Weekly Vulnerabilities Reports > May 12 to 18, 2008

Overview

157 new vulnerabilities reported during this period, including 19 critical vulnerabilities and 58 high severity vulnerabilities. This weekly summary report vulnerabilities in 155 products from 101 vendors including Maianscriptworld, Microsoft, Cisco, Redhat, and Symantec. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Permissions, Privileges, and Access Controls", "Improper Input Validation", and "Code Injection".

  • 141 reported vulnerabilities are remotely exploitables.
  • 52 reported vulnerabilities have public exploit available.
  • 63 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 150 reported vulnerabilities are exploitable by an anonymous user.
  • Maianscriptworld has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

19 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-05-14 CVE-2008-2221 IBM Unspecified vulnerability in IBM Websphere Application Server 5.0.2

Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors.

10.0
2008-05-14 CVE-2008-2214 Castle Rock Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Castle Rock Snmpc

Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet.

10.0
2008-05-14 CVE-2008-2192 Itcms Code Injection vulnerability in Itcms 1.9

Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter.

10.0
2008-05-13 CVE-2008-1922 Sarg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sarg Squid Analysis Report Generator

Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file.

10.0
2008-05-12 CVE-2008-2161 Microsoft
Tftp
Buffer Errors vulnerability in Tftp Server SP 1.4/1.5

Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet.

10.0
2008-05-12 CVE-2008-2144 SUN Remote Code Execution vulnerability in SUN Sunos 5.10/5.8/5.9

Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors.

10.0
2008-05-18 CVE-2008-2283 Idautomation Improper Input Validation vulnerability in Idautomation products

IDAutomation allows remote attackers to overwrite arbitrary files via the argument to the (1) SaveBarCode and (2) SaveEnhWMF methods in (a) the IDAuto.BarCode.1 ActiveX control in IDAutomationLinear6.dll (aka IDAutomation Linear BarCode) 1.6.0.6, (b) the IDAuto.Datamatrix.1 ActiveX control in IDAutomationDMATRIX6.DLL (aka IDautomation Datamatrix Barcode) 1.6.0.6, (c) the IDAuto.PDF417.1 ActiveX control in IDAutomationPDF417_6.dll (aka IDautomation PDF417 Barcode) 1.6.0.6, and (d) the IDAuto.Aztec.1 ActiveX control in IDAutomationAZTEC.dll (aka IDautomation Aztec Barcode) 1.7.1.0.

9.3
2008-05-18 CVE-2008-2281 Microsoft Unspecified vulnerability in Microsoft IE 6.0/7.0/8.0B

Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document.

9.3
2008-05-16 CVE-2008-1423 Redhat
Xiph ORG
Numeric Errors vulnerability in Xiph.Org Libvorbis

Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.

9.3
2008-05-14 CVE-2008-2228 Cyberfolio Code Injection vulnerability in Cyberfolio 7.2

PHP remote file inclusion vulnerability in portfolio/commentaires/derniers_commentaires.php in Cyberfolio 7.12, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rep parameter.

9.3
2008-05-13 CVE-2008-1434 Microsoft Resource Management Errors vulnerability in Microsoft products

Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.

9.3
2008-05-13 CVE-2008-1091 Microsoft Code Injection vulnerability in Microsoft products

Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."

9.3
2008-05-13 CVE-2008-0119 Microsoft Code Injection vulnerability in Microsoft Office

Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."

9.3
2008-05-12 CVE-2008-2160 Microsoft Code Injection vulnerability in Microsoft Windows CE 5.0

Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images.

9.3
2008-05-12 CVE-2008-1803 Rdesktop Numeric Errors vulnerability in Rdesktop 1.5.0

Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow.

9.3
2008-05-12 CVE-2008-1802 Rdesktop Buffer Errors vulnerability in Rdesktop 1.5.0

Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields.

9.3
2008-05-12 CVE-2008-1801 Rdesktop Numeric Errors vulnerability in Rdesktop 1.5.0

Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.

9.3
2008-05-16 CVE-2008-2273 Arubanetworks Remote vulnerability in Arubanetworks Arubaos 3.1/3.2

Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remote authenticated users to gain privileges via unknown vectors.

