Weekly Vulnerabilities Reports > March 31 to April 6, 2008

Overview

114 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 115 products from 83 vendors including Apple, IBM, HP, Wireshark, and Myiosoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Permissions, Privileges, and Access Controls", "Path Traversal", and "Cross-site Scripting".

  • 89 reported vulnerabilities are remotely exploitables.
  • 29 reported vulnerabilities have public exploit available.
  • 45 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 107 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 12 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

10 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-04-06 CVE-2008-1602 Orbit Downloader Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Orbit Downloader Orbit Downloader 2.6.3/2.6.4

Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows remote attackers to execute arbitrary code via a long download URL, which is not properly handled during Unicode conversion for a balloon notification after a download has failed.

10.0
2008-04-04 CVE-2008-1681 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Content Manager

Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege.

10.0
2008-04-04 CVE-2008-1154 Cisco Improper Authentication vulnerability in Cisco products

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2008-04-02 CVE-2008-1331 Alcatel Lucent Improper Input Validation vulnerability in Alcatel-Lucent Omnipcx Office

cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter.

10.0
2008-04-02 CVE-2008-1633 Mondo Unspecified vulnerability in Mondo Rescue Prior to 2.2.5

Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown impact and attack vectors, related to the use of (1) /tmp and (2) MINDI_CACHE.

10.0
2008-04-01 CVE-2008-1611 Tftp Server Buffer Errors vulnerability in Tftp-Server Winagents Tftp Server Sp1.4

Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request.

10.0
2008-03-31 CVE-2008-1558 Mplayer Numeric Errors vulnerability in Mplayer 1.0Rc2

Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter.

10.0
2008-04-06 CVE-2008-0311 Borland Buffer Errors vulnerability in Borland Caliberrm 2006

Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request.

9.3
2008-04-04 CVE-2007-5661 Macrovision Code Injection vulnerability in Macrovision Installshield

The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.

9.3
2008-04-02 CVE-2008-1647 Chilkat Software Improper Input Validation vulnerability in Chilkat Software Chilkathttp Activex

The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files.

9.3

29 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-04-04 CVE-2008-0555 Apache SSL Improper Input Validation vulnerability in Apache-Ssl 1.3.341.57

The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.

7.5
2008-04-02 CVE-2008-1651 Myiosoft Path Traversal vulnerability in Myiosoft Easynews 4.0Tr

Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-04-02 CVE-2008-1650 Myiosoft SQL Injection vulnerability in Myiosoft Easynews 4.0Tr

SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_News action.

7.5
2008-04-02 CVE-2008-1646 Arnos Toolbox
Wordpress
SQL Injection vulnerability in multiple products

SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter.

7.5
2008-04-02 CVE-2008-1645 Guillaume Meister Path Traversal vulnerability in Guillaume Meister PHP Spammanager 0.53

Directory traversal vulnerability in body.php in phpSpamManager (phpSM) 0.53 beta allows remote attackers to read arbitrary local files via a ..

7.5
2008-04-02 CVE-2008-1644 Savas Place SQL Injection vulnerability in Savas Place Savas Link Manager 2.0

SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.

7.5
2008-04-02 CVE-2008-1642 Savas Place Path Traversal vulnerability in Savas Place Savas Guestbook 2.0

Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter.

7.5
2008-04-02 CVE-2008-1641 Efestech SQL Injection vulnerability in Efestech Video 5.0

SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter.

7.5
2008-04-02 CVE-2008-1640 JGS XA SQL Injection vulnerability in Jgs-Xa JGS Treffen 2.0.1

SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treffen 2.0.2 and earlier addon for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the view_id parameter in an ansicht action.

7.5
2008-04-02 CVE-2008-1639 Neat WEB SQL Injection vulnerability in Neat web Neat-Web 0.2

SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php.

