVE-2008-1017 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. | 6.8 |
2008-04-04 | CVE-2008-1016 | Apple | Code Injection vulnerability in Apple Quicktime Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption. | 6.8 |
2008-04-04 | CVE-2008-1015 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. | 6.8 |
2008-04-04 | CVE-2008-1013 | Apple | Remote vulnerability in Apple QuickTime Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet. | 6.8 |
2008-04-02 | CVE-2008-1653 | Savas Place | Path Traversal vulnerability in Savas Place Savas Link Manager 2.0 Directory traversal vulnerability in index.php in Sava's Link Manager 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the q parameter. | 6.8 |
2008-04-02 | CVE-2008-1638 | NIK Software INC | Permissions, Privileges, and Access Controls vulnerability in NIK Software INC NIK Sharpener PRO 2.0 Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse. | 6.8 |
2008-04-02 | CVE-2008-1637 | Powerdns | Numeric Errors vulnerability in Powerdns Recursor PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information. | 6.8 |
2008-04-02 | CVE-2008-1625 | Avast | Permissions, Privileges, and Access Controls vulnerability in Avast Antivirus Home and Avast Antivirus Professional aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests. | 6.8 |
2008-04-02 | CVE-2008-1622 | Geertsen Holdings INC | Code Injection vulnerability in Geertsen Holdings INC Geecarts Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow remote attackers to execute arbitrary PHP code via a URL in the id parameter to (1) show.php, (2) search.php, and (3) view.php. | 6.8 |
2008-04-02 | CVE-2008-0069 | Pierreegougelet | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pierreegougelet Xnview Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than CVE-2008-1461. | 6.8 |
2008-04-01 | CVE-2008-1609 | JAF CMS | Code Injection vulnerability in JAF CMS JAF CMS 4.0Rc2 Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter to forum/forum.php. | 6.8 |
2008-04-01 | CVE-2008-1607 | Serby Arslanhan | SQL Injection vulnerability in Serby Arslanhan Bomba Haber 2.0 SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba Haber 2.0 allows remote attackers to execute arbitrary SQL commands via the haber parameter. | 6.8 |
2008-04-01 | CVE-2008-1605 | Leadtools | Improper Input Validation vulnerability in Leadtools Multimedia Toolkit 15 The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method. | 6.8 |
2008-03-31 | CVE-2008-1559 | Bernard Gilly Joomla | SQL Injection vulnerability in Bernard Gilly COM Alphacontent 2.5.8 SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | 6.8 |
2008-03-31 | CVE-2008-1555 | Bolinos | Path Traversal vulnerability in Bolinos 4.6.1 Directory traversal vulnerability in system/_b/contentFiles/gbincluder.php in BolinOS 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2008-03-31 | CVE-2008-1554 | Topper | SQL Injection vulnerability in Topper Toppermod 2.0 SQL injection vulnerability in account/index.php in TopperMod 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a non-alphanumeric first character the localita parameter, which bypasses a protection mechanism. | 6.8 |
2008-03-31 | CVE-2008-1553 | Topper | Path Traversal vulnerability in Topper Toppermod 1.0 Directory traversal vulnerability in mod.php in TopperMod 1.0 allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2008-03-31 | CVE-2008-1552 | Silc Redhat | Numeric Errors vulnerability in Silc products The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. | 6.8 |
2008-03-31 | CVE-2008-1549 | Aeries | SQL Injection vulnerability in Aeries Student Information System 3.8.3.14 Multiple SQL injection vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to execute arbitrary SQL commands via the (1) GrdBk parameter to GradebookOptions.asp and the (2) SchlCode variable to loginproc.asp, a different vector than CVE-2008-0942. | 6.8 |
2008-04-02 | CVE-2008-1657 | Openbsd | Permissions, Privileges, and Access Controls vulnerability in Openbsd Openssh OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. | 6.5 |
2008-04-01 | CVE-2008-1515 | Otrs | Permissions, Privileges, and Access Controls vulnerability in Otrs The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks." | 6.4 |
