Weekly Vulnerabilities Reports > May 5 to 11, 2008
Overview
64 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 67 products from 56 vendors including SUN, Redhat, PHP, Mozilla, and Canonical. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Resource Management Errors", "Path Traversal", and "Permissions, Privileges, and Access Controls".
- 58 reported vulnerabilities are remotely exploitables.
- 26 reported vulnerabilities have public exploit available.
- 36 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 58 reported vulnerabilities are exploitable by an anonymous user.
- SUN has the most reported vulnerabilities, with 5 reported vulnerabilities.
- PHP has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
7 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-05-05 | CVE-2008-2051 | PHP | Multiple vulnerability in PHP 5.2.5 and Prior Versions The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars." | 10.0 |
2008-05-05 | CVE-2008-2077 | Plain Black | Security vulnerability in Plain Black Webgui 7.4.34 Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown impact and attack vectors related to "data form list view." | 10.0 |
2008-05-07 | CVE-2008-2108 | PHP Fedoraproject Canonical Debian | Insufficient Entropy vulnerability in multiple products The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. | 9.8 |
2008-05-05 | CVE-2008-0599 | PHP Fedoraproject Canonical Apple | Incorrect Calculation of Buffer Size vulnerability in multiple products The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. | 9.8 |
2008-05-08 | CVE-2008-2042 | Adobe | Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function. | 9.3 |
2008-05-07 | CVE-2008-2111 | Yahoo | Resource Management Errors vulnerability in Yahoo Assistant The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption. | 9.3 |
2008-05-05 | CVE-2008-2081 | Siteman | Path Traversal vulnerability in Siteman 2.0 Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. | 9.0 |
30 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-05-08 | CVE-2008-2112 | Novell Redhat SUN | Privilege Escalation vulnerability in SUN RAY Server Software 4.0 Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig. | 8.5 |
2008-05-09 | CVE-2008-2121 | SUN | Configuration vulnerability in SUN Sunos 5.10/5.8/5.9 The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to cause a denial of service (CPU consumption and new connection timeouts) via a TCP SYN flood attack. | 7.8 |
2008-05-06 | CVE-2008-2092 | Linksys | Resource Management Errors vulnerability in Linksys Spa-2102 Phone Adapter 3.3.6 Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). | 7.8 |
2008-05-06 | CVE-2008-2090 | SUN | Resource Management Errors vulnerability in SUN Solaris 10 Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet. | 7.8 |
2008-05-06 | CVE-2008-2089 | SUN | Configuration vulnerability in SUN Solaris 10 Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet. | 7.8 |
2008-05-09 | CVE-2008-2135 | Visualshapers | SQL Injection vulnerability in Visualshapers Ezcontents 2.0.0 Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php. | 7.5 |
2008-05-09 | CVE-2008-2132 | Systementor | SQL Injection vulnerability in Systementor Postcardmentor SQL injection vulnerability in step1.asp in Systementor PostcardMentor allows remote attackers to execute arbitrary SQL commands via the cat_fldAuto parameter. | 7.5 |
2008-05-09 | CVE-2008-2130 | Igaming | SQL Injection vulnerability in Igaming CMS 1.5 SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-05-09 | CVE-2008-2128 | CMS Faethon | Code Injection vulnerability in CMS Faethon CMS Faethon 2.2 PHP remote file inclusion vulnerability in templates/header.php in CMS Faethon 2.2 Ultimate allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter, a different vulnerability than CVE-2006-5588 and CVE-2006-3185. | 7.5 |
2008-05-09 | CVE-2008-2125 | Musicbox | SQL Injection vulnerability in Musicbox 2.3.6/2.3.7 SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2.3.7 allows remote attackers to execute arbitrary SQL commands via the artistId parameter. | 7.5 |
2008-05-09 | CVE-2008-2124 | Fipsasp | SQL Injection vulnerability in Fipsasp Fipscms 2.1 SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS allows remote attackers to execute arbitrary SQL commands via the lg parameter. | 7.5 |
2008-05-09 | CVE-2008-2122 | IBM | Missing Release of Resource after Effective Lifetime vulnerability in IBM Rational Build Forge 7.0.2 IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a port scan, which spawns multiple bfagent server processes that attempt to read data from closed sockets. | 7.5 |
