Weekly Vulnerabilities Reports > May 19 to 25, 2008

Overview

77 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 33 high severity vulnerabilities. This weekly summary report vulnerabilities in 77 products from 60 vendors including Redhat, Cisco, GNU, Icon Labs, and News Manager. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Path Traversal", and "Permissions, Privileges, and Access Controls".

  • 72 reported vulnerabilities are remotely exploitables.
  • 27 reported vulnerabilities have public exploit available.
  • 39 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 75 reported vulnerabilities are exploitable by an anonymous user.
  • Redhat has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • GNU has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

14 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-05-23 CVE-2008-2424 Icdevgroup Denial-Of-Service vulnerability in Interchange

Unspecified vulnerability in the 404 error page for the "Standard demo" in Interchange before 5.6.0 and before 5.5.2 has unknown impact and attack vectors.

10.0
2008-05-23 CVE-2008-2423 Interchange Development Group Denial Of Service vulnerability in Interchange

Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 allows remote attackers to cause a denial of service via crafted HTTP requests.

10.0
2008-05-22 CVE-2008-2240 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Lotus Domino

Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header.

10.0
2008-05-21 CVE-2008-2241 CA Path Traversal vulnerability in CA products

Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages.

10.0
2008-05-21 CVE-2008-1948 GNU Numeric Errors vulnerability in GNU Gnutls

The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.

10.0
2008-05-19 CVE-2008-2345 Typo3 Code Injection vulnerability in Typo3 AIR Filemanager

Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to "insufficient file filtering."

10.0
2008-05-23 CVE-2008-2409 Cerulean Studios Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cerulean Studios Trillian

Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message.

9.3
2008-05-23 CVE-2008-2408 Ceruleanstudios Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ceruleanstudios Trillian PRO

Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag.

9.3
2008-05-23 CVE-2008-2407 Ceruleanstudios Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ceruleanstudios Trillian

Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian before 3.1.10.0 allows user-assisted remote attackers to execute arbitrary code via a long attribute value in a FONT tag in a message.

9.3
2008-05-22 CVE-2008-2399 Fireftp
Mozilla
Path Traversal vulnerability in Fireftp

Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to (1) MLSD and (2) LIST commands, a related issue to CVE-2002-1345.

9.3
2008-05-21 CVE-2008-1949 GNU Improper Authentication vulnerability in GNU Gnutls

The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.

9.3
2008-05-21 CVE-2008-1104 Foxitsoftware Buffer Errors vulnerability in Foxitsoftware Foxit Reader 2.0/2.2/2.3

Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file, related to the util.printf JavaScript function and floating point specifiers in format strings.

9.3
2008-05-22 CVE-2008-2053 Cisco Privilege Escalation vulnerability in Cisco Unified Customer Voice Portal 4.0/4.1/7.0

Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) 4.0.x before 4.0(2)_ES14, 4.1.x before 4.1(1)_ES11, and 7.x before 7.0(1) allows remote authenticated users with administrator role privileges to create, modify, or delete a superuser account.

9.0
2008-05-21 CVE-2008-2392 Wordpress Improper Input Validation vulnerability in Wordpress

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.

9.0

33 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-05-22 CVE-2008-0536 Cisco
Icon Labs
Improper Authentication vulnerability in multiple products

Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers "illegal I/O operations," aka Bug ID CSCsh49563.

7.8
2008-05-22 CVE-2008-0535 Cisco
Icon Labs
Credentials Management vulnerability in multiple products

Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via "SSH credentials that attempt to change the authentication method," aka Bug ID CSCsm14239.

7.8
2008-05-22 CVE-2008-0534 Cisco
Icon Labs
Improper Input Validation vulnerability in multiple products

The SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device restart or daemon outage) via a high rate of login attempts, aka Bug ID CSCsi68582.

7.8
2008-05-21 CVE-2008-2391 Codeplex Improper Input Validation vulnerability in Codeplex Subsonic

SubSonic allows remote attackers to bypass pagesize limits and cause a denial of service (CPU consumption) via a pageindex (aka data page number) of -1.

7.8
2008-05-23 CVE-2008-2425 Fichive SQL Injection vulnerability in Fichive 1.0

SQL injection vulnerability in index.php in FicHive 1.0 allows remote attackers to execute arbitrary SQL commands via the letter parameter in a Search action, a different vector than CVE-2008-2416.

7.5
2008-05-23 CVE-2008-2422 Webslider SQL Injection vulnerability in Webslider 0.6

SQL injection vulnerability in index.php in Web Slider 0.6 allows remote attackers to execute arbitrary SQL commands via the slide parameter in a slides action.

7.5
2008-05-23 CVE-2008-1767 Redhat Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Redhat products

Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.

7.5
2008-05-22 CVE-2008-2417 How2Asp SQL Injection vulnerability in How2Asp Webboard 4.1

SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard 4.1 allows remote attackers to execute arbitrary SQL commands via the qNo parameter.

