Weekly Vulnerabilities Reports > April 7 to 13, 2008
Overview
85 new vulnerabilities reported during this period, including 33 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 112 products from 63 vendors including IBM, Microsoft, Autonomy, Symantec, and Adobe. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", "SQL Injection", "Permissions, Privileges, and Access Controls", and "Cross-site Scripting".
- 78 reported vulnerabilities are remotely exploitables.
- 23 reported vulnerabilities have public exploit available.
- 20 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 81 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 12 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 9 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
33 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-04-12 | CVE-2008-1766 | Phpbb | Unspecified vulnerability in PHPbb 3.0.0/3.0.0Rc Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs." | 10.0 |
| 2008-04-11 | CVE-2008-1704 | Tibco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco Enterprise Message Service and Iprocess Engine Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server. | 10.0 |
| 2008-04-08 | CVE-2008-1697 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topology/homeBaseView request. | 10.0 |
| 2008-04-07 | CVE-2008-1329 | Broadcom Computer Associates | Unspecified vulnerability in the NetBackup service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary commands, related to "insufficient verification of file uploads." | 10.0 |
| 2008-04-07 | CVE-2008-1690 | Seattle LAB Software | Resource Management Errors vulnerability in Seattle LAB Software Slmail PRO WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. | 10.0 |
| 2008-04-12 | CVE-2008-1764 | Opera | Unspecified vulnerability in Opera Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs." | 9.3 |
| 2008-04-12 | CVE-2008-1762 | Opera | Resource Management Errors vulnerability in Opera Browser Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption. | 9.3 |
| 2008-04-12 | CVE-2008-1761 | Opera | Resource Management Errors vulnerability in Opera Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access. | 9.3 |
| 2008-04-11 | CVE-2008-1724 | Tumbleweed | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tumbleweed Securetransport Server APP Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile parameter. | 9.3 |
| 2008-04-11 | CVE-2008-1703 | Tibco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco products Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message. | 9.3 |
| 2008-04-10 | CVE-2008-1718 | Autonomy IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail (MIME) attachment. | 9.3 |
| 2008-04-10 | CVE-2008-1101 | Autonomy IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document. | 9.3 |
| 2008-04-10 | CVE-2008-0066 | Autonomy IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element. | 9.3 |
| 2008-04-10 | CVE-2007-6020 | Activepdf Autonomy IBM Symantec | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file. | 9.3 |
| 2008-04-10 | CVE-2007-5406 | IBM Symantec Autonomy | Buffer Overflow vulnerability in Autonomy KeyView Module kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file. | 9.3 |
| 2008-04-10 | CVE-2007-5405 | Activepdf Autonomy IBM Symantec | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag. | 9.3 |
| 2008-04-10 | CVE-2007-5399 | Autonomy IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority, (8) Importance, or (9) X-MSMail-Priority header; (10) a long string at the beginning of an RFC2047 encoded-word in a header; (11) a long text string in an RFC2047 encoded-word in a header; or (12) a long Subject header, related to creation of an associated filename. | 9.3 |
| 2008-04-09 | CVE-2007-6019 | Adobe | Remote Code Execution vulnerability in Adobe Flash Player SWF File 'DeclareFunction2' ActionScript Tag Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly. | 9.3 |
| 2008-04-09 | CVE-2007-0071 | Adobe | Numeric Errors vulnerability in Adobe Flash Player Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow. | 9.3 |
| 2008-04-09 | CVE-2008-1709 | Microsoft | Buffer Errors vulnerability in Microsoft Visual Interdev 6.0 Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long malformed Project line beginning with a 'Project("{}") =' sequence, probably a different vector than CVE-2008-0250. | 9.3 |
