Weekly Vulnerabilities Reports > April 21 to 27, 2008
Overview
92 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 96 products from 74 vendors including Microsoft, Acidcat, Drupal, Cpcommerce, and Cezannesw. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Code Injection".
- 85 reported vulnerabilities are remotely exploitables.
- 42 reported vulnerabilities have public exploit available.
- 49 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 80 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
11 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-04-27 | CVE-2008-1989 | 123Flashchat E107 | Code Injection vulnerability in multiple products PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter. | 10.0 |
| 2008-04-22 | CVE-2008-1914 | Bigantsoft | Buffer Errors vulnerability in Bigantsoft Bigant Messenger 2.2 Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080. | 10.0 |
| 2008-04-22 | CVE-2008-1910 | Borland | Buffer Errors vulnerability in Borland Interbase 2007 Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. | 10.0 |
| 2008-04-27 | CVE-2008-1973 | Artur Sikora | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Artur Sikora Subedit Player 4056/4066 Heap-based buffer overflow in SubEdit Player build 4056 and 4066 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long subtitle file. | 9.3 |
| 2008-04-25 | CVE-2008-1965 | IBM | Code Injection vulnerability in IBM Lotus Expeditor Client and Lotus Symphany Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname. | 9.3 |
| 2008-04-23 | CVE-2008-1765 | Adobe | Buffer Errors vulnerability in Adobe Photoshop 3.2 Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and possibly After Effects CS3, allows user-assisted remote attackers and physically proximate attackers to execute arbitrary code via a BMP file with an invalid image header. | 9.3 |
| 2008-04-23 | CVE-2007-6255 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method. | 9.3 |
| 2008-04-22 | CVE-2008-1912 | Divx | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Divx Player Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long subtitle in a .SRT file. | 9.3 |
| 2008-04-21 | CVE-2008-1898 | Microsoft | Improper Input Validation vulnerability in Microsoft Office and Works A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. | 9.3 |
| 2008-04-27 | CVE-2008-1988 | Encaps | Improper Input Validation vulnerability in Encaps Encapsgallery 2.0.2 Unrestricted file upload vulnerability in the file_upload function in core/misc.class.php in EncapsGallery 2.0.2 allows remote authenticated administrators to upload and execute arbitrary PHP files by uploading a file with an executable extension, then accessing it via a direct request to the file in the rwx_gallery directory. | 9.0 |
| 2008-04-21 | CVE-2008-1436 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft products Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping. | 9.0 |
31 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-04-27 | CVE-2008-1984 | Broadcom | Resource Management Errors vulnerability in Broadcom Secure Content Manager 1.1/8.0 The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure Content Manager 8.0.28000.511 and earlier allows remote attackers to cause a denial of service (crash or CPU consumption) via a malformed packet to TCP port 1882. | 7.8 |
| 2008-04-27 | CVE-2008-1993 | Acidcat | Permissions, Privileges, and Access Controls vulnerability in Acidcat CMS 3.4.1 Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files. | 7.5 |
| 2008-04-27 | CVE-2008-1992 | Acidcat | Permissions, Privileges, and Access Controls vulnerability in Acidcat CMS 3.4.1 Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote attackers to bypass restrictions and relay email messages with modified From, FromName, and To fields. | 7.5 |
| 2008-04-27 | CVE-2008-1990 | Acidcat | SQL Injection vulnerability in Acidcat CMS 3.4.1 Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp. | 7.5 |
| 2008-04-27 | CVE-2008-1982 | Wordpress | SQL Injection vulnerability in Wordpress Wpss SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | 7.5 |
| 2008-04-27 | CVE-2008-1975 | Cogites | SQL Injection vulnerability in Cogites E Reserve 2.1 SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter. | 7.5 |