9.0
2008-05-14 CVE-2008-2216 Pbcs Permissions, Privileges, and Access Controls vulnerability in Pbcs Project-Based Calendaring System 0.7.1

Unrestricted file upload vulnerability in src/yopy_upload.php in Project-Based Calendaring System (PBCS) 0.7.1 allows remote authenticated users to upload arbitrary files to tmp/uploads.

9.0

58 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-05-16 CVE-2008-2136 Linux
Debian
Canonical
Resource Management Errors vulnerability in multiple products

Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.

7.8
2008-05-16 CVE-2008-1748 Cisco Improper Input Validation vulnerability in Cisco Unified Communications Manager

Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355.

7.8
2008-05-16 CVE-2008-1747 Cisco Improper Input Validation vulnerability in Cisco Unified Communications Manager

Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944.

7.8
2008-05-16 CVE-2008-1746 Cisco Improper Input Validation vulnerability in Cisco Unified Communications Manager

The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113.

7.8
2008-05-16 CVE-2008-1745 Cisco Improper Input Validation vulnerability in Cisco Unified Communications Manager

Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.

7.8
2008-05-16 CVE-2008-1744 Cisco Improper Input Validation vulnerability in Cisco products

The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770.

7.8
2008-05-16 CVE-2008-1743 Cisco Resource Management Errors vulnerability in Cisco Unified Communications Manager

Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433.

7.8
2008-05-16 CVE-2008-1742 Cisco Resource Management Errors vulnerability in Cisco Unified Communications Manager

Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609.

7.8
2008-05-16 CVE-2008-1741 Cisco Improper Input Validation vulnerability in Cisco Unified Presence 6.01

The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533.

7.8
2008-05-16 CVE-2008-1740 Cisco Improper Input Validation vulnerability in Cisco Unified Presence 6.01

The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified "stress test," aka Bug ID CSCsh20972.

7.8
2008-05-16 CVE-2008-1158 Cisco Improper Input Validation vulnerability in Cisco Unified Presence and Unified Presence Server

The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164.

7.8
2008-05-14 CVE-2008-1749 Cisco Resource Management Errors vulnerability in Cisco products

Memory leak in Cisco Content Switching Module (CSM) 4.2(3) up to 4.2(8) and Cisco Content Switching Module with SSL (CSM-S) 2.1(2) up to 2.1(7) allows remote attackers to cause a denial of service (memory consumption) via TCP segments with an unspecified combination of TCP flags.

7.8
2008-05-13 CVE-2008-0166 Openssl Project Cryptographic Issues vulnerability in Openssl Project Openssl

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

7.8
2008-05-18 CVE-2008-2301 Phpway SQL Injection vulnerability in PHPway Kostenloses Linkmanagementscript

SQL injection vulnerability in Kostenloses Linkmanagementscript allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) top_view.php.

7.5
2008-05-18 CVE-2008-2298 Sourceforge Improper Authentication vulnerability in Sourceforge web Slider 0.6

Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1.

7.5
2008-05-18 CVE-2008-2297 Roticv Permissions, Privileges, and Access Controls vulnerability in Roticv Rantx 1.0

The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "<?php" or "?>", which is present in the password file and probably passes an insufficient comparison.

7.5
2008-05-18 CVE-2008-2296 Rgboard Code Injection vulnerability in Rgboard 3.0.12

PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in Rgboard 3.0.12 allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.

7.5
2008-05-18 CVE-2008-2294 Mreaves Permissions, Privileges, and Access Controls vulnerability in Mreaves PET Grooming Management System 2.0

Pet Grooming Management System 2.0 allows remote attackers to gain privileges via a direct request to useradded.php with a modified user name for "admin."

7.5
2008-05-18 CVE-2008-2293 Tpvgames Permissions, Privileges, and Access Controls vulnerability in Tpvgames Mpcs 1.0/1.1

admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1.

7.5
2008-05-18 CVE-2008-2291 Symantec Credentials Management vulnerability in Symantec Altiris Deployment Solution 6.8

axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials.