2008-04-04 | CVE-2008-1373 | Easy Software Products | Buffer Errors vulnerability in Easy Software products Cups 1.3.6 Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484. | 5.8 |
2008-03-31 | CVE-2008-1567 | Phpmyadmin Debian Fedoraproject Opensuse | Cleartext Storage of Sensitive Information vulnerability in multiple products phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. | 5.5 |
2008-04-04 | CVE-2008-1680 | Future Nuke | Information Exposure vulnerability in Future Nuke PHP-Nuke Platinum 7.6.B.5 PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magic_quotes_gpc. | 5.0 |
2008-04-02 | CVE-2008-1652 | Perlbal | Path Traversal vulnerability in Perlbal Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an unspecified parameter. | 5.0 |
2008-04-02 | CVE-2008-1648 | Sympa | Improper Input Validation vulnerability in Sympa Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. | 5.0 |
2008-04-02 | CVE-2008-1643 | Landesk Software | Path Traversal vulnerability in Landesk Software Landesk Management Suite 8.8 Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2008-03-31 | CVE-2008-1562 | Wireshark | Improper Input Validation vulnerability in Wireshark The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740. | 5.0 |
2008-03-31 | CVE-2008-1561 | Wireshark | Denial of Service vulnerability in Wireshark 0.99.8 Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. | 5.0 |
2008-03-31 | CVE-2008-1557 | Bolinos | Information Exposure vulnerability in Bolinos 4.6.1 BolinOS 4.6.1 allows remote attackers to obtain sensitive information via a direct request to system/actionspages/_b/contentFiles/gBphpInfo.php, which calls the phpinfo function. | 5.0 |
2008-03-31 | CVE-2008-1597 | IBM | Denial-Of-Service vulnerability in IBM AIX 6.1 The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior." | 4.9 |
2008-03-31 | CVE-2008-1595 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3/6.1 The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information. | 4.9 |
2008-03-31 | CVE-2008-1594 | IBM | Denial-Of-Service vulnerability in IBM AIX 5.2/5.3/6.1 The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size. | 4.9 |
2008-03-31 | CVE-2008-0211 | Compaq | Local Denial of Service vulnerability in HP Compaq Business Notebook PC BIOS Unspecified vulnerability in the BIOS F.04 through F.11 for the HP Compaq Business Notebook PC allows local users to cause a denial of service via unspecified vectors. | 4.9 |
2008-04-06 | CVE-2008-1684 | SUN | Race Condition vulnerability in SUN Solaris 10 inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file. | 4.7 |
2008-04-06 | CVE-2008-0887 | Gnome | Local Unauthorized Access vulnerability in Gnome Desktop Screensaver NIS Authentication gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859. | 4.7 |
2008-03-31 | CVE-2008-1598 | IBM | Information Exposure vulnerability in IBM AIX 6.1 The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors. | 4.7 |
2008-04-06 | CVE-2008-0708 | HP | Local Security vulnerability in Proliant HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) 442085-B21 for certain HP ProLiant servers contain the (a) W32.Fakerecy and (b) W32.SillyFDC worms, which might be launched if the server does not have up-to-date detection. | 4.6 |
2008-03-31 | CVE-2008-1592 | HP Tandem Computers IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ 5.1/5.3/5.3.1 MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels." | 4.6 |
2008-03-31 | CVE-2008-0070 | ORB Networks | Numeric Errors vulnerability in ORB Networks ORB 2.0.1014 Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA allows remote attackers to execute arbitrary code via an RPC request that specifies a large number of array dimensions, which triggers a heap-based buffer overflow. | 4.6 |
2008-04-04 | CVE-2008-1014 | Apple | Improper Input Validation vulnerability in Apple Quicktime Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. | 4.3 |
2008-04-02 | CVE-2008-1654 | Adobe | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Flash Player Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server. | 4.3 |
2008-04-02 | CVE-2008-1649 | Myiosoft | Cross-Site Scripting vulnerability in Myiosoft Easynews 4.0Tr Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action. | 4.3 |
2008-04-02 | CVE-2008-1636 | JV2 | Cross-Site Scripting vulnerability in JV2 Quick Gallery 1.1 Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the f parameter. | 4.3 |
