Weekly Vulnerabilities Reports > April 28 to May 4, 2008

Overview

68 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 22 high severity vulnerabilities. This weekly summary report vulnerabilities in 79 products from 66 vendors including Minibb, Apple, Linux, Wordpress, and IBM. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Code Injection".

  • 58 reported vulnerabilities are remotely exploitables.
  • 16 reported vulnerabilities have public exploit available.
  • 27 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 63 reported vulnerabilities are exploitable by an anonymous user.
  • Minibb has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-05-02 CVE-2008-2064 Phpgedview Remote vulnerability in PhpGedView

Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to "a fundamental design flaw in the interface (API) to connect phpGedView with external programs like content management systems."

10.0
2008-04-30 CVE-2008-2041 Egroupware Code Injection vulnerability in Egroupware 1.4.001/1.4.002

Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root.

10.0
2008-05-02 CVE-2008-2069 Novell Buffer Errors vulnerability in Novell Groupwise 7.0

Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI.

9.3
2008-04-30 CVE-2008-2015 Watchfire Path Traversal vulnerability in Watchfire Appscan 7.0

Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) CompactSave and (2) SaveSession method in one control, and the (3) saveRecordedExploreToFile method in a different control.

9.3
2008-04-30 CVE-2008-2010 Microsoft
Apple
Remote Code Execution vulnerability in Apple QuickTime

Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file.

9.3
2008-04-29 CVE-2008-2008 Cerulean Studios Buffer Errors vulnerability in Cerulean Studios Trillian 3.1.9.0

Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message.

9.3
2008-04-28 CVE-2008-1670 KDE Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in KDE

Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.

9.3
2008-04-28 CVE-2008-1997 IBM Code Injection vulnerability in IBM DB2 Server

Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors.

9.0

22 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-04-28 CVE-2008-1998 Microsoft
IBM
Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.0/9.1/9.5

The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.

8.5
2008-04-28 CVE-2008-2002 Motorola Cross-Site Request Forgery (CSRF) vulnerability in Motorola Surfboard Sb5100

Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the "Restart Cable Modem" value in the BUTTON_INPUT parameter to configdata.html, and (2) cause a denial of service (hard reset) via the "Reset All Defaults" value in the BUTTON_INPUT parameter to configdata.html.

7.8
2008-05-02 CVE-2008-2067 Minibb SQL Injection vulnerability in Minibb 2.2A

SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action.

7.5
2008-05-02 CVE-2008-2065 Yourfreeworld SQL Injection vulnerability in Yourfreeworld Jokes Site Script

SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter.

7.5
2008-05-02 CVE-2008-2063 Joovili SQL Injection vulnerability in Joovili 3.1

SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter.

7.5
2008-05-01 CVE-2008-2047 Aspindir SQL Injection vulnerability in Aspindir Angelo-Emlak 1.0

Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp.

7.5
2008-05-01 CVE-2008-2044 Netoffice Code Injection vulnerability in Netoffice Dwins 1.3

includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php.

7.5
2008-05-01 CVE-2008-1381 Zoneminder Code Injection vulnerability in Zoneminder

ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.

7.5
2008-04-30 CVE-2008-2040 Peercast Buffer Errors vulnerability in Peercast 0.1218

Stack-based buffer overflow in the HTTP::getAuthUserPass function (core/common/http.cpp) in Peercast 0.1218 and gnome-peercast allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Basic Authentication string with a long (1) username or (2) password.

7.5
2008-04-30 CVE-2008-2036 Dream4 SQL Injection vulnerability in Dream4 Koobi 6.25

SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter in a poll action.

7.5
2008-04-30 CVE-2008-2034 Wordpress SQL Injection vulnerability in Wordpress Download Monitor Plugin 2.0.6

SQL injection vulnerability in wp-download_monitor/download.php in the Download Monitor 2.0.6 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-04-30 CVE-2008-2023 PD9 Software SQL Injection vulnerability in PD9 Software Megabbs 2.2

Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp.

7.5
2008-04-30 CVE-2008-2021 Lhaplus Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Lhaplus

Heap-based buffer overflow in Lhaplus before 1.57 allows remote attackers to execute arbitrary code via a long comment field in a ZOO archive.

7.5
2008-04-30 CVE-2008-2019 Simple Machines Permissions, Privileges, and Access Controls vulnerability in Simple Machines SMF 1.1.4

Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances.