2008-05-08 | CVE-2008-2118 | Project Alumni | SQL Injection vulnerability in Project Alumni Project Alumni 1.0.9 SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-05-08 | CVE-2008-2114 | Preprojects | SQL Injection vulnerability in Preprojects PRE Shopping Mall 1.1 SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. | 7.5 |
2008-05-08 | CVE-2008-2113 | Phpeasydata | SQL Injection vulnerability in PHPeasydata 1.5.4 SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | 7.5 |
2008-05-07 | CVE-2008-2110 | QTO | Improper Input Validation vulnerability in QTO Qtofilemanager 1.0 Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request. | 7.5 |
2008-05-07 | CVE-2008-2107 | PHP | Numeric Errors vulnerability in PHP The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed. | 7.5 |
2008-05-06 | CVE-2008-2095 | Joomla Mambo Page Flip Tools | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | 7.5 |
2008-05-06 | CVE-2008-2094 | Xoops | SQL Injection vulnerability in Xoops Article Module SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-05-06 | CVE-2008-2093 | Joomla Joomlapolis Mambo | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php. | 7.5 |
2008-05-06 | CVE-2008-2091 | Kubelabs | Path Traversal vulnerability in Kubelabs Kubelance 1.6.4 Directory traversal vulnerability in ipn.php in KubeLabs Kubelance 1.6.4 allows remote attackers to include and execute arbitrary local files via the i parameter. | 7.5 |
2008-05-06 | CVE-2008-2088 | Phpforge | SQL Injection vulnerability in PHPforge PHP Forge 3.0 SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php. | 7.5 |
2008-05-06 | CVE-2008-2080 | Nasa Goddard Space Flight Center | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nasa Goddard Space Flight Center Common Data Format Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags. | 7.5 |
2008-05-05 | CVE-2008-2084 | Myarticles Runcms | SQL Injection vulnerability in multiple products SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a listarticles action. | 7.5 |
2008-05-05 | CVE-2008-2078 | Robocode | Permissions, Privileges, and Access Controls vulnerability in Robocode 1.0.7/1.4.9 Robocode before 1.6.0 allows user-assisted remote attackers to "access the internals of the Robocode game" via unspecified vectors related to the AWT Event Queue. | 7.5 |
2008-05-05 | CVE-2008-2076 | Actualscripts | Path Traversal vulnerability in Actualscripts Actualanalyzer Lite 2.78 Directory traversal vulnerability in admin.php in ActualScripts ActualAnalyzer Lite 2.78 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-05-05 | CVE-2008-2074 | Successkid | Code Injection vulnerability in Successkid Harris WAP Chat 1.0 Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/. | 7.5 |
2008-05-05 | CVE-2008-2073 | Virtual Design Studios | Path Traversal vulnerability in Virtual Design Studios Vlbook 1.21 Directory traversal vulnerability in include/global.inc.php in Virtual Design Studio vlbook 1.21 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-05-08 | CVE-2008-1659 | HP | Local Unauthorized Access vulnerability in HP-UX LDAP-UX Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors. | 7.2 |
2008-05-08 | CVE-2007-6282 | Redhat | Configuration vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV. | 7.1 |
26 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-05-08 | CVE-2008-1669 | Linux | Race Condition vulnerability in Linux Kernel Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table." | 6.9 |
2008-05-09 | CVE-2008-2134 | TRU Zone | Improper Input Validation vulnerability in Tru-Zone Nukeet The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to obtain access to arbitrary user accounts, and alter or delete data, via a modified username in an unspecified cookie. | 6.8 |
2008-05-09 | CVE-2008-2129 | Cine | SQL Injection vulnerability in Cine Galleristic 1.0 SQL injection vulnerability in index.php in Galleristic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 6.8 |
2008-05-07 | CVE-2008-2106 | Activision | Improper Input Validation vulnerability in Activision Call of Duty 4 Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated users to cause a denial of service (crash) via a type 7 stats packet, which triggers a memcpy with a negative value. | 6.8 |
2008-05-07 | CVE-2008-2096 | Backlinkspider | SQL Injection vulnerability in Backlinkspider Backlink Spider SQL injection vulnerability in BackLinkSpider allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to a site-specific component name such as link.php or backlinkspider.php. | 6.8 |
