Weekly Vulnerabilities Reports > April 21 to 27, 2008

Overview

97 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 33 high severity vulnerabilities. This weekly summary report vulnerabilities in 99 products from 77 vendors including Microsoft, Acidcat, Drupal, Cpcommerce, and Cezannesw. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Code Injection".

  • 90 reported vulnerabilities are remotely exploitables.
  • 42 reported vulnerabilities have public exploit available.
  • 50 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 85 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-04-27 CVE-2008-1989 123Flashchat
E107
Code Injection vulnerability in multiple products

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.

10.0
2008-04-22 CVE-2008-1914 Bigantsoft Buffer Errors vulnerability in Bigantsoft Bigant Messenger 2.2

Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080.

10.0
2008-04-22 CVE-2008-1910 Borland Buffer Errors vulnerability in Borland Interbase 2007

Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050.

10.0
2008-04-27 CVE-2008-1973 Artur Sikora Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Artur Sikora Subedit Player 4056/4066

Heap-based buffer overflow in SubEdit Player build 4056 and 4066 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long subtitle file.

9.3
2008-04-25 CVE-2008-1965 IBM Code Injection vulnerability in IBM Lotus Expeditor Client and Lotus Symphany

Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.

9.3
2008-04-23 CVE-2008-1765 Adobe Buffer Errors vulnerability in Adobe Photoshop 3.2

Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and possibly After Effects CS3, allows user-assisted remote attackers and physically proximate attackers to execute arbitrary code via a BMP file with an invalid image header.

9.3
2008-04-23 CVE-2007-6255 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method.

9.3
2008-04-22 CVE-2008-1912 Divx Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Divx Player

Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long subtitle in a .SRT file.

9.3
2008-04-21 CVE-2008-1898 Microsoft Improper Input Validation vulnerability in Microsoft Office and Works

A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.

9.3
2008-04-27 CVE-2008-1988 Encaps Improper Input Validation vulnerability in Encaps Encapsgallery 2.0.2

Unrestricted file upload vulnerability in the file_upload function in core/misc.class.php in EncapsGallery 2.0.2 allows remote authenticated administrators to upload and execute arbitrary PHP files by uploading a file with an executable extension, then accessing it via a direct request to the file in the rwx_gallery directory.

9.0
2008-04-21 CVE-2008-1436 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.

9.0

33 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-04-27 CVE-2008-1984 Broadcom Resource Management Errors vulnerability in Broadcom Secure Content Manager 1.1/8.0

The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure Content Manager 8.0.28000.511 and earlier allows remote attackers to cause a denial of service (crash or CPU consumption) via a malformed packet to TCP port 1882.

7.8
2008-04-27 CVE-2008-1993 Acidcat Permissions, Privileges, and Access Controls vulnerability in Acidcat CMS 3.4.1

Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files.

7.5
2008-04-27 CVE-2008-1992 Acidcat Permissions, Privileges, and Access Controls vulnerability in Acidcat CMS 3.4.1

Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote attackers to bypass restrictions and relay email messages with modified From, FromName, and To fields.

7.5
2008-04-27 CVE-2008-1990 Acidcat SQL Injection vulnerability in Acidcat CMS 3.4.1

Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp.

7.5
2008-04-27 CVE-2008-1982 Wordpress SQL Injection vulnerability in Wordpress Wpss

SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.

7.5
2008-04-27 CVE-2008-1975 Cogites SQL Injection vulnerability in Cogites E Reserve 2.1

SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter.

7.5
2008-04-27 CVE-2008-1971 Phphq Improper Authentication vulnerability in PHPhq Phshoutbox Final

phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.

7.5
2008-04-25 CVE-2008-1964 Xinehq Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xinehq Xine LIB

** DISPUTED ** Stack-based buffer overflow in the demux_nsf_send_headers function in src/demuxers/demux_nsf.c in xine-lib allows remote attackers to have an unknown impact via a long copyright field in an NSF header in an NES Sound file, a different issue than CVE-2008-1878.

7.5
2008-04-25 CVE-2008-1963 Quate Code Injection vulnerability in Quate Grape web Statistics 0.2A

PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter.

