Weekly Vulnerabilities Reports > June 2 to 8, 2008
Overview
111 new vulnerabilities reported during this period, including 31 critical vulnerabilities and 35 high severity vulnerabilities. This weekly summary report vulnerabilities in 98 products from 54 vendors including Apple, SUN, HP, Vmware, and IBM. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "Improper Input Validation".
- 93 reported vulnerabilities are remotely exploitables.
- 33 reported vulnerabilities have public exploit available.
- 42 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 106 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 20 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 8 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
31 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-06-06 | CVE-2008-2388 | Opensuse | Numeric Errors vulnerability in Opensuse 10.2 Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have unspecified impact and attack vectors. | 10.0 |
2008-06-04 | CVE-2008-2541 | CA | Buffer Errors vulnerability in CA Etrust Secure Content Manager 8.0 Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command. | 10.0 |
2008-06-04 | CVE-2008-2404 | SUN | Buffer Errors vulnerability in SUN Java ASP Server 4.0 Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field. | 10.0 |
2008-06-04 | CVE-2008-2403 | SUN | Path Traversal vulnerability in SUN Java ASP Server 4.0/4.0.1 Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. | 10.0 |
2008-06-04 | CVE-2008-0953 | HP | Code Execution in RETIRED: HP Instant Support 'HPISDataManager.dll' ActiveX Control The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953. | 10.0 |
2008-06-04 | CVE-2007-5610 | HP | Code Execution in RETIRED: HP Instant Support 'HPISDataManager.dll' ActiveX Control The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to delete an arbitrary file via a full pathname in the argument. | 10.0 |
2008-06-04 | CVE-2007-5606 | HP | Code Execution in RETIRED: HP Instant Support 'HPISDataManager.dll' ActiveX Control Buffer overflow in the MoveFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5607. | 10.0 |
2008-06-04 | CVE-2008-1661 | HP | Buffer Errors vulnerability in HP Storageworks Storage Mirroring 4.5 Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks Storage Mirroring (SWSM) before 4.5 SP2 allows remote attackers to execute arbitrary code via a crafted encoded authentication request. | 10.0 |
2008-06-03 | CVE-2008-2528 | Citrix | Improper Authentication vulnerability in Citrix Access Gateway 4.5.5/4.5.6 Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors. | 10.0 |
2008-06-02 | CVE-2008-1030 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. | 10.0 |
2008-06-06 | CVE-2008-2545 | Skype Technologies | Improper Input Validation vulnerability in Skype Technologies Skype Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case. | 9.3 |
2008-06-06 | CVE-2008-1805 | Skype Technologies | Improper Input Validation vulnerability in Skype Technologies Skype Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist. | 9.3 |
2008-06-04 | CVE-2008-2551 | Icona | Permissions, Privileges, and Access Controls vulnerability in Icona Instant Messenger 1.0.0.1 The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to "run." | 9.3 |
2008-06-04 | CVE-2008-1770 | Akamai | Code Injection vulnerability in Akamai Download Manager 2.0.4.4/2.2.0.0/2.2.1.0 CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line. | 9.3 |
2008-06-04 | CVE-2008-1109 | Gnome | Buffer Errors vulnerability in Gnome Evolution 2.22.1 Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window). | 9.3 |
2008-06-04 | CVE-2008-0952 | HP | Code Execution in RETIRED: HP Instant Support 'HPISDataManager.dll' ActiveX Control The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953. | 9.3 |
2008-06-04 | CVE-2007-5608 | HP | Code Execution in RETIRED: HP Instant Support 'HPISDataManager.dll' ActiveX Control The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client machine via a URL in the first argument and a destination filename in the second argument, a different vulnerability than CVE-2008-0952 and CVE-2008-0953. | 9.3 |
2008-06-04 | CVE-2007-5605 | HP | Code Execution in RETIRED: HP Instant Support 'HPISDataManager.dll' ActiveX Control Buffer overflow in the GetFileTime function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5606, and CVE-2007-5607. | 9.3 |
2008-06-04 | CVE-2008-2548 | Motorola | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Motorola Razr Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote attackers to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers memory corruption. | 9.3 |