7.5
2008-05-18 CVE-2008-2286 Symantec SQL Injection vulnerability in Symantec Altiris Deployment Solution 6.8/6.9

SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.

7.5
2008-05-18 CVE-2008-2284 Fusebox Code Injection vulnerability in Fusebox 5.5.1

PHP remote file inclusion vulnerability in fusebox5.php in Fusebox 5.5.1 allows remote attackers to execute arbitrary PHP code via a URL in the FUSEBOX_APPLICATION_PATH parameter.

7.5
2008-05-18 CVE-2008-2282 Thomas Voecking Improper Authentication vulnerability in Thomas Voecking Internet Photoshow Null

admin.php in Internet Photoshow and Internet Photoshow Special Edition (SE) allows remote attackers to bypass authentication by setting the login_admin cookie to true.

7.5
2008-05-16 CVE-2008-2278 Freelanceauction SQL Injection vulnerability in Freelanceauction Freelance Auction Script 1.0

SQL injection vulnerability in browseproject.php in Freelance Auction Script 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a pdetails action.

7.5
2008-05-16 CVE-2008-2277 Cmsnx SQL Injection vulnerability in Cmsnx Feedback and Rating Script 1.0

SQL injection vulnerability in detail.php in Feedback and Rating Script 1.0 allows remote attackers to execute arbitrary SQL commands via the listingid parameter.

7.5
2008-05-16 CVE-2008-2275 Typo3 Code Injection vulnerability in Typo3 SR Feuser Register Extension

Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to execute arbitrary code and delete arbitrary files via unspecified attack vectors.

7.5
2008-05-16 CVE-2008-2270 Phpway Code Injection vulnerability in PHPway Kostenloses Linkmanagementscript

Multiple PHP remote file inclusion vulnerabilities in PHPWAY Kostenloses Linkmanagementscript allow remote attackers to execute arbitrary PHP code via a URL in the (1) main_page_directory and (2) page_to_include parameters in template\index.php.

7.5
2008-05-16 CVE-2008-2269 Kevin Ludlow Improper Authentication vulnerability in Kevin Ludlow Austinsmoke Gastracker 1.0.0

AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers to bypass authentication and gain privileges by setting the gastracker_admin cookie to TRUE.

7.5
2008-05-16 CVE-2008-2267 CMS Made Simple Improper Input Validation vulnerability in CMS Made Simple CMS Made Simple 1.2.4

Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to execute arbitrary code by uploading a file with a name ending in (1) .jsp, (2) .php3, (3) .cgi, (4) .dhtml, (5) .phtml, (6) .php5, or (7) .jar, then accessing it via a direct request to the file in modules/FileManager/postlet/.

7.5
2008-05-16 CVE-2008-2265 Emophp SQL Injection vulnerability in Emophp EMO Realty Manager

SQL injection vulnerability in news.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the ida parameter.

7.5
2008-05-16 CVE-2008-2263 Cmsnx SQL Injection vulnerability in Cmsnx Automated Link Exchange Portal

SQL injection vulnerability in linking.page.php in Automated Link Exchange Portal allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

7.5
2008-05-14 CVE-2008-2225 Gamecms SQL Injection vulnerability in Gamecms Lite 1.0

SQL injection vulnerability in index.php in gameCMS Lite 1.0 allows remote attackers to execute arbitrary SQL commands via the systemId parameter.

7.5
2008-05-14 CVE-2008-2223 Buyscripts SQL Injection vulnerability in Buyscripts Vshare Youtube Clone 2.6

SQL injection vulnerability in group_posts.php in vShare YouTube Clone 2.6 allows remote attackers to execute arbitrary SQL commands via the tid parameter.

7.5
2008-05-14 CVE-2008-2222 Eqdkp SQL Injection vulnerability in Eqdkp 1.3.2F

SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote attackers to bypass EQdkp user authentication via the user_id parameter.

7.5
2008-05-14 CVE-2008-2208 Maianscriptworld SQL Injection vulnerability in Maianscriptworld Maian Greeting 2.1

SQL injection vulnerability in index.php in Maian Greeting 2.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action.