7.5
2008-04-25 CVE-2008-1961 PHP Resource SQL Injection vulnerability in PHP Resource Voice of web Allmyguests 0.4.1

SQL injection vulnerability in index.php in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to execute arbitrary SQL commands via the AMG_id parameter in a comments action.

7.5
2008-04-25 CVE-2008-1959 Sipp Buffer Errors vulnerability in Sipp 3.0

Stack-based buffer overflow in the get_remote_video_port_media function in call.cpp in SIPp 3.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SIP message.

7.5
2008-04-25 CVE-2008-1957 Easyscripts SQL Injection vulnerability in Easyscripts TR Script News 2.1

SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode.

7.5
2008-04-25 CVE-2008-1954 Webcalendar SQL Injection vulnerability in Webcalendar web Calendar PRO 4.0

SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

7.5
2008-04-25 CVE-2008-1939 Aspindir SQL Injection vulnerability in Aspindir Philboard 1.0

Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) topic parameters to (a) philboard_reply.asp, and the (3) forumid parameter to (b) philboard_newtopic.asp, different vectors than CVE-2007-2641 and CVE-2007-0920.

7.5
2008-04-25 CVE-2008-1936 Classifieds Caffe SQL Injection vulnerability in Classifieds Caffe Classifieds Caffe

SQL injection vulnerability in index.php in Classifieds Caffe allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an add action.

7.5
2008-04-25 CVE-2008-1935 Joomla SQL Injection vulnerability in Joomla 1.0.4

SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.

7.5
2008-04-25 CVE-2008-1934 Crazy Goomba SQL Injection vulnerability in Crazy Goomba Crazy Goomba 1.2.1

SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-04-24 CVE-2008-1926 Linux Code Injection vulnerability in Linux Util-Linux

Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."

7.5
2008-04-23 CVE-2008-1921 5TH Avenue Software SQL Injection vulnerability in 5TH Avenue Software 5TH Avenue Shopping Cart 1.2

SQL injection vulnerability in store_pages/category_list.php in 5th Avenue Shopping Cart 1.2 trial edition allows remote attackers to execute arbitrary SQL commands via the category_ID parameter.

7.5
2008-04-23 CVE-2008-1920 ICQ Buffer Errors vulnerability in ICQ Mirabilis ICQ 6.0

Heap-based buffer overflow in the boxelyRenderer module in the Personal Status Manager feature in ICQ 6.0 build 6043 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted personal status message.

7.5
2008-04-23 CVE-2008-1919 Yourfreeworld SQL Injection vulnerability in Yourfreeworld Apartment Search Script

SQL injection vulnerability in listtest.php in YourFreeWorld Apartment Search Script allows remote attackers to execute arbitrary SQL commands via the r parameter.

7.5
2008-04-23 CVE-2008-1915 Devworx SQL Injection vulnerability in Devworx Blogworx 1.0

SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-04-22 CVE-2008-1913 Lasernet CMS SQL Injection vulnerability in Lasernet CMS Lasernet CMS 1.11/1.5

SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the new parameter in a new action.

7.5
2008-04-22 CVE-2008-1909 Chadha Software Technologies SQL Injection vulnerability in Chadha Software Technologies PHPkb Knowledge Base 1.5/2.0

SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2008-04-22 CVE-2008-1908 Cpcommerce Path Traversal vulnerability in Cpcommerce 1.1.0

Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2008-04-22 CVE-2008-1907 Cpcommerce SQL Injection vulnerability in Cpcommerce 1.1.0

Multiple SQL injection vulnerabilities in functions/display_page.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components.

7.5
2008-04-22 CVE-2008-1904 Cicoandcico Improper Authentication vulnerability in Cicoandcico Ccmail 1.0

Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote attackers to obtain access to the "admin area" via a modified this_cookie cookie.

7.5
2008-04-22 CVE-2008-1903 Newanz Code Injection vulnerability in Newanz Newsoffice 1.0/1.1

PHP remote file inclusion vulnerability in news_show.php in Newanz NewsOffice 1.0 and 1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsoffice_directory parameter.

