Weekly Vulnerabilities Reports > April 7 to 13, 2008

Overview

85 new vulnerabilities reported during this period, including 33 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 112 products from 63 vendors including IBM, Microsoft, Autonomy, Symantec, and Adobe. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", "SQL Injection", "Permissions, Privileges, and Access Controls", and "Cross-site Scripting".

  • 78 reported vulnerabilities are remotely exploitables.
  • 23 reported vulnerabilities have public exploit available.
  • 20 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 81 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 12 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

33 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-04-12 CVE-2008-1766 Phpbb Unspecified vulnerability in PHPbb 3.0.0/3.0.0Rc

Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."

10.0
2008-04-11 CVE-2008-1704 Tibco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco Enterprise Message Service and Iprocess Engine

Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server.

10.0
2008-04-08 CVE-2008-1697 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager

Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topology/homeBaseView request.

10.0
2008-04-07 CVE-2008-1329 Broadcom
Computer Associates
Unspecified vulnerability in the NetBackup service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary commands, related to "insufficient verification of file uploads."
10.0
2008-04-07 CVE-2008-1690 Seattle LAB Software Resource Management Errors vulnerability in Seattle LAB Software Slmail PRO

WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801.

10.0
2008-04-12 CVE-2008-1764 Opera Unspecified vulnerability in Opera

Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs."

9.3
2008-04-12 CVE-2008-1762 Opera Resource Management Errors vulnerability in Opera Browser

Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption.

9.3
2008-04-12 CVE-2008-1761 Opera Resource Management Errors vulnerability in Opera

Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access.

9.3
2008-04-11 CVE-2008-1724 Tumbleweed Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tumbleweed Securetransport Server APP

Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile parameter.

9.3
2008-04-11 CVE-2008-1703 Tibco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco products

Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.

9.3
2008-04-10 CVE-2008-1718 Autonomy
IBM
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail (MIME) attachment.

9.3
2008-04-10 CVE-2008-1101 Autonomy
IBM
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document.

9.3
2008-04-10 CVE-2008-0066 Autonomy
IBM
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element.

9.3
2008-04-10 CVE-2007-6020 Activepdf
Autonomy
IBM
Symantec
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file.

9.3
2008-04-10 CVE-2007-5406 IBM
Symantec
Autonomy
Buffer Overflow vulnerability in Autonomy KeyView Module

kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file.

9.3
2008-04-10 CVE-2007-5405 Activepdf
Autonomy
IBM
Symantec
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag.

9.3
2008-04-10 CVE-2007-5399 Autonomy
IBM
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority, (8) Importance, or (9) X-MSMail-Priority header; (10) a long string at the beginning of an RFC2047 encoded-word in a header; (11) a long text string in an RFC2047 encoded-word in a header; or (12) a long Subject header, related to creation of an associated filename.

9.3
2008-04-09 CVE-2007-6019 Adobe Remote Code Execution vulnerability in Adobe Flash Player SWF File 'DeclareFunction2' ActionScript Tag

Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.

9.3
2008-04-09 CVE-2007-0071 Adobe Numeric Errors vulnerability in Adobe Flash Player

Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.

9.3
2008-04-09 CVE-2008-1709 Microsoft Buffer Errors vulnerability in Microsoft Visual Interdev 6.0

Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long malformed Project line beginning with a 'Project("{}") =' sequence, probably a different vector than CVE-2008-0250.

9.3
2008-04-08 CVE-2008-1090 Microsoft Resource Management Errors vulnerability in Microsoft Office and Visio

Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."

9.3
2008-04-08 CVE-2008-1089 Microsoft Code Injection vulnerability in Microsoft Office and Visio

Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."

9.3
2008-04-08 CVE-2008-1088 Microsoft Resource Management Errors vulnerability in Microsoft Project 2000/2002/2003

Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."

9.3
2008-04-08 CVE-2008-1087 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."

9.3
2008-04-08 CVE-2008-1086 Microsoft Code Injection vulnerability in Microsoft products

The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.

9.3
2008-04-08 CVE-2008-1085 Microsoft Code Injection vulnerability in Microsoft IE and Internet Explorer

Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.

9.3
2008-04-08 CVE-2008-0083 Microsoft Code Injection vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.

9.3
2008-04-08 CVE-2008-1686 Xine
Xiph
Numeric Errors vulnerability in multiple products

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

9.3
2008-04-08 CVE-2008-1617 Interwoven Numeric Errors vulnerability in Interwoven Worksite web

Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null.

9.3
2008-04-08 CVE-2008-0312 Microsoft
Symantec
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec products

Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method.

9.3
2008-04-07 CVE-2008-1328 Broadcom
Computer Associates
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments."

9.3
2008-04-11 CVE-2008-1725 Nsoftware Insecure Method vulnerability in Nsoftware Ibiz E-Banking Integrator 2.0.2932

The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument.