7.5
2008-04-02 CVE-2008-1635 Raven PHP Scripts Path Traversal vulnerability in Raven PHP Scripts Keep IT Simple Guest Book

Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-04-02 CVE-2008-1632 Emedia Office Gmbh SQL Injection vulnerability in Emedia Office Gmbh Cuteflow

Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) listid parameter to pages/editmailinglist_step1.php, the (2) userid parameter to pages/edituser.php, the (3) fieldid parameter to pages/editfield.php, and the (4) templateid to pages/edittemplate_step1.php.

7.5
2008-04-02 CVE-2008-1631 Emedia Office Gmbh SQL Injection vulnerability in Emedia Office Gmbh Cuteflow 1.5.0/2.10.0

SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php.

7.5
2008-04-02 CVE-2008-1626 Eggblog Improper Input Validation vulnerability in Eggblog

SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie.

7.5
2008-04-02 CVE-2008-1624 Whorl LTD Path Traversal vulnerability in Whorl LTD Jshop Server 1/2

Directory traversal vulnerability in v2demo/page.php in Jshop Server 1.x through 2.x allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-04-02 CVE-2008-1623 Lotus WEB Studios INC SQL Injection vulnerability in Lotus web Studios INC Smoothflash

SQL injection vulnerability in admin_view_image.php in Smoothflash allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2008-04-02 CVE-2008-1620 2X Path Traversal vulnerability in 2X Thinclientserver

Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0.0 and earlier in 2X ThinClientServer 5.0_sp1-r3497 and earlier allows remote attackers to read or overwrite arbitrary files via a ...

7.5
2008-04-01 CVE-2008-1610 Tallsoft Quick Buffer Errors vulnerability in Tallsoft Quick Tftp Server PRO 2.1

Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long mode field in a read or write request.

7.5
2008-04-01 CVE-2008-1608 Clever Copy SQL Injection vulnerability in Clever Copy Clever Copy 3.0

SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583.

7.5
2008-03-31 CVE-2008-1591 Postnuke SQL Injection vulnerability in Postnuke

The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable).

7.5
2008-03-31 CVE-2008-1568 Comix Improper Input Validation vulnerability in Comix 3.6.4

comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.

7.5
2008-03-31 CVE-2008-1565 Hotscripts
Phpbb
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0.5 module for phpBB allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-03-31 CVE-2008-1551 Runcms SQL Injection vulnerability in Runcms Photo Module and Runcms

SQL injection vulnerability in viewcat.php in the Photo 3.02 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2008-03-31 CVE-2008-1601 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3

Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges.

7.2
2008-03-31 CVE-2008-1600 IBM Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3/6.1

The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.

7.2
2008-03-31 CVE-2008-1599 IBM Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3/6.1

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.

7.2
2008-03-31 CVE-2008-1596 IBM Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3/6.1

Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks in the TSD_FILES_LOCK policy for modifications performed via hard links, a different vulnerability than CVE-2007-6680.

7.2
2008-03-31 CVE-2008-1593 IBM Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3/6.1

The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function.

7.2
2008-03-31 CVE-2008-0706 Compaq
HP
Improper Authentication vulnerability in multiple products

Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password.

7.2

72 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-04-04 CVE-2008-0884 RED HAT Permissions, Privileges, and Access Controls vulnerability in RED HAT Enterprise Linux 5

The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a change to world-writable permissions for the /etc/pam.d/system-auth-ac file, which allows local users to gain privileges by modifying this file.

6.9
2008-03-31 CVE-2008-1570 Policyd Weight Race Condition vulnerability in Policyd-Weight 0.1.14Beta14

Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs.

6.9
2008-04-06 CVE-2008-1685 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU GCC

** DISPUTED ** gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal.

6.8
2008-04-04 CVE-2008-1682 Elearningforce Code Injection vulnerability in Elearningforce Online Flashquiz 1.0.2

PHP remote file inclusion vulnerability in quiz/common/db_config.inc.php in the Online FlashQuiz (com_onlineflashquiz) 1.0.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter.

6.8
2008-04-04 CVE-2008-1023 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file.

6.8
2008-04-04 CVE-2008-1022 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size.

6.8
2008-04-04 CVE-2008-1021 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding.

6.8
2008-04-04 CVE-2008-1020 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages.