2008-06-04 | CVE-2008-2547 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows Installer 3.1.4000.1823/4.5.6001.22159 Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. | 9.3 |
2008-06-03 | CVE-2008-2540 | Apple Microsoft | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. | 9.3 |
2008-06-02 | CVE-2008-2511 | CA | Path Traversal vulnerability in CA Internet Security Suite Plus 2008 Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a .. | 9.3 |
2008-06-02 | CVE-2008-2426 | Carsten Haitzler | Buffer Errors vulnerability in Carsten Haitzler Imlib2 1.4.0 Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c. | 9.3 |
2008-06-02 | CVE-2008-2363 | PAN | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PAN The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow. | 9.3 |
2008-06-02 | CVE-2008-1577 | Apple | Multiple Security vulnerability in RETIRED: Apple Mac OS X 2008-003 Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues." | 9.3 |
2008-06-02 | CVE-2008-1575 | Apple | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing. | 9.3 |
2008-06-02 | CVE-2008-1574 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow. | 9.3 |
2008-06-02 | CVE-2008-1034 | Apple | Numeric Errors vulnerability in Apple mac OS X Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow. | 9.3 |
2008-06-02 | CVE-2008-1031 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable. | 9.3 |
2008-06-02 | CVE-2008-1028 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit. | 9.3 |
2008-06-05 | CVE-2008-2097 | Vmware | Buffer Errors vulnerability in VMWare ESX and Esxi Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length." | 9.0 |
35 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-06-06 | CVE-2008-2573 | Freesshd | Buffer Errors vulnerability in Freesshd 1.2.1 Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command. | 8.5 |
2008-06-04 | CVE-2008-1108 | Gnome | Buffer Errors vulnerability in Gnome Evolution 2.2.1 Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. | 7.6 |
2008-06-06 | CVE-2008-2574 | Flashblog | Improper Input Validation vulnerability in Flashblog 0.31 Unrestricted file upload vulnerability in admin/Editor/imgupload.php in FlashBlog 0.31 beta allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in tus_imagenes/. | 7.5 |
2008-06-06 | CVE-2008-2572 | Theflashblog | SQL Injection vulnerability in Theflashblog Flashblog SQL injection vulnerability in php/leer_comentarios.php in FlashBlog allows remote attackers to execute arbitrary SQL commands via the articulo_id parameter. | 7.5 |
2008-06-06 | CVE-2008-2569 | Joomla | SQL Injection vulnerability in Joomla Easybook Component 1.1 SQL injection vulnerability in the EasyBook (com_easybook) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a deleteentry action to index.php. | 7.5 |
2008-06-06 | CVE-2008-2568 | Joomla | SQL Injection vulnerability in Joomla COM Simpleshop and Joomla SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php. | 7.5 |
2008-06-06 | CVE-2008-2565 | PHP Address Book | SQL Injection vulnerability in PHP-Address Book PHP-Address Book Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. | 7.5 |
2008-06-06 | CVE-2008-2564 | Joomla | SQL Injection vulnerability in Joomla COM Jotloader and Joomla SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. | 7.5 |
2008-06-06 | CVE-2008-2560 | Fourtwosevenbb | SQL Injection vulnerability in Fourtwosevenbb 427Bb 2.3.1 SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter. | 7.5 |
2008-06-05 | CVE-2008-2559 | Damian Frizza | Numeric Errors vulnerability in Damian Frizza Borland Interbase 2007 Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows remote attackers to execute arbitrary code via a malformed packet to TCP port 3050, which triggers a stack-based buffer overflow. | 7.5 |
2008-06-05 | CVE-2008-2556 | Hessel Brouwer | SQL Injection vulnerability in Hessel Brouwer PHP Visit Counter SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the datespan parameter in a read action. | 7.5 |
2008-06-05 | CVE-2008-2555 | Easyway | SQL Injection vulnerability in Easyway CMS SQL injection vulnerability in index.php in EasyWay CMS allows remote attackers to execute arbitrary SQL commands via the mid parameter. | 7.5 |
2008-06-05 | CVE-2008-2554 | BP Blog | SQL Injection vulnerability in BP Blog BP Blog 6.0 Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp. | 7.5 |
2008-06-05 | CVE-2008-2231 | Slashcode COM | SQL Injection vulnerability in Slashcode.Com Slash SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter. | 7.5 |
2008-06-04 | CVE-2008-2406 | SUN | Improper Authentication vulnerability in SUN Java ASP Server 4.0 The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102. | 7.5 |