| 2008-04-27 | CVE-2008-1971 | Phphq | Improper Authentication vulnerability in PHPhq Phshoutbox Final phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php. | 7.5 |
| 2008-04-25 | CVE-2008-1963 | Quate | Code Injection vulnerability in Quate Grape web Statistics 0.2A PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter. | 7.5 |
| 2008-04-25 | CVE-2008-1961 | PHP Resource | SQL Injection vulnerability in PHP Resource Voice of web Allmyguests 0.4.1 SQL injection vulnerability in index.php in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to execute arbitrary SQL commands via the AMG_id parameter in a comments action. | 7.5 |
| 2008-04-25 | CVE-2008-1959 | Sipp | Buffer Errors vulnerability in Sipp 3.0 Stack-based buffer overflow in the get_remote_video_port_media function in call.cpp in SIPp 3.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SIP message. | 7.5 |
| 2008-04-25 | CVE-2008-1957 | Easyscripts | SQL Injection vulnerability in Easyscripts TR Script News 2.1 SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode. | 7.5 |
| 2008-04-25 | CVE-2008-1954 | Webcalendar | SQL Injection vulnerability in Webcalendar web Calendar PRO 4.0 SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | 7.5 |
| 2008-04-25 | CVE-2008-1939 | Aspindir | SQL Injection vulnerability in Aspindir Philboard 1.0 Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) topic parameters to (a) philboard_reply.asp, and the (3) forumid parameter to (b) philboard_newtopic.asp, different vectors than CVE-2007-2641 and CVE-2007-0920. | 7.5 |
| 2008-04-25 | CVE-2008-1936 | Classifieds Caffe | SQL Injection vulnerability in Classifieds Caffe Classifieds Caffe SQL injection vulnerability in index.php in Classifieds Caffe allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an add action. | 7.5 |
| 2008-04-25 | CVE-2008-1935 | Joomla | SQL Injection vulnerability in Joomla 1.0.4 SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter. | 7.5 |
| 2008-04-25 | CVE-2008-1934 | Crazy Goomba | SQL Injection vulnerability in Crazy Goomba Crazy Goomba 1.2.1 SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-04-23 | CVE-2008-1921 | 5TH Avenue Software | SQL Injection vulnerability in 5TH Avenue Software 5TH Avenue Shopping Cart 1.2 SQL injection vulnerability in store_pages/category_list.php in 5th Avenue Shopping Cart 1.2 trial edition allows remote attackers to execute arbitrary SQL commands via the category_ID parameter. | 7.5 |
| 2008-04-23 | CVE-2008-1920 | ICQ | Buffer Errors vulnerability in ICQ Mirabilis ICQ 6.0 Heap-based buffer overflow in the boxelyRenderer module in the Personal Status Manager feature in ICQ 6.0 build 6043 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted personal status message. | 7.5 |
| 2008-04-23 | CVE-2008-1919 | Yourfreeworld | SQL Injection vulnerability in Yourfreeworld Apartment Search Script SQL injection vulnerability in listtest.php in YourFreeWorld Apartment Search Script allows remote attackers to execute arbitrary SQL commands via the r parameter. | 7.5 |
| 2008-04-23 | CVE-2008-1915 | Devworx | SQL Injection vulnerability in Devworx Blogworx 1.0 SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-04-22 | CVE-2008-1913 | Lasernet CMS | SQL Injection vulnerability in Lasernet CMS Lasernet CMS 1.11/1.5 SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the new parameter in a new action. | 7.5 |
| 2008-04-22 | CVE-2008-1909 | Chadha Software Technologies | SQL Injection vulnerability in Chadha Software Technologies PHPkb Knowledge Base 1.5/2.0 SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
| 2008-04-22 | CVE-2008-1908 | Cpcommerce | Path Traversal vulnerability in Cpcommerce 1.1.0 Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2008-04-22 | CVE-2008-1907 | Cpcommerce | SQL Injection vulnerability in Cpcommerce 1.1.0 Multiple SQL injection vulnerabilities in functions/display_page.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components. | 7.5 |
| 2008-04-22 | CVE-2008-1904 | Cicoandcico | Improper Authentication vulnerability in Cicoandcico Ccmail 1.0 Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote attackers to obtain access to the "admin area" via a modified this_cookie cookie. | 7.5 |