7.5
2008-04-30 CVE-2008-2017 Chilkat Software Path Traversal vulnerability in Chilkat Software Chicomas 2.0.4

Directory traversal vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-04-30 CVE-2008-2016 Chilkat Software Code Injection vulnerability in Chilkat Software Chicomas 2.0.4

PHP remote file inclusion vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter to the default URI under install/.

7.5
2008-04-30 CVE-2008-2012 Postnuke Software Foundation SQL Injection vulnerability in Postnuke Software Foundation Postschedule 1.0

SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action.

7.5
2008-04-28 CVE-2008-2003 Badblue Permissions, Privileges, and Access Controls vulnerability in Badblue 2.72

BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe.

7.5
2008-04-28 CVE-2008-1930 Wordpress Improper Authentication vulnerability in Wordpress 2.5

The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue.

7.5
2008-04-28 CVE-2008-1995 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Java System Directory Server 6.0/6.1/6.2

Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server.

7.5
2008-05-02 CVE-2008-1675 Linux Resource Management Errors vulnerability in Linux Kernel

The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory.

7.2
2008-04-30 CVE-2008-1736 Comodo Local vulnerability in Comodo Firewall Pro SSDT Hooks

Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table (SSDT) functions, which allows local users to cause a denial of service (system crash) via (1) a crafted OBJECT_ATTRIBUTES structure in a call to the NtDeleteFile function, which leads to improper validation of a ZwQueryObject result; and unspecified calls to the (2) NtCreateFile and (3) NtSetThreadContext functions, different vectors than CVE-2007-0709.

7.2

35 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-05-02 CVE-2008-1375 Linux
Canonical
Opensuse
Suse
Debian
Fedoraproject
Race Condition vulnerability in multiple products

Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.

6.9
2008-04-30 CVE-2008-1737 Sophos Improper Input Validation vulnerability in Sophos Anti-Virus 7.0.5

Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argument to the NtCreateKey hooked System Service Descriptor Table (SSDT) function.

6.9
2008-04-28 CVE-2008-1103 Blender Link Following vulnerability in Blender

Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."

6.9
2008-05-01 CVE-2007-6339 Akamai Technologies Code Injection vulnerability in Akamai Technologies Download Manager

The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters."

6.8
2008-04-30 CVE-2008-2029 Minibb SQL Injection vulnerability in Minibb

Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php.

6.8
2008-04-30 CVE-2008-2020 E107
Labgab
My123Tkshop
Opendb
PHP Nuke
Phpmybittorrent
Phpnuke
Torrentflux
Webze
Permissions, Privileges, and Access Controls vulnerability in multiple products

The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.

6.8
2008-04-30 CVE-2008-2013 Pnflashgames SQL Injection vulnerability in Pnflashgames 1.5/2.5

SQL injection vulnerability in index.php in the pnFlashGames 1.5 through 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a display action.

6.8
2008-04-30 CVE-2008-2038 Turnkey Solutions SQL Injection vulnerability in Turnkey Solutions Sunshop Shopping Cart 4.1.0

Multiple SQL injection vulnerabilities in admin/adminindex.php in Turnkey Web Tools SunShop Shopping Cart 4.1.0 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) orderby and (2) sort parameters.

6.5
2008-04-30 CVE-2008-2027 RSA Information Exposure vulnerability in RSA Authentication Agent 5.3.0.258

Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258 for Web for IIS, when accessed via certain browsers such as Mozilla Firefox, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an ftp URL in the url parameter to a Redirect action.

5.8
2008-05-01 CVE-2008-2045 Sugarcrm Path Traversal vulnerability in Sugarcrm 4.5.1/5.0.0

Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote attackers to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds directory.

5.0
2008-04-30 CVE-2008-2032 Acritum Improper Input Validation vulnerability in Acritum Femitter Server 1.03

The FTP service in Acritum Femitter Server 1.03 allows remote attackers to cause a denial of service (crash) by sending multiple crafted RETR commands.

5.0
2008-04-30 CVE-2008-2031 Vicftps Improper Input Validation vulnerability in Vicftps 5.0

VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference.

5.0
2008-04-30 CVE-2008-2014 Mozilla Resource Management Errors vulnerability in Mozilla Firefox 3.0

Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.

5.0
2008-04-28 CVE-2008-1999 Apple Remote Security vulnerability in Apple Safari 3.1.1

Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.

5.0
2008-04-28 CVE-2008-1996 Licq Resource Management Errors vulnerability in Licq

licq before 1.3.6 allows remote attackers to cause a denial of service (file-descriptor exhaustion and application crash) via a large number of connections.

5.0
2008-04-30 CVE-2008-1735 Bitdefender Denial of Service vulnerability in Bitdefender Antivirus 2008

BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid pointer to the CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function.