7.5
2008-04-22 CVE-2008-1900 Carbon Communities Remote Security vulnerability in Carbon Communities

option_Update.asp in Carbon Communities 2.4 and earlier allows remote attackers to edit arbitrary member information via a modified ID field.

7.5
2008-04-22 CVE-2008-1613 Reddot SQL Injection vulnerability in Reddot CMS 6.5/7.0/7.5

SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter.

7.5
2008-04-27 CVE-2008-1994 Ahmed Abdel Hamid Mohamed Buffer Errors vulnerability in Ahmed Abdel-Hamid Mohamed Acon 1.0.55/1.0.56/1.0.57

Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and (c) child.c in Acon 1.0.5-5 through 1.0.5-7 allow local users to execute arbitrary code via (1) a long HOME environment variable or (2) a large number of terminal columns.

7.2
2008-04-22 CVE-2008-1901 Debian Link Following vulnerability in Debian Aptlinex

aptlinex before 0.91 allows local users to overwrite arbitrary files via a symlink attack on the gambas-apt.lock temporary file.

7.2
2008-04-23 CVE-2008-1923 Asterisk Configuration vulnerability in Asterisk products

The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.

7.1

48 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-04-27 CVE-2008-1981 E Publish Project Cross-Site Request Forgery (CSRF) vulnerability in E-Publish Project E-Publish 5.X1.0/5.X1.X/6.X1.X

Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors.

6.8
2008-04-25 CVE-2008-1962 Chimaera Path Traversal vulnerability in Chimaera Aterr 0.9.1

Multiple directory traversal vulnerabilities in Aterr 0.9.1 allow remote attackers to include and execute arbitrary local files via a ..

6.8
2008-04-25 CVE-2008-0712 HP Information Disclosure and Remote Code Execution vulnerability in HP HPeDiag ActiveX Control

Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors.

6.8
2008-04-25 CVE-2008-1942 Foxit Software Improper Input Validation vulnerability in Foxit Software Reader 2.2

Foxit Reader 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with (1) a malformed ExtGState resource containing a /Font resource, or (2) an XObject resource with a Rotate setting, which triggers memory corruption.

6.8
2008-04-25 CVE-2008-1937 Moinmoin Permissions, Privileges, and Access Controls vulnerability in Moinmoin 1.6.0/1.6.1/1.6.2

The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges.

6.8
2008-04-25 CVE-2008-1932 Microsoft
Realtek
Numeric Errors vulnerability in Realtek HD Audio Codec Drivers

Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allows local users to execute arbitrary code via a crafted IOCTL request.

6.8
2008-04-25 CVE-2008-1931 Microsoft
Realtek
Permissions, Privileges, and Access Controls vulnerability in Realtek HD Audio Codec Drivers

Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request.

6.8
2008-04-25 CVE-2008-1769 Videolan Resource Management Errors vulnerability in Videolan VLC

VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.

6.8
2008-04-25 CVE-2008-1768 Videolan Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC

Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.

6.8
2008-04-22 CVE-2008-1911 1024 CMS SQL Injection vulnerability in 1024 CMS 1024 CMS 1.4.2

SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 beta and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a cookpass cookie.

6.8
2008-04-22 CVE-2008-1679 Python Software Foundation Numeric Errors vulnerability in Python Software Foundation Python 2.4

Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows.

6.8
2008-04-22 CVE-2008-1102 Blender Buffer Errors vulnerability in Blender 2.45

Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.

6.8
2008-04-25 CVE-2008-1958 Easyscripts Code Injection vulnerability in Easyscripts TR Script News 2.1

Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension.

6.5
2008-04-25 CVE-2008-1938 Sony Improper Authentication vulnerability in Sony Mylo COM 2

Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks.

6.4
2008-04-27 CVE-2008-1968 Cezannesw SQL Injection vulnerability in Cezannesw Cezanne 7

Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp.

6.0
2008-04-23 CVE-2008-1918 PHP Fusion SQL Injection vulnerability in PHP-Fusion 6.00.307/6.01.14

SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action.