| 2008-04-22 | CVE-2008-1903 | Newanz | Code Injection vulnerability in Newanz Newsoffice 1.0/1.1 PHP remote file inclusion vulnerability in news_show.php in Newanz NewsOffice 1.0 and 1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsoffice_directory parameter. | 7.5 |
| 2008-04-22 | CVE-2008-1900 | Carbon Communities | Remote Security vulnerability in Carbon Communities option_Update.asp in Carbon Communities 2.4 and earlier allows remote attackers to edit arbitrary member information via a modified ID field. | 7.5 |
| 2008-04-22 | CVE-2008-1613 | Reddot | SQL Injection vulnerability in Reddot CMS 6.5/7.0/7.5 SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter. | 7.5 |
| 2008-04-27 | CVE-2008-1994 | Ahmed Abdel Hamid Mohamed | Buffer Errors vulnerability in Ahmed Abdel-Hamid Mohamed Acon 1.0.55/1.0.56/1.0.57 Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and (c) child.c in Acon 1.0.5-5 through 1.0.5-7 allow local users to execute arbitrary code via (1) a long HOME environment variable or (2) a large number of terminal columns. | 7.2 |
| 2008-04-22 | CVE-2008-1901 | Debian | Link Following vulnerability in Debian Aptlinex aptlinex before 0.91 allows local users to overwrite arbitrary files via a symlink attack on the gambas-apt.lock temporary file. | 7.2 |
| 2008-04-23 | CVE-2008-1923 | Asterisk | Configuration vulnerability in Asterisk products The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message. | 7.1 |
45 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-04-27 | CVE-2008-1981 | E Publish Project | Cross-Site Request Forgery (CSRF) vulnerability in E-Publish Project E-Publish 5.X1.0/5.X1.X/6.X1.X Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors. | 6.8 |
| 2008-04-25 | CVE-2008-1962 | Chimaera | Path Traversal vulnerability in Chimaera Aterr 0.9.1 Multiple directory traversal vulnerabilities in Aterr 0.9.1 allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2008-04-25 | CVE-2008-0712 | HP | Information Disclosure and Remote Code Execution vulnerability in HP HPeDiag ActiveX Control Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. | 6.8 |
| 2008-04-25 | CVE-2008-1942 | Foxit Software | Improper Input Validation vulnerability in Foxit Software Reader 2.2 Foxit Reader 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with (1) a malformed ExtGState resource containing a /Font resource, or (2) an XObject resource with a Rotate setting, which triggers memory corruption. | 6.8 |
| 2008-04-25 | CVE-2008-1937 | Moinmoin | Permissions, Privileges, and Access Controls vulnerability in Moinmoin 1.6.0/1.6.1/1.6.2 The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges. | 6.8 |
| 2008-04-25 | CVE-2008-1932 | Microsoft Realtek | Numeric Errors vulnerability in Realtek HD Audio Codec Drivers Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allows local users to execute arbitrary code via a crafted IOCTL request. | 6.8 |
| 2008-04-25 | CVE-2008-1931 | Microsoft Realtek | Permissions, Privileges, and Access Controls vulnerability in Realtek HD Audio Codec Drivers Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request. | 6.8 |
| 2008-04-25 | CVE-2008-1768 | Videolan | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow. | 6.8 |
| 2008-04-22 | CVE-2008-1911 | 1024 CMS | SQL Injection vulnerability in 1024 CMS 1024 CMS 1.4.2 SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 beta and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a cookpass cookie. | 6.8 |
| 2008-04-22 | CVE-2008-1102 | Blender | Buffer Errors vulnerability in Blender 2.45 Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image. | 6.8 |
| 2008-04-25 | CVE-2008-1958 | Easyscripts | Code Injection vulnerability in Easyscripts TR Script News 2.1 Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension. | 6.5 |
| 2008-04-25 | CVE-2008-1938 | Sony | Improper Authentication vulnerability in Sony Mylo COM 2 Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks. | 6.4 |
| 2008-04-27 | CVE-2008-1968 | Cezannesw | SQL Injection vulnerability in Cezannesw Cezanne 7 Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp. | 6.0 |
| 2008-04-23 | CVE-2008-1918 | PHP Fusion | SQL Injection vulnerability in PHP-Fusion 6.00.307/6.01.14 SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. | 6.0 |
| 2008-04-27 | CVE-2008-1979 | Broadcom | Numeric Errors vulnerability in Broadcom Brightstor Arcserve Backup The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read. | 5.0 |