7.5
2008-05-14 CVE-2008-2205 Maianscriptworld SQL Injection vulnerability in Maianscriptworld Maian Music 1.1

SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action.

7.5
2008-05-14 CVE-2008-2203 Maianscriptworld SQL Injection vulnerability in Maianscriptworld Maian Search 1.1

SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action.

7.5
2008-05-14 CVE-2008-2197 Miniweb2 SQL Injection vulnerability in Miniweb2 Blog Writer 2.0

SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php.

7.5
2008-05-14 CVE-2008-2194 Deluxebb SQL Injection vulnerability in Deluxebb

SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.

7.5
2008-05-14 CVE-2008-2193 Scorpnews Code Injection vulnerability in Scorpnews 2.0

PHP remote file inclusion vulnerability in example.php in Thomas Gossmann ScorpNews 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.

7.5
2008-05-13 CVE-2008-2184 Toocharger SQL Injection vulnerability in Toocharger Smartblog 1.3

Multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) mois, (2) an, (3) jour, and (4) id parameters to index.php, and the (5) login parameter to gestion/logon.php, different vectors than CVE-2008-2183.

7.5
2008-05-13 CVE-2008-2183 Toocharger SQL Injection vulnerability in Toocharger Smartblog 1.3

SQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to execute arbitrary SQL commands via the idt parameter.

7.5
2008-05-13 CVE-2008-2175 Gamma Scripts SQL Injection vulnerability in Gamma Scripts Blogme PHP 1.1

SQL injection vulnerability in comments.php in Gamma Scripts BlogMe PHP 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-05-12 CVE-2008-2149 Wordnet Buffer Errors vulnerability in Wordnet 2.0/2.1/3.0

Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option.

7.5
2008-05-12 CVE-2008-2146 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.

7.5
2008-05-12 CVE-2008-2085 Icewalkers Buffer Errors vulnerability in Icewalkers Sipp 3.1

Multiple stack-based buffer overflows in the (1) get_remote_ip_media and (2) get_remote_ipv6_media functions in call.cpp in SIPp 3.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted SIP message.

7.5
2008-05-12 CVE-2008-1677 RED HAT
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.

7.5
2008-05-18 CVE-2008-2290 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution 6.8/6.9

Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors.

7.2
2008-05-18 CVE-2008-2289 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution

Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors.

7.2
2008-05-18 CVE-2008-2287 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution 6.8/6.9

Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse.

7.2
2008-05-14 CVE-2008-1944 Redhat
Xensource
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xensource XEN 3.0/3.0.3

Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of messages." https://bugzilla.redhat.com/show_bug.cgi?id=443078 "The PVFB backend is a user space program running as root in dom0"

7.2
2008-05-13 CVE-2008-0322 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows XP

The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges.

7.2
2008-05-12 CVE-2008-2145 Novell Buffer Errors vulnerability in Novell Client 4.91

Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long username in the "forgotten password" dialog.

7.2
2008-05-13 CVE-2008-2173 Yamaha Improper Input Validation vulnerability in Yamaha Router

Unspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.

7.1
2008-05-13 CVE-2008-2172 Hitachi Improper Input Validation vulnerability in Hitachi Gr2000, Gr3000 and Gr4000

Unspecified vulnerability in Hitachi GR routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.

7.1
2008-05-13 CVE-2008-2171 Alaxala Improper Input Validation vulnerability in Alaxala AX Router

Unspecified vulnerability in AlaxalA AX routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.

7.1
2008-05-13 CVE-2008-2170 Century Software Improper Input Validation vulnerability in Century Software Router

Unspecified vulnerability in Century routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.

7.1
2008-05-13 CVE-2008-2169 Avici
Hitachi
Improper Input Validation vulnerability in multiple products

Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.

7.1

74 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-05-18 CVE-2008-2292 NET Snmp Buffer Errors vulnerability in Net-Snmp 5.1.4/5.2.4/5.4.1

Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).

6.8
2008-05-16 CVE-2008-2276 Matisbt Cross-Site Request Forgery (CSRF) vulnerability in Matisbt Mantis 1.1.1

Cross-site request forgery (CSRF) vulnerability in manage_user_create.php in Mantis 1.1.1 allows remote attackers to create new administrative users via a crafted link.