| 2008-04-08 | CVE-2008-1090 | Microsoft | Resource Management Errors vulnerability in Microsoft Office and Visio Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability." | 9.3 |
| 2008-04-08 | CVE-2008-1089 | Microsoft | Code Injection vulnerability in Microsoft Office and Visio Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability." | 9.3 |
| 2008-04-08 | CVE-2008-1088 | Microsoft | Resource Management Errors vulnerability in Microsoft Project 2000/2002/2003 Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations." | 9.3 |
| 2008-04-08 | CVE-2008-1087 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." | 9.3 |
| 2008-04-08 | CVE-2008-1086 | Microsoft | Code Injection vulnerability in Microsoft products The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. | 9.3 |
| 2008-04-08 | CVE-2008-1085 | Microsoft | Code Injection vulnerability in Microsoft IE and Internet Explorer Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler. | 9.3 |
| 2008-04-08 | CVE-2008-0083 | Microsoft | Code Injection vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. | 9.3 |
| 2008-04-08 | CVE-2008-1686 | Xine Xiph | Numeric Errors vulnerability in multiple products Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. | 9.3 |
| 2008-04-08 | CVE-2008-1617 | Interwoven | Numeric Errors vulnerability in Interwoven Worksite web Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null. | 9.3 |
| 2008-04-08 | CVE-2008-0312 | Microsoft Symantec | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec products Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. | 9.3 |
| 2008-04-07 | CVE-2008-1328 | Broadcom Computer Associates | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments." | 9.3 |
| 2008-04-11 | CVE-2008-1725 | Nsoftware | Insecure Method vulnerability in Nsoftware Ibiz E-Banking Integrator 2.0.2932 The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. | 9.0 |
| 2008-04-07 | CVE-2007-4620 | Broadcom CA | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests. | 9.0 |
17 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-04-08 | CVE-2008-0711 | HP | Denial Of Service vulnerability in HP Integrity Servers iLO-2 Management Processors Unspecified vulnerability in the embedded management console in HP iLO-2 Management Processors (iLO-2 MP), as used in Integrity Servers rx2660, rx3600, and rx6600, and Integrity Blade Server model bl860c, allows remote attackers to cause a denial of service via unknown vectors. | 7.8 |
| 2008-04-12 | CVE-2008-1759 | Jeuxflash Kwsphp | SQL Injection vulnerability in multiple products SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922. | 7.5 |
| 2008-04-12 | CVE-2008-1758 | Kwsphp | SQL Injection vulnerability in Kwsphp SQL injection vulnerability in the ConcoursPhoto module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the C_ID parameter to index.php. | 7.5 |
| 2008-04-11 | CVE-2008-1752 | Achmad Zaenuri | Information Exposure vulnerability in Achmad Zaenuri Ezradius 0.1 ezRADIUS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for (1) config.ini or (2) database.ini. | 7.5 |
| 2008-04-11 | CVE-2008-1750 | Livecart | SQL Injection vulnerability in Livecart 1.0.1/1.1.0/1.1.1 SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to the /category URI. | 7.5 |
| 2008-04-11 | CVE-2008-1733 | Joomla Pragmaticutopia | SQL Injection vulnerability in Pragmaticutopia COM Puarcade SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php. | 7.5 |
| 2008-04-11 | CVE-2008-1732 | Predictionfootball | SQL Injection vulnerability in Predictionfootball 1 SQL injection vulnerability in showpredictionsformatch.php in Prediction Football 1.x allows remote attackers to execute arbitrary SQL commands via the matchid parameter in a dupa action. | 7.5 |
| 2008-04-11 | CVE-2008-1731 | Drupal 3281D | Permissions, Privileges, and Access Controls vulnerability in 3281D Simple Access The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking. | 7.5 |
| 2008-04-11 | CVE-2008-1727 | Myknowledgequest | Improper Authentication vulnerability in Myknowledgequest Knowledgequest 2.5/2.6 KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts. | 7.5 |