| 2008-04-24 | CVE-2008-1928 | Imager | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Imager Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause a denial of service (crash) via an image based fill in which the number of input channels is different from the number of output channels. | 5.0 |
| 2008-04-24 | CVE-2008-1927 | Perl | Resource Management Errors vulnerability in Perl 5.8.8 Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. | 5.0 |
| 2008-04-24 | CVE-2008-1925 | Inspircd | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Inspircd Buffer overflow in InspIRCd before 1.1.18, when using the namesx and uhnames modules, allows remote attackers to cause a denial of service (daemon crash) via a large number of channel users with crafted nicknames, idents, and long hostnames. | 5.0 |
| 2008-04-22 | CVE-2008-1905 | Nero | Improper Input Validation vulnerability in Nero Mediahome and Nero NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Nero 8.3.2.1 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long HTTP request to TCP port 54444, a different vector than CVE-2007-2322. | 5.0 |
| 2008-04-22 | CVE-2008-1902 | Debian | Remote Security vulnerability in Aptlinex The GUI for aptlinex before 0.91 does not sufficiently warn the user of potentially dangerous actions, which allows remote attackers to remove or modify packages via an apt:// URL. | 5.0 |
| 2008-04-25 | CVE-2008-1940 | Grsecurity | Permissions, Privileges, and Access Controls vulnerability in Grsecurity Kernel Patch The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and 2.1.11-2.4.36.2 does not enforce user_transition_deny and user_transition_allow rules for the (1) sys_setfsuid and (2) sys_setfsgid calls, which allows local users to bypass restrictions for those calls. | 4.6 |
| 2008-04-22 | CVE-2008-1694 | GNU | Link Following vulnerability in GNU Emacs and Sccs vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.6 |
| 2008-04-27 | CVE-2008-1991 | Acidcat | Cross-Site Scripting vulnerability in Acidcat CMS 3.4.1 Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the field parameter. | 4.3 |
| 2008-04-27 | CVE-2008-1987 | Encaps | Cross-Site Scripting vulnerability in Encaps Encapsgallery 2.0.2 Cross-site scripting (XSS) vulnerability in search.php in EncapsGallery 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
| 2008-04-27 | CVE-2008-1986 | Pixel Motion | Cross-Site Scripting vulnerability in Pixel Motion Pixel Motion Blog Cross-site scripting (XSS) vulnerability in liste_article.php in Blog Pixel Motion (aka PixelMotion) allows remote attackers to inject arbitrary web script or HTML via the jours parameter. | 4.3 |
| 2008-04-27 | CVE-2008-1985 | Digital Hive | Cross-Site Scripting vulnerability in Digital Hive Digitalhive 2.0 Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php. | 4.3 |
| 2008-04-27 | CVE-2008-1983 | Anelectron | Cross-Site Scripting vulnerability in Anelectron Advanced Electron Forum 1.0.6 Cross-site scripting (XSS) vulnerability in Advanced Electron Forum (AEF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the beg parameter in a members action to index.php. | 4.3 |
| 2008-04-27 | CVE-2008-1980 | Drupal | Cross-Site Scripting vulnerability in Drupal E-Publish Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-04-27 | CVE-2008-1977 | Localizer Project Internationalization Project | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors. | 4.3 |
| 2008-04-27 | CVE-2008-1976 | Localizer Project Internationalization Project | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the Drupal modules (1) Internationalization (i18n) 5.x before 5.x-2.3 and 5.x-1.1 and 6.x before 6.x-1.0 beta 1; and (2) Localizer 5.x before 5.x-3.4, 5.x-2.1, and 5.x-1.11; allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-04-27 | CVE-2008-1974 | Horde | Cross-Site Scripting vulnerability in Horde Groupware and Groupware Webmail Edition Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 4.3 |
| 2008-04-27 | CVE-2008-1972 | Oicgroup | Cross-Site Scripting vulnerability in Oicgroup Exponent CMS Multiple cross-site scripting (XSS) vulnerabilities in the user account creation feature in Exponent CMS 0.96.6-GA20071003 and earlier, when the Allow Registration? configuration option is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) firstname, (3) lastname, and (4) e-mail address fields. | 4.3 |