4.9
2008-04-29 CVE-2008-1293 Ltsp Permissions, Privileges, and Access Controls vulnerability in Ltsp Linux Terminal Server Project 0.99/2

ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 (aka display :6).

4.8
2008-04-28 CVE-2008-1671 KDE Configuration vulnerability in KDE

start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes.

4.6
2008-05-02 CVE-2008-2068 Wordpress Cross-Site Scripting vulnerability in Wordpress 2.5

Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-05-02 CVE-2008-2066 Minibb Cross-Site Scripting vulnerability in Minibb 2.2A

Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to inject arbitrary web script or HTML via the whatus parameter in a searchusers2 action.

4.3
2008-05-02 CVE-2008-2052 Bitrix Link Following vulnerability in Bitrix Site Manager 6.5

Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.

4.3
2008-05-01 CVE-2008-2049 E Post Corporation Information Exposure vulnerability in E-Post Corporation Mail Server 4.10/Enterprise4.10

The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message.

4.3
2008-05-01 CVE-2008-2048 Aspindir Cross-Site Scripting vulnerability in Aspindir Angelo-Emlak 1.0

Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter.

4.3
2008-05-01 CVE-2008-2046 Softpedia Cross-Site Scripting vulnerability in Softpedia Sitexs CMS 0.1.1

Cross-site scripting (XSS) vulnerability in index.php in Softpedia SiteXS CMS 0.1.1 Pre-Alpha allows remote attackers to inject arbitrary web script or HTML via the user parameter.

4.3
2008-05-01 CVE-2008-2043 Cpanel Cross-Site Request Forgery (CSRF) vulnerability in Cpanel 11.18.3/11.19.3

Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html.

4.3
2008-04-30 CVE-2008-2035 Bluemoon
Xoops
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc.

4.3
2008-04-30 CVE-2008-2030 F5 Cross-Site Scripting vulnerability in F5 Firepass 4100 and Firepass SSL VPN

Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string.

4.3
2008-04-30 CVE-2008-2028 Minibb Information Exposure vulnerability in Minibb

miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to obtain the full path via a direct request to the glang parameter in a registernew action to index.php, which leaks the path in an error message.

4.3
2008-04-30 CVE-2008-2026 RSA Cross-Site Scripting vulnerability in RSA Authentication Agent

Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258, and other versions before 5.3.3.378, allows remote attackers to inject arbitrary web script or HTML via a URL-encoded postdata parameter.

4.3
2008-04-30 CVE-2008-2024 Minibb Cross-Site Scripting vulnerability in Minibb

Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registernew action.

4.3
2008-04-30 CVE-2008-2022 PD9 Software Cross-Site Scripting vulnerability in PD9 Software Megabbs 2.2

Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp.

4.3
2008-04-30 CVE-2008-2011 National Rail Enquiries Cross-Site Scripting vulnerability in National Rail Enquiries National Rail Enquiries Live Departure Boards

Cross-site scripting (XSS) vulnerability in the National Rail Enquiries Live Departure Boards gadget before 1.1 allows remote National Rail Enquiries servers or man-in-the-middle attackers to inject arbitrary web script or HTML, and execute arbitrary code, via a response body, as demonstrated by a SCRIPT element that references a vbscript: URI.

4.3
2008-04-28 CVE-2008-2001 Apple Buffer Errors vulnerability in Apple Safari 3.1.1

Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference.

4.3
2008-04-28 CVE-2008-2000 Apple Resource Management Errors vulnerability in Apple Safari 3.1.1

Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.

4.3
2008-04-30 CVE-2008-2018 Phpizabi Information Exposure vulnerability in PHPizabi 0.848B

The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "{user.password}" comment in the profile of the admin user.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-04-30 CVE-2008-2037 Editeurscripts Cross-Site Scripting vulnerability in Editeurscripts Escontacts 1.0

Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts EsContacts 1.0 allow remote authenticated users to inject arbitrary web script or HTML via the msg parameter to (1) login.php, (2) importer.php, (3) add_groupe.php, (4) contacts.php, (5) groupes.php, and (6) search.php.

3.5
2008-05-02 CVE-2008-1294 Linux Improper Input Validation vulnerability in Linux Kernel

Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.

2.1
2008-04-30 CVE-2008-1738 Rising Global Improper Input Validation vulnerability in Rising-Global Rising Antivirus

Rising Antivirus 2008 before 20.38.20 allows local users to cause a denial of service (system crash) via an invalid pointer to the _CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function.

2.1