6.8
2008-05-16 CVE-2008-1420 Redhat
Xiph ORG
Numeric Errors vulnerability in Xiph.Org Libvorbis

Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.

6.8
2008-05-14 CVE-2008-2227 PHP Fusion Path Traversal vulnerability in PHP-Fusion Forum Rank System 6

Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a ..

6.8
2008-05-14 CVE-2008-2224 Sazcart Code Injection vulnerability in Sazcart 1.5.1

Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _saz[settings][site_dir] parameter to layouts/default/header.saz.php and the (2) _saz[settings][site_url] parameter to admin/alayouts/default/pages/login.php.

6.8
2008-05-14 CVE-2008-2220 Interact Code Injection vulnerability in Interact 2.4.1

Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to modules/forum/embedforum.php and the (2) CONFIG[BASE_PATH] parameter to modules/scorm/lib.inc.php, different vectors than CVE-2006-4448.

6.8
2008-05-14 CVE-2008-2217 Mario Valdez Path Traversal vulnerability in Mario Valdez Content Management System 0.6.1

Directory traversal vulnerability in cm/graphie.php in Content Management System 0.6.1 for Phprojekt allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-05-14 CVE-2008-2199 Kkeim Code Injection vulnerability in Kkeim Kmita Mail

PHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode.php in Kmita Mail 3.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

6.8
2008-05-14 CVE-2008-2198 Kmita Tellfriend Code Injection vulnerability in Kmita Tellfriend

PHP remote file inclusion vulnerability in kmitaadmin/kmitat/htmlcode.php in Kmita Tellfriend 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

6.8
2008-05-14 CVE-2008-2191 Postnuke Software Foundation SQL Injection vulnerability in Postnuke Software Foundation Pnencyclopedia

SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and earlier for PostNuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a display_term action to index.php.

6.8
2008-05-14 CVE-2008-2190 Romedchim International SRL SQL Injection vulnerability in Romedchim International SRL Online Rent Property Script 4.2/4.3/4.4

SQL injection vulnerability in index.php in Online Rent (aka Online Rental Property Script) 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter.

6.8
2008-05-14 CVE-2008-2189 Anserv SQL Injection vulnerability in Anserv Auction XL

SQL injection vulnerability in viewfaqs.php in AnServ Auction XL allows remote attackers to execute arbitrary SQL commands via the cat parameter.

6.8
2008-05-13 CVE-2008-2180 Cplinks SQL Injection vulnerability in Cplinks 1.03

Multiple SQL injection vulnerabilities in cpLinks 1.03, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) admin_username parameter (aka the username field) to admin/index.php and the (2) search_text and (3) search_category parameters to search.php.

6.8
2008-05-13 CVE-2008-2177 PHP Directory Source SQL Injection vulnerability in PHP Directory Source PHPdirectorysource 1.1.06

Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to show.php and the (2) login parameter to admin.php.

6.8
2008-05-13 CVE-2008-0713 HP Remote Denial of Service vulnerability in HP Hp-Ux 11.11/11.23/11.31

Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors.

6.8
2008-05-12 CVE-2008-2142 GNU Unspecified vulnerability in GNU Emacs and Xemacs

Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.

6.8
2008-05-18 CVE-2008-2300 Citrix Permissions, Privileges, and Access Controls vulnerability in Citrix products

Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors.

6.5
2008-05-14 CVE-2008-2195 Deluxebb Code Injection vulnerability in Deluxebb

Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and earlier allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI.

6.5
2008-05-13 CVE-2008-2174 Shelter Manager Permissions, Privileges, and Access Controls vulnerability in Shelter Manager Animal Shelter Manager

Multiple unspecified vulnerabilities in Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 have unknown impact and attack vectors, related to "various areas where security was missing."

6.5
2008-05-12 CVE-2008-2139 Rpath Permissions, Privileges, and Access Controls vulnerability in Rpath Appliance Platform Agent 2/3

The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.

6.5
2008-05-18 CVE-2008-2299 Microsoft
Citrix
Cryptographic Issues vulnerability in Citrix products

Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions.