2008-06-04 | CVE-2008-2405 | SUN | Improper Input Validation vulnerability in SUN Java Active Server Pages 4.0.0/4.0.1 Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications. | 7.5 |
2008-06-04 | CVE-2008-2401 | SUN | Improper Input Validation vulnerability in SUN Java Active Server 4.0.2 The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications. | 7.5 |
2008-06-04 | CVE-2007-5607 | HP | Code Injection vulnerability in HP Instant Support 1.0.0.22 Buffer overflow in the RegistryString function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5606. | 7.5 |
2008-06-04 | CVE-2007-5604 | HP | Code Injection vulnerability in HP Instant Support 1.0.0.22 Buffer overflow in the ExtractCab function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5605, CVE-2007-5606, and CVE-2007-5607. | 7.5 |
2008-06-03 | CVE-2008-2537 | Hispah | SQL Injection vulnerability in Hispah Model Search SQL injection vulnerability in cat.php in HispaH Model Search allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2008-06-03 | CVE-2008-2536 | Yabsoft | SQL Injection vulnerability in Yabsoft Advanced Image Hosting Script SQL injection vulnerability in out.php in YABSoft Advanced Image Hosting (AIH) Script 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t parameter. | 7.5 |
2008-06-03 | CVE-2008-2535 | Fkrauthan | SQL Injection vulnerability in Fkrauthan Phoenix View CMS 2Prealpha Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and (5) todo.admin.php in admin/module/. | 7.5 |
2008-06-03 | CVE-2008-2534 | Fkrauthan | Path Traversal vulnerability in Fkrauthan Phoenix View CMS 2Prealpha Directory traversal vulnerability in admin/admin_frame.php in Phoenix View CMS Pre Alpha2 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-06-03 | CVE-2008-2532 | AJ Square | SQL Injection vulnerability in AJ Square AJ Hyip SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-06-03 | CVE-2008-2530 | Quickupcms | SQL Injection vulnerability in Quickupcms Multiple SQL injection vulnerabilities in Concepts & Solutions QuickUpCMS allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter to (a) frontend/news.php, the (2) id parameter to (b) events3.php and (c) videos2.php in frontend/, the (3) y parameter to (d) frontend/events2.php, and the (4) ser parameter to (e) frontend/fotos2.php. | 7.5 |
2008-06-03 | CVE-2008-2529 | Advanced Links Management | SQL Injection vulnerability in Advanced Links Management Advanced Links Management 1.5.2 SQL injection vulnerability in read.php in Advanced Links Management (ALM) 1.5.2 allows remote attackers to execute arbitrary SQL commands via the catId parameter. | 7.5 |
2008-06-03 | CVE-2008-2523 | Raknet | SQL Injection vulnerability in Raknet Autopatcher Server SQL injection vulnerability in the Autopatcher server plugin in RakNet before 3.23 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2008-06-03 | CVE-2008-2520 | Bigace | Code Injection vulnerability in Bigace 2.4 Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][addon] parameter to (a) addon/smarty/plugins/function.captcha.php and (b) system/classes/sql/AdoDBConnection.php; and the (2) GLOBALS[_BIGACE][DIR][admin] parameter to (c) item_information.php and (d) jstree.php in system/application/util/, and (e) system/admin/plugins/menu/menuTree/plugin.php, different vectors than CVE-2006-4423. | 7.5 |
2008-06-05 | CVE-2008-2100 | Vmware | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors. | 7.2 |
2008-06-05 | CVE-2008-1518 | Kaspersky LAB | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Kaspersky LAB Kaspersky Anti-Virus and Kaspersky Internet Security Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call. | 7.2 |
2008-06-03 | CVE-2008-2539 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Cluster 3.1 The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 through 10, when an underlying ufs filesystem is used, might allow local users to read data from arbitrary deleted files, or corrupt files in global filesystems, via unspecified vectors. | 7.2 |
2008-06-02 | CVE-2008-2515 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3/6.1 Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error." | 7.2 |
2008-06-02 | CVE-2008-2513 | IBM | Buffer Errors vulnerability in IBM AIX 5.2/5.3/6.1 Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors. | 7.2 |
2008-06-02 | CVE-2008-2359 | Fedora 8 Redhat | Configuration vulnerability in multiple products The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration. | 7.2 |
2008-06-02 | CVE-2008-1573 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. | 7.1 |