7.5
2008-05-22 CVE-2008-2416 Fichive SQL Injection vulnerability in Fichive 1.0

SQL injection vulnerability in index.php in FicHive 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter in a Fiction action, possibly related to sources/fiction.class.php.

7.5
2008-05-22 CVE-2008-2412 Acgv Free SQL Injection vulnerability in Acgv.Free Acgv News 0.9.1

SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-05-21 CVE-2008-2396 Wajox Software Code Injection vulnerability in Wajox Software Mircrossys CMS

PHP remote file inclusion vulnerability in index.php in Wajox Software microSSys CMS 1.5 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in an arbitrary element of the PAGES array parameter.

7.5
2008-05-21 CVE-2008-2395 Alkalinephp SQL Injection vulnerability in Alkalinephp

SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-05-21 CVE-2008-2394 Tagworx SQL Injection vulnerability in Tagworx CMS 3.00.02

Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to contact.php and the (2) nid parameter to news.php.

7.5
2008-05-21 CVE-2008-2393 Entertainmentscript SQL Injection vulnerability in Entertainmentscript 1.4.0

SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-05-21 CVE-2008-2242 CA Buffer Errors vulnerability in CA Brightstor Arcserve Backup 11.0/11.1/11.5

Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.

7.5
2008-05-20 CVE-2008-2356 Archangelmgt SQL Injection vulnerability in Archangelmgt Archangel Weblog

SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 and earlier allows remote attackers to execute arbitrary SQL commands via the post_id parameter.

7.5
2008-05-20 CVE-2008-2353 Gnugallery Path Traversal vulnerability in Gnugallery

Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-05-20 CVE-2008-2351 Webmanager PRO SQL Injection vulnerability in Webmanager-Pro CMS Webmanager-Pro

Multiple SQL injection vulnerabilities in index.php in CMS WebManager-Pro allow remote attackers to execute arbitrary SQL commands via the (1) lang_id and (2) menu_id parameters.

7.5
2008-05-20 CVE-2008-2349 Zomp Permissions, Privileges, and Access Controls vulnerability in Zomp Zomplog

Zomplog 3.8.2 and earlier allows remote attackers to gain administrative access by creating an admin account via a direct request to install/newuser.php with the admin parameter set to 1.

7.5
2008-05-20 CVE-2008-2348 Meltingicefs Permissions, Privileges, and Access Controls vulnerability in Meltingicefs Meltingice File System 1.0

MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php.

7.5
2008-05-20 CVE-2008-2347 Mypicgallery Improper Authentication vulnerability in Mypicgallery 1.0

MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php.

7.5
2008-05-20 CVE-2008-2346 Alkalinephp Permissions, Privileges, and Access Controls vulnerability in Alkalinephp

AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass authentication and gain administrative access by creating an admin account via a direct request to adduser.php.

7.5
2008-05-19 CVE-2008-2343 News Manager Permissions, Privileges, and Access Controls vulnerability in News Manager News Manager 2.0

News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.

7.5
2008-05-19 CVE-2008-2341 Avalonnet Code Injection vulnerability in Avalonnet News Manager 2.0

PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter.

7.5
2008-05-19 CVE-2008-2340 News Manager SQL Injection vulnerability in News Manager News Manager 2.0

Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.

7.5
2008-05-19 CVE-2008-2339 Turnkeywebtools SQL Injection vulnerability in Turnkeywebtools Sunshop Shopping Cart 3.5.1

SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549.

7.5
2008-05-19 CVE-2008-2338 Interspire Permissions, Privileges, and Access Controls vulnerability in Interspire Activekb

Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin.

7.5
2008-05-19 CVE-2008-2337 Imgallery SQL Injection vulnerability in Imgallery 2.5

Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b) popup/koment.php and (c) popup/opis.php in, different vectors than CVE-2006-3163.

7.5
2008-05-19 CVE-2008-2336 68 Classifieds SQL Injection vulnerability in 68 Classifieds 68 Classifieds 4.0.1

SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2008-05-19 CVE-2008-2334 Aspindir SQL Injection vulnerability in Aspindir Philboard 0.5

Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) forumid parameter to (a) admin/philboard_admin-forumedit.asp, (b) admin/philboard_admin-forum.asp, and (c) W1L3D4_foruma_yeni_konu_ac.asp; the (2) id parameter to (d) W1L3D4_konuoku.asp and (e) W1L3D4_konuya_mesaj_yaz.asp; and the (3) topic parameter to W1L3D4_konuya_mesaj_yaz.asp, different vectors than CVE-2008-1939, CVE-2007-2641, and CVE-2007-0920.

7.5
2008-05-22 CVE-2008-2400 Stunnel Permissions, Privileges, and Access Controls vulnerability in Stunnel

Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors.

7.2
2008-05-22 CVE-2008-1159 Cisco Denial of Service vulnerability in Cisco IOS S, IOS T and IOS XR

Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293.

7.1
2008-05-22 CVE-2007-5962 Redhat
Foresight Linux
Rpath
Resource Management Errors vulnerability in multiple products

Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.