6.8
2008-04-04 CVE-2008-1019 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop.

6.8
2008-04-04 CVE-2008-1018 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom.

6.8
2008-04-04 CVE-2008-1017 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.

6.8
2008-04-04 CVE-2008-1016 Apple Code Injection vulnerability in Apple Quicktime

Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.

6.8
2008-04-04 CVE-2008-1015 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.

6.8
2008-04-04 CVE-2008-1013 Apple Remote vulnerability in Apple QuickTime

Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet.

6.8
2008-04-04 CVE-2008-1374 Apple Integer Overflow OR Wraparound vulnerability in Apple Cups

Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file.

6.8
2008-04-02 CVE-2008-1653 Savas Place Path Traversal vulnerability in Savas Place Savas Link Manager 2.0

Directory traversal vulnerability in index.php in Sava's Link Manager 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the q parameter.

6.8
2008-04-02 CVE-2008-1638 NIK Software INC Permissions, Privileges, and Access Controls vulnerability in NIK Software INC NIK Sharpener PRO 2.0

Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse.

6.8
2008-04-02 CVE-2008-1637 Powerdns Numeric Errors vulnerability in Powerdns Recursor

PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.

6.8
2008-04-02 CVE-2008-1625 Avast Permissions, Privileges, and Access Controls vulnerability in Avast Antivirus Home and Avast Antivirus Professional

aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.

6.8
2008-04-02 CVE-2008-1622 Geertsen Holdings INC Code Injection vulnerability in Geertsen Holdings INC Geecarts

Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow remote attackers to execute arbitrary PHP code via a URL in the id parameter to (1) show.php, (2) search.php, and (3) view.php.

6.8
2008-04-02 CVE-2008-0069 Pierreegougelet Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pierreegougelet Xnview

Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than CVE-2008-1461.

6.8
2008-04-01 CVE-2008-1609 JAF CMS Code Injection vulnerability in JAF CMS JAF CMS 4.0Rc2

Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter to forum/forum.php.

6.8
2008-04-01 CVE-2008-1607 Serby Arslanhan SQL Injection vulnerability in Serby Arslanhan Bomba Haber 2.0

SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba Haber 2.0 allows remote attackers to execute arbitrary SQL commands via the haber parameter.

6.8
2008-04-01 CVE-2008-1605 Leadtools Improper Input Validation vulnerability in Leadtools Multimedia Toolkit 15

The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method.

6.8
2008-03-31 CVE-2008-1559 Bernard Gilly
Joomla
SQL Injection vulnerability in Bernard Gilly COM Alphacontent 2.5.8

SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

6.8
2008-03-31 CVE-2008-1555 Bolinos Path Traversal vulnerability in Bolinos 4.6.1

Directory traversal vulnerability in system/_b/contentFiles/gbincluder.php in BolinOS 4.6.1 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-03-31 CVE-2008-1554 Topper SQL Injection vulnerability in Topper Toppermod 2.0

SQL injection vulnerability in account/index.php in TopperMod 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a non-alphanumeric first character the localita parameter, which bypasses a protection mechanism.

6.8
2008-03-31 CVE-2008-1553 Topper Path Traversal vulnerability in Topper Toppermod 1.0

Directory traversal vulnerability in mod.php in TopperMod 1.0 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-03-31 CVE-2008-1552 Silc
Redhat
Numeric Errors vulnerability in Silc products

The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow.

6.8
2008-03-31 CVE-2008-1549 Aeries SQL Injection vulnerability in Aeries Student Information System 3.8.3.14

Multiple SQL injection vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to execute arbitrary SQL commands via the (1) GrdBk parameter to GradebookOptions.asp and the (2) SchlCode variable to loginproc.asp, a different vector than CVE-2008-0942.

6.8
2008-04-02 CVE-2008-1657 Openbsd Permissions, Privileges, and Access Controls vulnerability in Openbsd Openssh

OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

6.5
2008-04-01 CVE-2008-1515 Otrs Permissions, Privileges, and Access Controls vulnerability in Otrs

The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."