9.0
2008-04-07 CVE-2007-4620 Broadcom
CA
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.

9.0

17 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-04-08 CVE-2008-0711 HP Denial Of Service vulnerability in HP Integrity Servers iLO-2 Management Processors

Unspecified vulnerability in the embedded management console in HP iLO-2 Management Processors (iLO-2 MP), as used in Integrity Servers rx2660, rx3600, and rx6600, and Integrity Blade Server model bl860c, allows remote attackers to cause a denial of service via unknown vectors.

7.8
2008-04-12 CVE-2008-1759 Jeuxflash
Kwsphp
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922.

7.5
2008-04-12 CVE-2008-1758 Kwsphp SQL Injection vulnerability in Kwsphp

SQL injection vulnerability in the ConcoursPhoto module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the C_ID parameter to index.php.

7.5
2008-04-11 CVE-2008-1752 Achmad Zaenuri Information Exposure vulnerability in Achmad Zaenuri Ezradius 0.1

ezRADIUS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for (1) config.ini or (2) database.ini.

7.5
2008-04-11 CVE-2008-1750 Livecart SQL Injection vulnerability in Livecart 1.0.1/1.1.0/1.1.1

SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to the /category URI.

7.5
2008-04-11 CVE-2008-1733 Joomla
Pragmaticutopia
SQL Injection vulnerability in Pragmaticutopia COM Puarcade

SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php.

7.5
2008-04-11 CVE-2008-1732 Predictionfootball SQL Injection vulnerability in Predictionfootball 1

SQL injection vulnerability in showpredictionsformatch.php in Prediction Football 1.x allows remote attackers to execute arbitrary SQL commands via the matchid parameter in a dupa action.

7.5
2008-04-11 CVE-2008-1731 Drupal
3281D
Permissions, Privileges, and Access Controls vulnerability in 3281D Simple Access

The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking.

7.5
2008-04-11 CVE-2008-1727 Myknowledgequest Improper Authentication vulnerability in Myknowledgequest Knowledgequest 2.5/2.6

KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts.

7.5
2008-04-10 CVE-2008-1721 Python
Debian
Canonical
Incorrect Conversion between Numeric Types vulnerability in multiple products

Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.

7.5
2008-04-09 CVE-2008-1712 MX System Code Injection vulnerability in Mx-System Mxbb 2.0.0Beta

PHP remote file inclusion vulnerability in includes/functions_weblog.php in mxBB mx_blogs 2.0.0 beta allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.

7.5
2008-04-09 CVE-2008-1688 GNU Unspecified vulnerability in GNU M4

Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option.

7.5
2008-04-09 CVE-2008-1687 GNU Unspecified vulnerability in GNU M4

The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.

7.5
2008-04-09 CVE-2008-1656 Adobe Permissions, Privileges, and Access Controls vulnerability in Adobe Coldfusion 8.0/8.1

Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725.

7.5
2008-04-08 CVE-2008-0087 Microsoft Use of Insufficiently Random Values vulnerability in Microsoft products

The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.

7.5
2008-04-08 CVE-2008-1699 Desiquintans SQL Injection vulnerability in Desiquintans Writers Block CMS 3.8A

SQL injection vulnerability in permalink.php in Desi Quintans Writer's Block CMS 3.8a allows remote attackers to execute arbitrary SQL commands via the PostID parameter.

7.5
2008-04-09 CVE-2008-1710 IBM Permissions, Privileges, and Access Controls vulnerability in IBM AIX 6.1

Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable.

7.2

32 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-04-07 CVE-2008-1692 Eterm Permissions, Privileges, and Access Controls vulnerability in Eterm 0.9.4

Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.

6.9
2008-04-07 CVE-2008-0310 SCO Path Traversal vulnerability in SCO Unixware 7.1.4

Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST.

6.9
2008-04-11 CVE-2008-1751 Ksemail Path Traversal vulnerability in Ksemail

Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote attackers to read arbitrary local files via a ..

6.8
2008-04-11 CVE-2008-1726 Myknowledgequest SQL Injection vulnerability in Myknowledgequest Knowledgequest 2.6

Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php.

6.8
2008-04-10 CVE-2008-1719 Truzone Cross-Site Request Forgery (CSRF) vulnerability in Truzone Nuke ET 3.2/3.4

Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET 3.2 and 3.4 allow remote attackers to perform actions as administrators, as demonstrated by inserting an XSS sequence into a document.

6.8
2008-04-09 CVE-2008-1715 Auracms SQL Injection vulnerability in Auracms

SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter.

6.8
2008-04-09 CVE-2008-1714 Fascript SQL Injection vulnerability in Fascript Faphoto 1.0

SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

6.8
2008-04-09 CVE-2008-1705 IBM USE of Externally-Controlled Format String vulnerability in IBM Soliddb 06.00.1018

Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields.