5.0
2008-05-18 CVE-2008-2285 Ubuntu Cryptographic Issues vulnerability in Ubuntu Linux 7.04/7.10/8.04

The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.

5.0
2008-05-16 CVE-2008-2279 Freelance Auction Credentials Management vulnerability in Freelance Auction Freelance Auction Script 1.0

Freelance Auction Script 1.0 stores user passwords in plaintext in the tbl_users table, which allows attackers to gain privileges by reading the table.

5.0
2008-05-16 CVE-2008-2271 Site Documentation Project Improper Privilege Management vulnerability in Site Documentation Project Site Documentation

The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database.

5.0
2008-05-14 CVE-2008-2226 Openkm Permissions, Privileges, and Access Controls vulnerability in Openkm 1.0/1.1

Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors.

5.0
2008-05-14 CVE-2008-2218 Nortel Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nortel Multimedia Communications Server

Buffer overflow in the Multimedia PC Client in Nortel Multimedia Communication Server (MCS) before Maintenance Release 3.5.8.3 and 4.0.25.3 allows remote attackers to cause a denial of service (crash) via a flood of "extraneous" messages, as demonstrated by the Nessus "Generic flood" denial of service plugin.

5.0
2008-05-14 CVE-2008-2215 Pbcs Path Traversal vulnerability in Pbcs Project-Based Calendaring System 0.7.11

Multiple directory traversal vulnerabilities in Project-Based Calendaring System (PBCS) 0.7.1-1 allow remote attackers to read arbitrary files via a ..

5.0
2008-05-13 CVE-2008-1438 Microsoft Resource Management Errors vulnerability in Microsoft products

Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.

5.0
2008-05-13 CVE-2008-1437 Microsoft Resource Management Errors vulnerability in Microsoft products

Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.

5.0
2008-05-12 CVE-2008-2138 Oracle Permissions, Privileges, and Access Controls vulnerability in Oracle Application Server Portal 10G

Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request.

5.0
2008-05-12 CVE-2008-1880 Gentoo
Firebird
Credentials Management vulnerability in Firebird 2.0.3.12981.0

The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password.

5.0
2008-05-12 CVE-2008-2004 Qemu Information Exposure vulnerability in Qemu 0.9.1

The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.

4.9
2008-05-18 CVE-2008-0167 Debian
Gforge
Link Following vulnerability in Gforge 4.5.14

The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.

4.6
2008-05-12 CVE-2008-2147 Videolan Permissions, Privileges, and Access Controls vulnerability in Videolan VLC

Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.

4.6
2008-05-16 CVE-2008-2266 Nzbget
Uudeview
Link Following vulnerability in multiple products

uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function.

4.4
2008-05-18 CVE-2008-2295 Rgboard Cross-Site Scripting vulnerability in Rgboard

Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard 3.0.12, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the s_text parameter and other unspecified vectors.

4.3
2008-05-16 CVE-2008-2280 Scriptphp Cross-Site Scripting vulnerability in Scriptphp Picengine 1.0

Cross-site scripting (XSS) vulnerability in admin/index.php in Script PHP PicEngine 1.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter.

4.3
2008-05-16 CVE-2008-2274 Typo3 Cross-Site Scripting vulnerability in Typo3 SR Feuser Register Extension

Cross-site scripting (XSS) vulnerability in the sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-05-16 CVE-2008-2272 Aruba Networks Cross-Site Scripting vulnerability in Aruba Networks Aruba Mobility Controller

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.5.x, 2.5.6.x, 3.1.1.x, 3.2.0.x, and 3.3.1.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-05-16 CVE-2008-2268 Mdsjack Remote Security vulnerability in Mdsjack Mjguest 6.7Gtrev1

Open redirect vulnerability in interface/redirect.htm.php in Mjguest 6.7 GT Rev.01 allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter in a redirect action to mjguest.php.

4.3
2008-05-16 CVE-2008-2264 Oued Cross-Site Scripting vulnerability in Oued Cyrixmed 1.4

Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4 allows remote attackers to inject arbitrary web script or HTML via the msg_erreur parameter.