42 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-06-05 | CVE-2008-0967 | Vmware | Local Privilege Escalation vulnerability in VMware vmware-authd Daemon Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file. | 6.9 |
2008-06-03 | CVE-2008-2538 | SUN | Race Condition vulnerability in SUN Solaris 10/8/9 Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors. | 6.9 |
2008-06-02 | CVE-2008-2099 | Microsoft Vmware | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. | 6.9 |
2008-06-02 | CVE-2008-2098 | Vmware | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. | 6.9 |
2008-06-05 | CVE-2008-2542 | Nasa Ames Research Center | Buffer Errors vulnerability in Nasa Ames Research Center Bigview 1.8 Stack-based buffer overflow in the getline function in Ppm/ppm.C in NASA Ames Research Center BigView 1.8 allows user-assisted remote attackers to execute arbitrary code via a crafted PNM file. | 6.8 |
2008-06-03 | CVE-2008-2522 | Haudenschilt | SQL Injection vulnerability in Haudenschilt Battlenet Clan Script 1.5.1/1.5.2 SQL injection vulnerability in members.php in Battle.net Clan Script for PHP 1.5.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showmember parameter in a members action. | 6.8 |
2008-06-03 | CVE-2008-0169 | Ikiwiki | Permissions, Privileges, and Access Controls vulnerability in Ikiwiki Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence. | 6.8 |
2008-06-03 | CVE-2008-2519 | Core FTP | Path Traversal vulnerability in Core FTP Core FTP 2.1 Directory traversal vulnerability in Core FTP client 2.1 Build 1565 allows remote FTP servers to create or overwrite arbitrary files via .. | 6.8 |
2008-06-02 | CVE-2008-1576 | Apple | Resource Management Errors vulnerability in Apple mac OS X Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message. | 6.8 |
2008-06-02 | CVE-2008-1032 | Apple | Multiple Security vulnerability in RETIRED: Apple Mac OS X 2008-003 Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. | 6.8 |
2008-06-06 | CVE-2008-2562 | Powerphlogger | SQL Injection vulnerability in Powerphlogger 2.0.9/2.2.1/2.2.2A SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action. | 6.5 |
2008-06-03 | CVE-2008-2521 | Yabsoft | SQL Injection vulnerability in Yabsoft Mega File Hosting Script 1.2 SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter. | 6.5 |
2008-06-05 | CVE-2008-2543 | Asterisk | Resource Management Errors vulnerability in Asterisk Asterisk-Addons The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets. | 5.0 |
2008-06-04 | CVE-2008-2550 | IBM | Remote Security vulnerability in Websphere Application Server Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP security header. | 5.0 |
2008-06-04 | CVE-2008-2402 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Java ASP Server 4.0 The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents. | 5.0 |
2008-06-03 | CVE-2008-2524 | Blogphp | Improper Authentication vulnerability in Blogphp 2.0 BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie. | 5.0 |
2008-06-02 | CVE-2008-2512 | Symantec | Path Traversal vulnerability in Symantec Backupexec System Recovery Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2008-06-02 | CVE-2008-1579 | Apple | Information Exposure vulnerability in Apple mac OS X and mac OS X Server Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog. | 5.0 |
2008-06-02 | CVE-2008-1571 | Apple | Path Traversal vulnerability in Apple mac OS X and mac OS X Server Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. | 5.0 |
2008-06-06 | CVE-2008-2389 | Opensuse | Link Following vulnerability in Opensuse 10.2 opensuse-updater in openSUSE 10.2 allows local users to access arbitrary files via a symlink attack. | 4.9 |
2008-06-05 | CVE-2008-2552 | SUN | Resource Management Errors vulnerability in SUN Service TAG Unspecified vulnerability in the Service Tag Registry on Sun Solaris 10, and Sun Service Tag before 1.1.3, allows local users to cause a denial of service (disk consumption) via unspecified vectors. | 4.9 |
2008-06-03 | CVE-2008-2516 | Libpam Pgsql | Improper Authentication vulnerability in Libpam-Pgsql 0.6.3 pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration. | 4.6 |
2008-06-02 | CVE-2008-2514 | IBM | Buffer Errors vulnerability in IBM AIX 5.2/5.3/6.1 Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors. | 4.6 |
2008-06-02 | CVE-2008-1572 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application. | 4.6 |
2008-06-05 | CVE-2007-5671 | Vmware | Improper Input Validation vulnerability in VMWare products HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges. | 4.4 |