6.4
2008-04-01 CVE-2008-1606 Elastic Path Path Traversal vulnerability in Elastic Path Elastic Path 4.1/4.1.1

Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a ..

6.0
2008-04-04 CVE-2008-1373 Easy Software Products Buffer Errors vulnerability in Easy Software products Cups 1.3.6

Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.

5.8
2008-04-04 CVE-2008-1680 Future Nuke Information Exposure vulnerability in Future Nuke PHP-Nuke Platinum 7.6.B.5

PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magic_quotes_gpc.

5.0
2008-04-02 CVE-2008-1652 Perlbal Path Traversal vulnerability in Perlbal

Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an unspecified parameter.

5.0
2008-04-02 CVE-2008-1648 Sympa Improper Input Validation vulnerability in Sympa

Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers.

5.0
2008-04-02 CVE-2008-1643 Landesk Software Path Traversal vulnerability in Landesk Software Landesk Management Suite 8.8

Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2008-03-31 CVE-2008-1562 Wireshark Improper Input Validation vulnerability in Wireshark

The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.

5.0
2008-03-31 CVE-2008-1561 Wireshark Denial of Service vulnerability in Wireshark 0.99.8

Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors.

5.0
2008-03-31 CVE-2008-1557 Bolinos Information Exposure vulnerability in Bolinos 4.6.1

BolinOS 4.6.1 allows remote attackers to obtain sensitive information via a direct request to system/actionspages/_b/contentFiles/gBphpInfo.php, which calls the phpinfo function.

5.0
2008-03-31 CVE-2008-1597 IBM Denial-Of-Service vulnerability in IBM AIX 6.1

The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior."

4.9
2008-03-31 CVE-2008-1595 IBM Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3/6.1

The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information.

4.9
2008-03-31 CVE-2008-1594 IBM Denial-Of-Service vulnerability in IBM AIX 5.2/5.3/6.1

The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size.

4.9
2008-03-31 CVE-2008-0211 Compaq Local Denial of Service vulnerability in HP Compaq Business Notebook PC BIOS

Unspecified vulnerability in the BIOS F.04 through F.11 for the HP Compaq Business Notebook PC allows local users to cause a denial of service via unspecified vectors.

4.9
2008-04-06 CVE-2008-1684 SUN Race Condition vulnerability in SUN Solaris 10

inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.

4.7
2008-04-06 CVE-2008-0887 Gnome Local Unauthorized Access vulnerability in Gnome Desktop Screensaver NIS Authentication

gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.

4.7
2008-03-31 CVE-2008-1598 IBM Information Exposure vulnerability in IBM AIX 6.1

The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors.

4.7
2008-04-06 CVE-2008-0708 HP Local Security vulnerability in Proliant

HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) 442085-B21 for certain HP ProLiant servers contain the (a) W32.Fakerecy and (b) W32.SillyFDC worms, which might be launched if the server does not have up-to-date detection.

4.6
2008-03-31 CVE-2008-1592 HP
Tandem Computers
IBM
Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ 5.1/5.3/5.3.1

MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels."

4.6
2008-03-31 CVE-2008-0070 ORB Networks Numeric Errors vulnerability in ORB Networks ORB 2.0.1014

Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA allows remote attackers to execute arbitrary code via an RPC request that specifies a large number of array dimensions, which triggers a heap-based buffer overflow.

4.6
2008-04-04 CVE-2008-1014 Apple Improper Input Validation vulnerability in Apple Quicktime

Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information.

4.3
2008-04-02 CVE-2008-1654 Adobe Cross-Site Request Forgery (CSRF) vulnerability in Adobe Flash Player

Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.

4.3
2008-04-02 CVE-2008-1649 Myiosoft Cross-Site Scripting vulnerability in Myiosoft Easynews 4.0Tr

Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action.

4.3
2008-04-02 CVE-2008-1636 JV2 Cross-Site Scripting vulnerability in JV2 Quick Gallery 1.1

Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the f parameter.