| 2008-04-27 | CVE-2008-1967 | Cezannesw | Cross-Site Scripting vulnerability in Cezannesw Cezanne 6.5.1/7 Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in Cezanne 6.5.1 and 7 allows remote attackers to inject arbitrary web script or HTML via the SleUserName parameter. | 4.3 |
| 2008-04-25 | CVE-2008-1960 | Contray | Cross-Site Scripting vulnerability in Contray 3 Cross-site scripting (XSS) vulnerability in cgi-bin/contray/search.cgi in ContRay 3.x allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
| 2008-04-25 | CVE-2008-1956 | Wikepage | Cross-Site Scripting vulnerability in Wikepage Opus 132007.2 Cross-site scripting (XSS) vulnerability in index.php in Wikepage Opus 13 2007.2 allows remote attackers to inject arbitrary web script or HTML via the wiki parameter. | 4.3 |
| 2008-04-25 | CVE-2008-1955 | Toocharger | Cross-Site Scripting vulnerability in Toocharger Myboard 1.0.12 Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER MyBoard 1.0.12 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
| 2008-04-25 | CVE-2008-1953 | Magnolia | Cross-Site Scripting vulnerability in Magnolia Site Designer Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1.1.5 search template in Magnolia Enterprise Edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |
| 2008-04-25 | CVE-2008-1933 | Microsoft | Path Traversal vulnerability in Microsoft Zune Software Absolute path traversal vulnerability in a certain ActiveX control in Zune allows user-assisted remote attackers to overwrite arbitrary files via the SaveToFile method. | 4.3 |
| 2008-04-23 | CVE-2008-1917 | Amfphp | Cross-Site Scripting vulnerability in Amfphp 1.2 Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) class parameter to (a) methodTable.php, (b) code.php, and (c) details.php in browser/; and the (2) location parameter to browser/code.php. | 4.3 |
| 2008-04-23 | CVE-2008-1916 | Drupal | Cross-Site Scripting vulnerability in Drupal Ubercart Module 51.0 Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428. | 4.3 |
| 2008-04-23 | CVE-2008-1386 | S9Y | Cross-Site Scripting vulnerability in S9Y Serendipity 1.3 Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. | 4.3 |
| 2008-04-23 | CVE-2008-1385 | S9Y | Cross-Site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header. | 4.3 |
| 2008-04-22 | CVE-2008-1906 | Cpcommerce | Cross-Site Scripting vulnerability in Cpcommerce 1.1.0 Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action. | 4.3 |
| 2008-04-21 | CVE-2008-0165 | Ikiwiki | Cross-Site Request Forgery (CSRF) vulnerability in Ikiwiki Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms. | 4.3 |
| 2008-04-27 | CVE-2008-1966 | IBM | Buffer Errors vulnerability in IBM DB2 8.0/9.1/9.5 Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar. | 4.0 |
5 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-04-27 | CVE-2008-1978 | Drupal | Cross-Site Scripting vulnerability in Drupal Ubercart Module Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428. | 3.5 |
| 2008-04-27 | CVE-2008-1969 | Cezannesw | Cross-Site Scripting vulnerability in Cezannesw Cezanne 6.5.1/7 Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp; (3) TitleParms, (4) WidgetsHeights, (5) WidgetsLinks, and (6) WidgetsTitles parameters to (b) CznCommon/CznCustomContainer.asp, (7) CFTARGET parameter to (c) home.asp, (8) PersonOid parameter to (d) PeopleWeb/Cards/CVCard.asp, (9) DESTLINKOID and PersonOID parameters to (e) PeopleWeb/Cards/PayrollCard.asp, and the (10) FolderTemplateId and (11) FolderTemplateName parameters to (f) PeopleWeb/CznDocFolder/CznDFStartProcess.asp. | 3.5 |
| 2008-04-25 | CVE-2008-1941 | Akiva | Cross-Site Scripting vulnerability in Akiva Webboard 8.0 Cross-site scripting (XSS) vulnerability in the profile update feature in Akiva WebBoard 8.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in the form field. | 3.5 |
| 2008-04-23 | CVE-2008-1924 | Phpmyadmin | Information Exposure vulnerability in PHPmyadmin Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable. | 3.5 |
| 2008-04-27 | CVE-2008-1970 | Mucommander | Credentials Management vulnerability in Mucommander muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials. | 2.1 |