| 2008-04-10 | CVE-2008-1721 | Python Debian Canonical | Incorrect Conversion between Numeric Types vulnerability in multiple products Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. | 7.5 |
| 2008-04-09 | CVE-2008-1712 | MX System | Code Injection vulnerability in Mx-System Mxbb 2.0.0Beta PHP remote file inclusion vulnerability in includes/functions_weblog.php in mxBB mx_blogs 2.0.0 beta allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. | 7.5 |
| 2008-04-09 | CVE-2008-1688 | GNU | Unspecified vulnerability in GNU M4 Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. | 7.5 |
| 2008-04-09 | CVE-2008-1687 | GNU | Unspecified vulnerability in GNU M4 The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename. | 7.5 |
| 2008-04-09 | CVE-2008-1656 | Adobe | Permissions, Privileges, and Access Controls vulnerability in Adobe Coldfusion 8.0/8.1 Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725. | 7.5 |
| 2008-04-08 | CVE-2008-0087 | Microsoft | Use of Insufficiently Random Values vulnerability in Microsoft products The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. | 7.5 |
| 2008-04-08 | CVE-2008-1699 | Desiquintans | SQL Injection vulnerability in Desiquintans Writers Block CMS 3.8A SQL injection vulnerability in permalink.php in Desi Quintans Writer's Block CMS 3.8a allows remote attackers to execute arbitrary SQL commands via the PostID parameter. | 7.5 |
| 2008-04-09 | CVE-2008-1710 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 6.1 Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable. | 7.2 |
32 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-04-07 | CVE-2008-1692 | Eterm | Permissions, Privileges, and Access Controls vulnerability in Eterm 0.9.4 Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. | 6.9 |
| 2008-04-07 | CVE-2008-0310 | SCO | Path Traversal vulnerability in SCO Unixware 7.1.4 Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST. | 6.9 |
| 2008-04-11 | CVE-2008-1751 | Ksemail | Path Traversal vulnerability in Ksemail Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote attackers to read arbitrary local files via a .. | 6.8 |
| 2008-04-11 | CVE-2008-1726 | Myknowledgequest | SQL Injection vulnerability in Myknowledgequest Knowledgequest 2.6 Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php. | 6.8 |
| 2008-04-10 | CVE-2008-1719 | Truzone | Cross-Site Request Forgery (CSRF) vulnerability in Truzone Nuke ET 3.2/3.4 Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET 3.2 and 3.4 allow remote attackers to perform actions as administrators, as demonstrated by inserting an XSS sequence into a document. | 6.8 |
| 2008-04-09 | CVE-2008-1715 | Auracms | SQL Injection vulnerability in Auracms SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. | 6.8 |
| 2008-04-09 | CVE-2008-1714 | Fascript | SQL Injection vulnerability in Fascript Faphoto 1.0 SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.8 |
| 2008-04-09 | CVE-2008-1705 | IBM | USE of Externally-Controlled Format String vulnerability in IBM Soliddb 06.00.1018 Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields. | 6.8 |
| 2008-04-08 | CVE-2008-0313 | Symantec | Remote Share 'launchProcess()' Insecure Method vulnerability in Symantec AutoFix Tool ActiveX Control The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share. | 6.8 |
| 2008-04-11 | CVE-2008-1729 | Drupal | Unspecified vulnerability in Drupal 6.0/6.1 The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types. | 5.8 |
| 2008-04-07 | CVE-2008-0709 | Microsoft Redhat HP SUN | Permissions, Privileges, and Access Controls vulnerability in HP Select Identity Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214. | 5.5 |
| 2008-04-11 | CVE-2008-1755 | Zekewalker | Path Traversal vulnerability in Zekewalker World of Phaos 4.0.1 Directory traversal vulnerability in the showSource function in showSource.php in World of Phaos 4.0.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter. | 5.0 |
| 2008-04-11 | CVE-2008-1730 | Arwscripts | Path Traversal vulnerability in Arwscripts Gallery Script Lite Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter. | 5.0 |
| 2008-04-09 | CVE-2008-1717 | Woltlab | Information Exposure vulnerability in Woltlab Burning Board 3.0.5 WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found. | 5.0 |