6.0
2008-04-27 CVE-2008-1979 Broadcom Numeric Errors vulnerability in Broadcom Brightstor Arcserve Backup

The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read.

5.0
2008-04-24 CVE-2008-1928 Imager Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Imager

Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause a denial of service (crash) via an image based fill in which the number of input channels is different from the number of output channels.

5.0
2008-04-24 CVE-2008-1927 Perl Resource Management Errors vulnerability in Perl 5.8.8

Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters.

5.0
2008-04-24 CVE-2008-1925 Inspircd Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Inspircd

Buffer overflow in InspIRCd before 1.1.18, when using the namesx and uhnames modules, allows remote attackers to cause a denial of service (daemon crash) via a large number of channel users with crafted nicknames, idents, and long hostnames.

5.0
2008-04-22 CVE-2008-1905 Nero Improper Input Validation vulnerability in Nero Mediahome and Nero

NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Nero 8.3.2.1 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long HTTP request to TCP port 54444, a different vector than CVE-2007-2322.

5.0
2008-04-22 CVE-2008-1902 Debian Remote Security vulnerability in Aptlinex

The GUI for aptlinex before 0.91 does not sufficiently warn the user of potentially dangerous actions, which allows remote attackers to remove or modify packages via an apt:// URL.

5.0
2008-04-25 CVE-2008-1940 Grsecurity Permissions, Privileges, and Access Controls vulnerability in Grsecurity Kernel Patch

The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and 2.1.11-2.4.36.2 does not enforce user_transition_deny and user_transition_allow rules for the (1) sys_setfsuid and (2) sys_setfsgid calls, which allows local users to bypass restrictions for those calls.

4.6
2008-04-22 CVE-2008-1694 GNU Link Following vulnerability in GNU Emacs and Sccs

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

4.6
2008-04-27 CVE-2008-1991 Acidcat Cross-Site Scripting vulnerability in Acidcat CMS 3.4.1

Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the field parameter.

4.3
2008-04-27 CVE-2008-1987 Encaps Cross-Site Scripting vulnerability in Encaps Encapsgallery 2.0.2

Cross-site scripting (XSS) vulnerability in search.php in EncapsGallery 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2008-04-27 CVE-2008-1986 Pixel Motion Cross-Site Scripting vulnerability in Pixel Motion Pixel Motion Blog

Cross-site scripting (XSS) vulnerability in liste_article.php in Blog Pixel Motion (aka PixelMotion) allows remote attackers to inject arbitrary web script or HTML via the jours parameter.

4.3
2008-04-27 CVE-2008-1985 Digital Hive Cross-Site Scripting vulnerability in Digital Hive Digitalhive 2.0

Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php.

4.3
2008-04-27 CVE-2008-1983 Anelectron Cross-Site Scripting vulnerability in Anelectron Advanced Electron Forum 1.0.6

Cross-site scripting (XSS) vulnerability in Advanced Electron Forum (AEF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the beg parameter in a members action to index.php.

4.3
2008-04-27 CVE-2008-1980 Drupal Cross-Site Scripting vulnerability in Drupal E-Publish

Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-04-27 CVE-2008-1977 Localizer Project
Internationalization Project
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors.

4.3
2008-04-27 CVE-2008-1976 Localizer Project
Internationalization Project
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in the Drupal modules (1) Internationalization (i18n) 5.x before 5.x-2.3 and 5.x-1.1 and 6.x before 6.x-1.0 beta 1; and (2) Localizer 5.x before 5.x-3.4, 5.x-2.1, and 5.x-1.11; allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-04-27 CVE-2008-1974 Horde Cross-Site Scripting vulnerability in Horde Groupware and Groupware Webmail Edition

Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

4.3
2008-04-27 CVE-2008-1972 Oicgroup Cross-Site Scripting vulnerability in Oicgroup Exponent CMS

Multiple cross-site scripting (XSS) vulnerabilities in the user account creation feature in Exponent CMS 0.96.6-GA20071003 and earlier, when the Allow Registration? configuration option is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) firstname, (3) lastname, and (4) e-mail address fields.