4.3
2008-04-02 CVE-2008-1634 JV2 Cross-Site Scripting vulnerability in JV2 Folder Gallery 3.1

Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder Gallery 3.1 allows remote attackers to inject arbitrary web script or HTML via the image parameter.

4.3
2008-04-02 CVE-2008-1630 Emedia Office Gmbh Cross-Site Scripting vulnerability in Emedia Office Gmbh Cuteflow 1.5.0/2.10.0

Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) page/showcirculation.php; and (2) edittemplate_step2.php, (3) showfields.php, (4) showuser.php, (5) editmailinglist_step1.php, and (6) showtemplates.php in pages/.

4.3
2008-04-02 CVE-2008-1629 PAU Rodriguez Cross-Site Scripting vulnerability in PAU Rodriguez PHPkrm

Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-04-02 CVE-2008-1621 Geertsen Holdings INC Cross-Site Scripting vulnerability in Geertsen Holdings INC Geecarts

Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) show.php, (2) search.php, and (3) view.php.

4.3
2008-04-02 CVE-2008-1619 Xensource INC Denial of Service vulnerability in Xensource INC XEN 5.1

The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool.

4.3
2008-04-02 CVE-2008-1614 Sebastian Marsching Permissions, Privileges, and Access Controls vulnerability in Sebastian Marsching Suphp

suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges.

4.3
2008-04-01 CVE-2008-1612 Squid Improper Input Validation vulnerability in Squid 2.6.Stable17

The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error.

4.3
2008-04-01 CVE-2008-1604 Perlmailer Cross-Site Scripting vulnerability in Perlmailer

Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-04-01 CVE-2008-1603 GNB Cross-Site Scripting vulnerability in GNB Designform

Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the email form.

4.3
2008-03-31 CVE-2008-1566 Manageengine Cross-Site Scripting vulnerability in Manageengine Applications Manager 8.1/8.2

Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter.

4.3
2008-03-31 CVE-2008-1564 File Transfer Path Traversal vulnerability in File-Transfer File Transfer

Directory traversal vulnerability in Dan Costin File Transfer before 1.2f allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the filename.

4.3
2008-03-31 CVE-2008-1563 Wireshark Denial of Service vulnerability in Wireshark 0.99.8

The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

4.3
2008-03-31 CVE-2008-1560 Digiappz Cross-Site Scripting vulnerability in Digiappz Digidomain 2.2

Multiple cross-site scripting (XSS) vulnerabilities in Digiappz DigiDomain 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) domain parameter to lookup_result.asp, and the (2) word1 and (3) word2 parameters to suggest_result.asp.

4.3
2008-03-31 CVE-2008-1556 Bolinos Cross-Site Scripting vulnerability in Bolinos 4.6.1

Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) system/actionspages/_b/contentFiles/gBImageViewer.php, (2) ForEditor parameter to (b) system/actionspages/_b/contentFiles/gBselectorContents.php, (3) the PATH_INFO to (c) gBLoginPage.php and (d) gBPassword.php in system/actionspages/_b/contentFiles/, (4) formlogin parameter to system/actionspages/_b/contentFiles/gBLoginPage.php, and the (5) bolini_searchengine46Search parameter to (e) help/index.php.

4.3
2008-03-31 CVE-2008-1550 Cubecart Cross-Site Scripting vulnerability in Cubecart 4.2.1

Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter.

4.3
2008-03-31 CVE-2008-1548 Aeries Cross-Site Scripting vulnerability in Aeries Student Information System 3.8.3.14

Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to inject arbitrary web script or HTML via the (1) UserName parameter to loginproc.asp and the (2) usr parameter to Login.asp.

4.3
2008-04-02 CVE-2008-1628 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Audit

Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument.

4.1

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-04-02 CVE-2008-1627 CDS Software Consortium Permissions, Privileges, and Access Controls vulnerability in CDS Software Consortium Invenio

CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID.

3.5
2008-03-31 CVE-2008-1569 Debian
Policyd Weight
Link Following vulnerability in Policyd-Weight

policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket.

3.3
2008-03-31 CVE-2008-1567 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.

2.1