2008-06-06 | CVE-2008-2567 | Fenrir | Cross-Site Scripting vulnerability in Fenrir Grani Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 Release2 and earlier, Portable Sleipnir 2.7.1 Release2 and earlier, and Grani 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a history mechanism and favorites search, a different vulnerability than CVE-2007-6002. | 4.3 |
2008-06-06 | CVE-2008-2566 | PHP Address Book | Cross-Site Scripting vulnerability in PHP-Address Book PHP-Address Book Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI. | 4.3 |
2008-06-06 | CVE-2008-2563 | Samtodo | Cross-Site Scripting vulnerability in Samtodo 1.1 Multiple cross-site scripting (XSS) vulnerabilities in (1) dsp_main.php and (2) dsp_task_editor.php in SamTodo 1.1 allow remote attackers to inject arbitrary web script or HTML via the (a) tid parameter in a main.taskeditor edit action, and the (b) completed parameter in a main.default action, to index.php. | 4.3 |
2008-06-06 | CVE-2008-2561 | Fourtwosevenbb | Cross-Site Scripting vulnerability in Fourtwosevenbb 427Bb 2.3.1 Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to (a) register.php, (b) reminder.php, and (c) search.php; the (2) uname, (3) email, and (4) email2 parameters to register.php; the (5) email parameter to reminder.php; and the (6) keywords parameter to search.php. | 4.3 |
2008-06-05 | CVE-2008-2553 | Slashcode COM | Cross-Site Scripting vulnerability in Slashcode.Com Slash Cross-site scripting (XSS) vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter. | 4.3 |
2008-06-04 | CVE-2008-2549 | Adobe | Remote Denial Of Service vulnerability in Adobe Reader Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf. | 4.3 |
2008-06-04 | CVE-2008-2119 | Asterisk | Improper Input Validation vulnerability in Asterisk Business Edition and Open Source Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer. | 4.3 |
2008-06-03 | CVE-2008-1035 | Apple | Code Injection vulnerability in Apple Ical 3.0.1 Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. | 4.3 |
2008-06-03 | CVE-2008-2533 | Fkrauthan | Cross-Site Scripting vulnerability in Fkrauthan Phoenix View CMS 2Prealpha Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ltarget parameter to (a) admin/admin_frame.php and the (2) conf parameter to (b) gbuch.admin.php, (c) links.admin.php, (d) menue.admin.php, (e) news.admin.php, and (f) todo.admin.php in admin/module/. | 4.3 |
2008-06-03 | CVE-2008-2531 | Buildanichestore3 | Cross-Site Request Forgery (CSRF) vulnerability in Buildanichestore3 Bans 3.0 Cross-site scripting (XSS) vulnerability in the search script in Build A Niche Store (BANS) 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
2008-06-03 | CVE-2008-2527 | Actualscripts | Cross-Site Scripting vulnerability in Actualscripts products Cross-site scripting (XSS) vulnerability in view.php in ActualScripts ActualAnalyzer Server 8.37 and earlier, ActualAnalyzer Gold 7.74 and earlier, ActualAnalyzer Pro 6.95 and earlier, and ActualAnalyzer Lite 2.78 and earlier allows remote attackers to inject arbitrary web script or HTML via the language parameter. | 4.3 |
2008-06-03 | CVE-2008-2526 | Typo3 | Cross-Site Scripting vulnerability in Typo3 WT Gallery 2.50 Cross-site scripting (XSS) vulnerability in the WT Gallery (aka wt_gallery) extension 2.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-06-03 | CVE-2008-2525 | Typo3 | Cross-Site Scripting vulnerability in Typo3 Rlmp Eventdb Cross-site scripting (XSS) vulnerability in the Event Database (aka rlmp_eventdb) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-06-03 | CVE-2008-2518 | SUN | Cross-Site Scripting vulnerability in SUN Java System web Server 6.1/7.0 Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter. | 4.3 |
2008-06-02 | CVE-2008-1580 | Apple | Information Exposure vulnerability in Apple Safari CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879. | 4.3 |
2008-06-02 | CVE-2008-1036 | Apple Redhat | Cross-Site Scripting vulnerability in multiple products The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. | 4.3 |
2008-06-02 | CVE-2008-1027 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. | 4.3 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-06-03 | CVE-2008-2517 | Sarab | Information Exposure vulnerability in Sarab 0.2.2 The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process. | 2.1 |
2008-06-02 | CVE-2008-1578 | Apple | Information Exposure vulnerability in Apple mac OS X and mac OS X Server The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process. | 2.1 |
2008-06-02 | CVE-2008-1033 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Cups The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables." | 2.1 |