4.3
2008-04-27 CVE-2008-1967 Cezannesw Cross-Site Scripting vulnerability in Cezannesw Cezanne 6.5.1/7

Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in Cezanne 6.5.1 and 7 allows remote attackers to inject arbitrary web script or HTML via the SleUserName parameter.

4.3
2008-04-25 CVE-2008-1960 Contray Cross-Site Scripting vulnerability in Contray 3

Cross-site scripting (XSS) vulnerability in cgi-bin/contray/search.cgi in ContRay 3.x allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2008-04-25 CVE-2008-1956 Wikepage Cross-Site Scripting vulnerability in Wikepage Opus 132007.2

Cross-site scripting (XSS) vulnerability in index.php in Wikepage Opus 13 2007.2 allows remote attackers to inject arbitrary web script or HTML via the wiki parameter.

4.3
2008-04-25 CVE-2008-1955 Toocharger Cross-Site Scripting vulnerability in Toocharger Myboard 1.0.12

Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER MyBoard 1.0.12 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2008-04-25 CVE-2008-1953 Magnolia Cross-Site Scripting vulnerability in Magnolia Site Designer

Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1.1.5 search template in Magnolia Enterprise Edition allows remote attackers to inject arbitrary web script or HTML via the query parameter.

4.3
2008-04-25 CVE-2008-1933 Microsoft Path Traversal vulnerability in Microsoft Zune Software

Absolute path traversal vulnerability in a certain ActiveX control in Zune allows user-assisted remote attackers to overwrite arbitrary files via the SaveToFile method.

4.3
2008-04-23 CVE-2008-1897 Asterisk Improper Authentication vulnerability in Asterisk products

The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake.

4.3
2008-04-23 CVE-2008-1917 Amfphp Cross-Site Scripting vulnerability in Amfphp 1.2

Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) class parameter to (a) methodTable.php, (b) code.php, and (c) details.php in browser/; and the (2) location parameter to browser/code.php.

4.3
2008-04-23 CVE-2008-1916 Drupal Cross-Site Scripting vulnerability in Drupal Ubercart Module 51.0

Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428.

4.3
2008-04-23 CVE-2008-1386 S9Y Cross-Site Scripting vulnerability in S9Y Serendipity 1.3

Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field.

4.3
2008-04-23 CVE-2008-1385 S9Y Cross-Site Scripting vulnerability in S9Y Serendipity

Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.

4.3
2008-04-22 CVE-2008-1906 Cpcommerce Cross-Site Scripting vulnerability in Cpcommerce 1.1.0

Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action.

4.3
2008-04-21 CVE-2008-0165 Ikiwiki Cross-Site Request Forgery (CSRF) vulnerability in Ikiwiki

Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.

4.3
2008-04-27 CVE-2008-1966 IBM Buffer Errors vulnerability in IBM DB2 8.0/9.1/9.5

Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-04-27 CVE-2008-1978 Drupal Cross-Site Scripting vulnerability in Drupal Ubercart Module

Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428.

3.5
2008-04-27 CVE-2008-1969 Cezannesw Cross-Site Scripting vulnerability in Cezannesw Cezanne 6.5.1/7

Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp; (3) TitleParms, (4) WidgetsHeights, (5) WidgetsLinks, and (6) WidgetsTitles parameters to (b) CznCommon/CznCustomContainer.asp, (7) CFTARGET parameter to (c) home.asp, (8) PersonOid parameter to (d) PeopleWeb/Cards/CVCard.asp, (9) DESTLINKOID and PersonOID parameters to (e) PeopleWeb/Cards/PayrollCard.asp, and the (10) FolderTemplateId and (11) FolderTemplateName parameters to (f) PeopleWeb/CznDocFolder/CznDFStartProcess.asp.

3.5
2008-04-25 CVE-2008-1941 Akiva Cross-Site Scripting vulnerability in Akiva Webboard 8.0

Cross-site scripting (XSS) vulnerability in the profile update feature in Akiva WebBoard 8.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in the form field.

3.5
2008-04-23 CVE-2008-1924 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.

3.5
2008-04-27 CVE-2008-1970 Mucommander Credentials Management vulnerability in Mucommander

muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials.

2.1