2008-05-06 | CVE-2008-2087 | Softbiz | SQL Injection vulnerability in Softbiz web Hosting Directory Script SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817. | 6.8 |
2008-05-05 | CVE-2008-2083 | Prozilla | SQL Injection vulnerability in Prozilla Hosting Index SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | 6.8 |
2008-05-09 | CVE-2008-2120 | SUN | Information Exposure vulnerability in SUN products Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors. | 5.0 |
2008-05-06 | CVE-2008-2005 | Wonderware | Resource Management Errors vulnerability in Wonderware Intouch and Suitelink The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure. | 5.0 |
2008-05-08 | CVE-2008-1615 | Redhat AMD | Resource Management Errors vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls. | 4.9 |
2008-05-08 | CVE-2007-5498 | Linux | Resource Management Errors vulnerability in Linux Kernel 2.6.18 The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks. | 4.9 |
2008-05-08 | CVE-2007-5001 | Redhat | Resource Management Errors vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file. | 4.9 |
2008-05-05 | CVE-2008-2079 | Mysql Oracle Debian Canonical | Permissions, Privileges, and Access Controls vulnerability in multiple products MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. | 4.6 |
2008-05-08 | CVE-2008-2116 | Scriptsez | Path Traversal vulnerability in Scriptsez Power Editor 2.0 Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. | 4.4 |
2008-05-09 | CVE-2008-2133 | TRU Zone | Cross-Site Scripting vulnerability in Tru-Zone Nukeet Cross-site scripting (XSS) vulnerability in the Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter in a new entry, as demonstrated by a CSS property in the STYLE attribute of a DIV element, a different vulnerability than CVE-2008-1873. | 4.3 |
2008-05-09 | CVE-2008-2131 | Myvietnam | Cross-Site Scripting vulnerability in Myvietnam Mvnforum 1.1 Cross-site scripting (XSS) vulnerability in mvnForum 1.1 GA allows remote authenticated users to inject arbitrary web script or HTML via the topic field, which is later displayed by user/viewthread.jsp through use of the "quick reply button." | 4.3 |
2008-05-09 | CVE-2008-2127 | CMS Faethon | Cross-Site Scripting vulnerability in CMS Faethon CMS Faethon 2.2Ultimate Cross-site scripting (XSS) vulnerability in search.php in CMS Faethon 2.2 Ultimate allows remote attackers to inject arbitrary web script or HTML via the what parameter. | 4.3 |
2008-05-09 | CVE-2008-2126 | TUX CMS | Cross-Site Scripting vulnerability in TUX CMS TUX CMS 0.1 Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to index.php and the (2) returnURL parameter to tux-login.php. | 4.3 |
2008-05-09 | CVE-2008-2123 | SAP | Cross-Site Scripting vulnerability in SAP Internet Transaction Server 6200.1017.50954.0Build730827 Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114. | 4.3 |
2008-05-08 | CVE-2008-2117 | Project Alumni | Cross-Site Scripting vulnerability in Project Alumni Project Alumni 1.0.9 Cross-site scripting (XSS) vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126. | 4.3 |
2008-05-08 | CVE-2008-2115 | Scriptsez | Cross-Site Scripting vulnerability in Scriptsez Power Editor 2.0 Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) te and (2) dir parameters in a tempedit action. | 4.3 |
2008-05-07 | CVE-2008-2103 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Bugzilla Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list. | 4.3 |
2008-05-05 | CVE-2008-2082 | Siteman | Cross-Site Scripting vulnerability in Siteman 2.0 Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message. | 4.3 |
2008-05-05 | CVE-2008-2075 | Astrocam | Cross-Site Scripting vulnerability in Astrocam Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 through 2.7.3 allows remote attackers to inject arbitrary web script or HTML via the picfile parameter. | 4.3 |
2008-05-05 | CVE-2008-2072 | Virtual Design Studios | Cross-Site Scripting vulnerability in Virtual Design Studios Vlbook 1.21 Cross-site scripting (XSS) vulnerability in index.php in Virtual Design Studio vlbook 1.21 allows remote attackers to inject arbitrary web script or HTML via the l parameter, a different vector than CVE-2006-3260. | 4.3 |
2008-05-07 | CVE-2008-2104 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla 3.1.3 The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check. | 4.0 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-05-07 | CVE-2008-2105 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. | 3.5 |