2008-04-02 | CVE-2008-1634 | JV2 | Cross-Site Scripting vulnerability in JV2 Folder Gallery 3.1 Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder Gallery 3.1 allows remote attackers to inject arbitrary web script or HTML via the image parameter. | 4.3 |
2008-04-02 | CVE-2008-1630 | Emedia Office Gmbh | Cross-Site Scripting vulnerability in Emedia Office Gmbh Cuteflow 1.5.0/2.10.0 Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) page/showcirculation.php; and (2) edittemplate_step2.php, (3) showfields.php, (4) showuser.php, (5) editmailinglist_step1.php, and (6) showtemplates.php in pages/. | 4.3 |
2008-04-02 | CVE-2008-1629 | PAU Rodriguez | Cross-Site Scripting vulnerability in PAU Rodriguez PHPkrm Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-04-02 | CVE-2008-1621 | Geertsen Holdings INC | Cross-Site Scripting vulnerability in Geertsen Holdings INC Geecarts Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) show.php, (2) search.php, and (3) view.php. | 4.3 |
2008-04-02 | CVE-2008-1619 | Xensource INC | Denial of Service vulnerability in Xensource INC XEN 5.1 The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool. | 4.3 |
2008-04-02 | CVE-2008-1614 | Sebastian Marsching | Permissions, Privileges, and Access Controls vulnerability in Sebastian Marsching Suphp suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges. | 4.3 |
2008-04-01 | CVE-2008-1604 | Perlmailer | Cross-Site Scripting vulnerability in Perlmailer Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-04-01 | CVE-2008-1603 | GNB | Cross-Site Scripting vulnerability in GNB Designform Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the email form. | 4.3 |
2008-03-31 | CVE-2008-1566 | Manageengine | Cross-Site Scripting vulnerability in Manageengine Applications Manager 8.1/8.2 Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |
2008-03-31 | CVE-2008-1564 | File Transfer | Path Traversal vulnerability in File-Transfer File Transfer Directory traversal vulnerability in Dan Costin File Transfer before 1.2f allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the filename. | 4.3 |
2008-03-31 | CVE-2008-1563 | Wireshark | Denial of Service vulnerability in Wireshark 0.99.8 The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet. | 4.3 |
2008-03-31 | CVE-2008-1560 | Digiappz | Cross-Site Scripting vulnerability in Digiappz Digidomain 2.2 Multiple cross-site scripting (XSS) vulnerabilities in Digiappz DigiDomain 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) domain parameter to lookup_result.asp, and the (2) word1 and (3) word2 parameters to suggest_result.asp. | 4.3 |
2008-03-31 | CVE-2008-1556 | Bolinos | Cross-Site Scripting vulnerability in Bolinos 4.6.1 Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) system/actionspages/_b/contentFiles/gBImageViewer.php, (2) ForEditor parameter to (b) system/actionspages/_b/contentFiles/gBselectorContents.php, (3) the PATH_INFO to (c) gBLoginPage.php and (d) gBPassword.php in system/actionspages/_b/contentFiles/, (4) formlogin parameter to system/actionspages/_b/contentFiles/gBLoginPage.php, and the (5) bolini_searchengine46Search parameter to (e) help/index.php. | 4.3 |
2008-03-31 | CVE-2008-1550 | Cubecart | Cross-Site Scripting vulnerability in Cubecart 4.2.1 Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter. | 4.3 |
2008-03-31 | CVE-2008-1548 | Aeries | Cross-Site Scripting vulnerability in Aeries Student Information System 3.8.3.14 Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to inject arbitrary web script or HTML via the (1) UserName parameter to loginproc.asp and the (2) usr parameter to Login.asp. | 4.3 |
2008-04-02 | CVE-2008-1628 | Linux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Audit Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. | 4.1 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-04-02 | CVE-2008-1627 | CDS Software Consortium | Permissions, Privileges, and Access Controls vulnerability in CDS Software Consortium Invenio CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID. | 3.5 |
2008-03-31 | CVE-2008-1569 | Debian Policyd Weight | Link Following vulnerability in Policyd-Weight policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket. | 3.3 |