4.3
2008-05-16 CVE-2008-2165 Cisco Cross-Site Scripting vulnerability in Cisco Building Broadband Service Manager 5.3

Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2008-05-16 CVE-2008-2009 Xiph ORG
Canonical
Denial-Of-Service vulnerability in Libvorbis

Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.

4.3
2008-05-16 CVE-2008-1419 Redhat
Xiph ORG
Improper Input Validation vulnerability in Xiph.Org Libvorbis

Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.

4.3
2008-05-14 CVE-2008-2219 C News FR Cross-Site Scripting vulnerability in C-News.Fr C-News 1.0.1

Cross-site scripting (XSS) vulnerability in install.php in C-News.fr C-News 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the etape parameter.

4.3
2008-05-14 CVE-2008-2213 Maianscriptworld Cross-Site Scripting vulnerability in Maianscriptworld Maian Links 3.1

Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Links 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters.

4.3
2008-05-14 CVE-2008-2212 Maianscriptworld Cross-Site Scripting vulnerability in Maianscriptworld Maian Cart 1.1

Multiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_adminheader, (2) msg_adminheader2, (3) msg_adminheader3, (4) msg_adminheader4, and unspecified other parameters to admin/inc/header.php; the (5) msg_script3 and unspecified other parameters to admin/inc/footer.php; and the (6) keywords parameter to index.php in a search action.

4.3
2008-05-14 CVE-2008-2211 Maianscriptworld Cross-Site Scripting vulnerability in Maianscriptworld Maian Guestbook 3.2

Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Guestbook 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters.

4.3
2008-05-14 CVE-2008-2210 Maianscriptworld Cross-Site Scripting vulnerability in Maianscriptworld Maian Support 1.3

Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script, (2) msg_script2, and (3) msg_script3 parameters to admin/inc/footer.php; and the (4) msg_script2 parameter to admin/inc/header.php.

4.3
2008-05-14 CVE-2008-2209 Maianscriptworld Cross-Site Scripting vulnerability in Maianscriptworld Maian Greeting 2.1

Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Greeting 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script and (2) msg_script2 parameters.

4.3
2008-05-14 CVE-2008-2207 Maianscriptworld Cross-Site Scripting vulnerability in Maianscriptworld Maian Gallery 2.0

Cross-site scripting (XSS) vulnerability in admin/index.php in Maian Gallery 2.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.

4.3
2008-05-14 CVE-2008-2206 Maianscriptworld Cross-Site Scripting vulnerability in Maianscriptworld Maian Music 1.1

Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter in a search action to index.php, and the (2) msg_script parameter to admin/inc/footer.php.

4.3
2008-05-14 CVE-2008-2204 Maianscriptworld Cross-Site Scripting vulnerability in Maianscriptworld Maian Search 1.1

Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Search 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters.

4.3
2008-05-14 CVE-2008-2202 Maianscriptworld Cross-Site Scripting vulnerability in Maianscriptworld Maian Uploader 4.0

Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action.

4.3
2008-05-14 CVE-2008-2201 Maianscriptworld Cross-Site Scripting vulnerability in Maianscriptworld Maian Recipe 1.2

Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Recipe 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters.

4.3
2008-05-14 CVE-2008-2200 Maianscriptworld Cross-Site Scripting vulnerability in Maianscriptworld Maian Weblog 4.0

Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to admin/index.php in a blogs search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action.

4.3
2008-05-14 CVE-2008-2196 Lifetype Cross-Site Scripting vulnerability in Lifetype 1.2.8

Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the newBlogUserName parameter in an addBlogUser action, a different vector than CVE-2008-2178.

4.3
2008-05-13 CVE-2007-5803 Nagios Cross-Site Scripting vulnerability in Nagios

Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360.

4.3
2008-05-13 CVE-2008-2188 Eejj33 Cross-Site Scripting vulnerability in Eejj33 Blackbook 1.0

Multiple cross-site scripting (XSS) vulnerabilities in EJ3 BlackBook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) bookCopyright and (2) ver parameters to (a) footer.php, and the (3) bookName, (4) bookMetaTags, and (5) estiloCSS parameters to (b) header.php.