6.8
2008-04-08 CVE-2008-0313 Symantec Remote Share 'launchProcess()' Insecure Method vulnerability in Symantec AutoFix Tool ActiveX Control

The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share.

6.8
2008-04-11 CVE-2008-1729 Drupal Unspecified vulnerability in Drupal 6.0/6.1

The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types.

5.8
2008-04-07 CVE-2008-0709 Microsoft
Redhat
HP
SUN
Permissions, Privileges, and Access Controls vulnerability in HP Select Identity

Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214.

5.5
2008-04-11 CVE-2008-1755 Zekewalker Path Traversal vulnerability in Zekewalker World of Phaos 4.0.1

Directory traversal vulnerability in the showSource function in showSource.php in World of Phaos 4.0.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.

5.0
2008-04-11 CVE-2008-1730 Arwscripts Path Traversal vulnerability in Arwscripts Gallery Script Lite

Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter.

5.0
2008-04-09 CVE-2008-1717 Woltlab Information Exposure vulnerability in Woltlab Burning Board 3.0.5

WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found.

5.0
2008-04-09 CVE-2008-1713 Noticeware Denial Of Service vulnerability in Noticeware Email Server 4.6.1.0

MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attackers to cause a denial of service (application crash) via a long string to IMAP port (143/tcp).

5.0
2008-04-09 CVE-2008-1711 Terong Cryptographic Issues vulnerability in Terong Advanced web Photo Gallery 1.0

Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.

5.0
2008-04-08 CVE-2008-1701 Apple
Novell
Denial Of Service vulnerability in Novell Iprint 6.5

Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request.

5.0
2008-04-07 CVE-2008-1618 Watchguard Information Exposure vulnerability in Watchguard Firebox Pptp VPN 4.9/5.0

The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames.

5.0
2008-04-07 CVE-2008-1691 Seattle LAB Software Improper Input Validation vulnerability in Seattle LAB Software Slmail PRO

Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (UDP service outage) via a large packet to UDP port 54.

5.0
2008-04-07 CVE-2008-1689 Seattle LAB Software Resource Management Errors vulnerability in Seattle LAB Software Slmail PRO

Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long request header in an HTTP request to TCP port 801.

5.0
2008-04-11 CVE-2008-1756 SUN Local Denial of Service vulnerability in SUN N1 Grid Engine 6.1

Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine 6.1 allows local users to cause a denial of service (daemon crash) via unspecified vectors.

4.9
2008-04-12 CVE-2008-1757 Kwsphp Cross-Site Scripting vulnerability in Kwsphp 1.0

Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter.

4.3
2008-04-11 CVE-2008-1753 Alkacon Cross-Site Scripting vulnerability in Alkacon Opencms 7.0.3

Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510.

4.3
2008-04-10 CVE-2008-1722 Cups Improper Input Validation vulnerability in Cups 1.3

Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image.

4.3
2008-04-09 CVE-2008-1716 Woltlab Cross-Site Scripting vulnerability in Woltlab Burning Board 3.0.5

Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are not properly handled when they are reflected back in an error message.

4.3
2008-04-09 CVE-2008-1655 Adobe Cross-Site Scripting vulnerability in Adobe Air, Flash Player and Flex

Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.

4.3
2008-04-09 CVE-2008-1708 IBM Resource Management Errors vulnerability in IBM Soliddb

IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service (daemon exit) via a packet with a large value in this field.

4.3
2008-04-09 CVE-2008-1707 IBM Resource Management Errors vulnerability in IBM Soliddb

IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a packet with an 0x11 value in a certain "type" field.

4.3
2008-04-09 CVE-2008-1706 IBM Numeric Errors vulnerability in IBM Soliddb 06.00.1018

Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large value in a certain 32-bit field.

4.3
2008-04-08 CVE-2008-1702 E107 Improper Input Validation vulnerability in E107 MY Gallery 2.3

Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter.

4.3
2008-04-08 CVE-2008-1698 Ventrian Cross-Site Scripting vulnerability in Ventrian Simple Gallery 2.2

Cross-site scripting (XSS) vulnerability in gallery.php in Simple Gallery 2.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter to index.php.

4.3
2008-04-11 CVE-2008-1728 Ignite Realtime Resource Management Errors vulnerability in Ignite Realtime Openfire 3.4.5

ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-04-08 CVE-2008-1696 Dazphp Path Traversal vulnerability in Dazphp Dazphpnews 0.11

Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

3.7
2008-04-07 CVE-2008-1142 Aterm
Eterm
Mrxvt
Multi Aterm
Rxvt
Rxvt Unicode
Wterm
Permissions, Privileges, and Access Controls vulnerability in multiple products

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.

3.7
2008-04-11 CVE-2008-1754 Symantec Cryptographic Issues vulnerability in Symantec Altiris Deployment Solution 6.8/6.8.380

Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory.

1.7