7.1

29 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-05-23 CVE-2008-2420 Stunnel Permissions, Privileges, and Access Controls vulnerability in Stunnel

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.

6.8
2008-05-22 CVE-2008-2415 Digitalhive Path Traversal vulnerability in Digitalhive 2.0

Directory traversal vulnerability in template/purpletech/base_include.php in DigitalHive (aka hive) 2.0 RC2 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-05-22 CVE-2008-2411 Sazcart SQL Injection vulnerability in Sazcart 1.3/1.4

SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action.

6.8
2008-05-22 CVE-2008-1804 Snort Unspecified vulnerability in Snort

preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment.

6.8
2008-05-21 CVE-2008-2390 HP Code Injection vulnerability in HP Software Update 4.0.0.1

Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.

6.8
2008-05-21 CVE-2008-2357 Matt Kimball AND Roger Wolff Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Matt Kimball and Roger Wolff MTR

Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record.

6.8
2008-05-20 CVE-2008-2355 WR Script Path Traversal vulnerability in Wr-Script Wr-Meeting 1.0

Directory traversal vulnerability in index.php in WR-Meeting 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-05-20 CVE-2008-2352 Smeego Path Traversal vulnerability in Smeego 1.0

Directory traversal vulnerability in index.php in Smeego 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-05-20 CVE-2008-0957 Photostockplus Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Photostockplus Uploader Tool

Multiple stack-based buffer overflows in the PhotoStockPlus Uploader Tool ActiveX control (PSPUploader.ocx) allow remote attackers to execute arbitrary code via unspecified initialization parameters.

6.8
2008-05-21 CVE-2008-1660 HP Unspecified vulnerability in HP Hp-Ux 11.11/11.23/11.31

Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unspecified vectors.

6.3
2008-05-21 CVE-2008-1950 GNU Numeric Errors vulnerability in GNU Gnutls

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.

5.0
2008-05-20 CVE-2008-2354 Testmaker Remote Information Disclosure vulnerability in testMaker Data Export

Unspecified vulnerability in the data export function in testMaker before 3.0p10 allows test authors to obtain access to export data via unknown vectors.

5.0
2008-05-20 CVE-2008-2350 Bcoos Path Traversal vulnerability in Bcoos

Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) ..

5.0
2008-05-19 CVE-2008-2342 News Manager Path Traversal vulnerability in News Manager News Manager 2.0

Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a ..

5.0
2008-05-23 CVE-2008-2418 SUN Race Condition vulnerability in SUN Solaris 10

Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.

4.7
2008-05-23 CVE-2007-5495 Redhat
Selinux
Link Following vulnerability in Selinux Setroubleshoot 2.0.5

sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file.

4.4
2008-05-23 CVE-2008-2421 SAP Cross-Site Scripting vulnerability in SAP web Application Server and web Dynpro

Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/.

4.3
2008-05-23 CVE-2008-2419 Mozilla Resource Management Errors vulnerability in Mozilla Firefox 2.0.0.14

Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in loading an empty Java applet defined by a 'src="javascript:"' sequence.

4.3
2008-05-23 CVE-2008-2333 Barracuda Networks Cross-Site Scripting vulnerability in Barracuda Networks Barracuda Spam Firewall

Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter.

4.3
2008-05-23 CVE-2008-2302 Django Project Cross-Site Scripting vulnerability in Django Project Django 0.91/0.95/0.96

Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.

4.3
2008-05-23 CVE-2007-5961 Redhat Cross-Site Scripting vulnerability in Redhat Network Satellite

Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2008-05-22 CVE-2008-2414 Aguestbook Cross-Site Scripting vulnerability in Aguestbook AN Guestbook 0.4

Cross-site scripting (XSS) vulnerability in send_email.php in AN Guestbook (ANG) 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter.

4.3
2008-05-22 CVE-2008-2413 Acgv Free Cross-Site Scripting vulnerability in Acgv.Free Acgv News 0.9.1

Cross-site scripting (XSS) vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2008-05-22 CVE-2008-2410 IBM Cross-Site Scripting vulnerability in IBM Lotus Domino web Server

Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-05-22 CVE-2008-2006 Apple Improper Input Validation vulnerability in Apple Ical 3.0.1

Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line.

4.3
2008-05-21 CVE-2008-2398 Appserv Open Project Cross-Site Scripting vulnerability in Appserv Open Project Appserv

Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.

4.3
2008-05-21 CVE-2008-2397 Dotcms Cross-Site Scripting vulnerability in Dotcms

Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.

4.3
2008-05-19 CVE-2008-2344 Typo3 Cross-Site Scripting vulnerability in Typo3 AIR Filemanager 0.6.0

Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-05-19 CVE-2008-2335 Vastal Cross-Site Scripting vulnerability in Vastal PHPvid 1.1/1.2

Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-05-23 CVE-2007-5496 Redhat
Selinux
Cross-Site Scripting vulnerability in Selinux Setroubleshoot 2.0.5

Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert.

1.9