| 2008-04-09 | CVE-2008-1713 | Noticeware | Denial Of Service vulnerability in Noticeware Email Server 4.6.1.0 MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attackers to cause a denial of service (application crash) via a long string to IMAP port (143/tcp). | 5.0 |
| 2008-04-09 | CVE-2008-1711 | Terong | Cryptographic Issues vulnerability in Terong Advanced web Photo Gallery 1.0 Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | 5.0 |
| 2008-04-08 | CVE-2008-1701 | Apple Novell | Denial Of Service vulnerability in Novell Iprint 6.5 Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request. | 5.0 |
| 2008-04-07 | CVE-2008-1618 | Watchguard | Information Exposure vulnerability in Watchguard Firebox Pptp VPN 4.9/5.0 The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames. | 5.0 |
| 2008-04-07 | CVE-2008-1691 | Seattle LAB Software | Improper Input Validation vulnerability in Seattle LAB Software Slmail PRO Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (UDP service outage) via a large packet to UDP port 54. | 5.0 |
| 2008-04-07 | CVE-2008-1689 | Seattle LAB Software | Resource Management Errors vulnerability in Seattle LAB Software Slmail PRO Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long request header in an HTTP request to TCP port 801. | 5.0 |
| 2008-04-11 | CVE-2008-1756 | SUN | Local Denial of Service vulnerability in SUN N1 Grid Engine 6.1 Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine 6.1 allows local users to cause a denial of service (daemon crash) via unspecified vectors. | 4.9 |
| 2008-04-12 | CVE-2008-1757 | Kwsphp | Cross-Site Scripting vulnerability in Kwsphp 1.0 Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter. | 4.3 |
| 2008-04-11 | CVE-2008-1753 | Alkacon | Cross-Site Scripting vulnerability in Alkacon Opencms 7.0.3 Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510. | 4.3 |
| 2008-04-10 | CVE-2008-1722 | Cups | Improper Input Validation vulnerability in Cups 1.3 Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image. | 4.3 |
| 2008-04-09 | CVE-2008-1716 | Woltlab | Cross-Site Scripting vulnerability in Woltlab Burning Board 3.0.5 Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are not properly handled when they are reflected back in an error message. | 4.3 |
| 2008-04-09 | CVE-2008-1655 | Adobe | Cross-Site Scripting vulnerability in Adobe Air, Flash Player and Flex Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. | 4.3 |
| 2008-04-09 | CVE-2008-1708 | IBM | Resource Management Errors vulnerability in IBM Soliddb IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service (daemon exit) via a packet with a large value in this field. | 4.3 |
| 2008-04-09 | CVE-2008-1707 | IBM | Resource Management Errors vulnerability in IBM Soliddb IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a packet with an 0x11 value in a certain "type" field. | 4.3 |
| 2008-04-09 | CVE-2008-1706 | IBM | Numeric Errors vulnerability in IBM Soliddb 06.00.1018 Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large value in a certain 32-bit field. | 4.3 |
| 2008-04-08 | CVE-2008-1702 | E107 | Improper Input Validation vulnerability in E107 MY Gallery 2.3 Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. | 4.3 |
| 2008-04-08 | CVE-2008-1698 | Ventrian | Cross-Site Scripting vulnerability in Ventrian Simple Gallery 2.2 Cross-site scripting (XSS) vulnerability in gallery.php in Simple Gallery 2.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter to index.php. | 4.3 |
| 2008-04-11 | CVE-2008-1728 | Ignite Realtime | Resource Management Errors vulnerability in Ignite Realtime Openfire 3.4.5 ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages. | 4.0 |
3 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-04-08 | CVE-2008-1696 | Dazphp | Path Traversal vulnerability in Dazphp Dazphpnews 0.11 Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 3.7 |
| 2008-04-07 | CVE-2008-1142 | Aterm Eterm Mrxvt Multi Aterm Rxvt Rxvt Unicode Wterm | Permissions, Privileges, and Access Controls vulnerability in multiple products rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. | 3.7 |
| 2008-04-11 | CVE-2008-1754 | Symantec | Cryptographic Issues vulnerability in Symantec Altiris Deployment Solution 6.8/6.8.380 Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory. | 1.7 |