4.3
2008-05-13 CVE-2008-2187 Mdsjack Cross-Site Scripting vulnerability in Mdsjack Mjguest 6.7

Cross-site scripting (XSS) vulnerability in mjguest.php in Mjguest 6.7 GT Rev.01 allows remote attackers to inject arbitrary web script or HTML via the level parameter in a redirect action, possibly involving interface/redirect.htm.php.

4.3
2008-05-13 CVE-2008-2186 Cilekyazilim Cross-Site Scripting vulnerability in Cilekyazilim Chicomas 2.0.4

Cross-site scripting (XSS) vulnerability in index.php in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2008-05-13 CVE-2008-2185 Toocharger Path Traversal vulnerability in Toocharger Smartblog 1.3

Directory traversal vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to include arbitrary local files via directory traversal sequences in the page parameter.

4.3
2008-05-13 CVE-2008-2182 In2Code Cross-Site Scripting vulnerability in In2Code Powermail

Cross-site scripting (XSS) vulnerability in the powermail extension before 1.1.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-05-13 CVE-2008-2181 Cplinks Cross-Site Scripting vulnerability in Cplinks 1.03

Multiple cross-site scripting (XSS) vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the (1) search_text and (2) search_category parameters.

4.3
2008-05-13 CVE-2008-2179 Ilient Cross-Site Scripting vulnerability in Ilient Sysaid 5.1.08

Cross-site scripting (XSS) vulnerability in SystemList.jsp in SysAid 5.1.08 allows remote attackers to inject arbitrary web script or HTML via the searchField parameter.

4.3
2008-05-13 CVE-2008-2178 Lifetype Cross-Site Scripting vulnerability in Lifetype 1.2.7

Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the searchTerms parameter in an editArticleCategories operation (aka an admin category search).

4.3
2008-05-13 CVE-2008-2176 Zomp Cross-Site Scripting vulnerability in Zomp Zomplog 3.8.2

Cross-site scripting (XSS) vulnerability in admin/category.php in Zomplog 3.8.2 allows remote attackers to inject arbitrary web script or HTML via the catname parameter.

4.3
2008-05-13 CVE-2008-2168 Apache Cross-Site Scripting vulnerability in Apache Http Server

Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.

4.3
2008-05-13 CVE-2008-2167 Zyxel Cross-Site Scripting vulnerability in Zyxel Zywall 100

Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows remote attackers to inject arbitrary web script or HTML via the Referer header, which is not properly handled in a 404 Error page.

4.3
2008-05-13 CVE-2008-2166 SUN Cross-Site Scripting vulnerability in SUN Java System web Server 6.1/7.0

Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp.

4.3
2008-05-13 CVE-2008-2163 IBM
Microsoft
Cross-Site Scripting vulnerability in IBM Lotus Quickr 8.1

Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors."

4.3
2008-05-12 CVE-2008-2162 Sonicwall Cross-Site Scripting vulnerability in Sonicwall E-Mail Security 6.1.1

Cross-site scripting (XSS) vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the Host header in a request to a non-existent web page, which is not properly sanitized in an error page.

4.3
2008-05-12 CVE-2008-2071 Cpanel Cross-Site Request Forgery (CSRF) vulnerability in Cpanel

Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors.

4.3
2008-05-12 CVE-2008-2070 Cpanel Cross-Site Scripting vulnerability in Cpanel

The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.

4.3

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-05-18 CVE-2008-2288 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution 6.8/6.9

Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information.

3.6
2008-05-12 CVE-2008-2148 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service.

3.6
2008-05-12 CVE-2008-2140 Rpath Cross-Site Request Forgery (CSRF) vulnerability in Rpath Appliance Platform Agent 2/3

Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL.

2.6
2008-05-14 CVE-2008-1943 Redhat
Xensource
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xensource XEN

Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted description of a shared framebuffer.

2.1
2008-05-12 CVE-2008-2159 Microsoft Information Exposure vulnerability in Microsoft IE 7

Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information.

2.1
2008-05-12 CVE-2008-2143 Microsoft Unspecified vulnerability in Microsoft Outlook web Access

Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information.

1.9