Weekly Vulnerabilities Reports > June 9 to 15, 2008

Overview

83 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 41 high severity vulnerabilities. This weekly summary report vulnerabilities in 105 products from 58 vendors including Joomla, Microsoft, Apple, Realm Project, and Mebiblio. Vulnerabilities are notably categorized as "SQL Injection", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", and "Path Traversal".

  • 79 reported vulnerabilities are remotely exploitables.
  • 50 reported vulnerabilities have public exploit available.
  • 44 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 83 reported vulnerabilities are exploitable by an anonymous user.
  • Joomla has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

17 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-06-13 CVE-2008-2703 Novell Buffer Errors vulnerability in Novell Groupwise Messenger 2.0/2.0.2/2.0.3

Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name.

10.0
2008-06-13 CVE-2008-2689 Browsercrm Code Injection vulnerability in Browsercrm 5.002.00

PHP remote file inclusion vulnerability in pub/clients.php in BrowserCRM 5.002.00 allows remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter.

10.0
2008-06-13 CVE-2008-2654 Lavrsen Numeric Errors vulnerability in Lavrsen Motion

Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and compiler.

10.0
2008-06-10 CVE-2008-0960 Cisco
Ecos Sourceware
NET Snmp
SUN
Ingate
Juniper
Improper Authentication vulnerability in Juniper Session and Resource Control and SRC PE

SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.

10.0
2008-06-10 CVE-2008-2638 1 Script Code Injection vulnerability in 1-Script 1-Book

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.

10.0
2008-06-10 CVE-2008-1673 Debian
Linux
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.

10.0
2008-06-13 CVE-2008-2702 Estsoft Path Traversal vulnerability in Estsoft Alftp 4.1/5.0

Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a ..

9.3
2008-06-13 CVE-2008-2693 Black ICE Buffer Errors vulnerability in Black ICE Barcode SDK 5.01

Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control in BITiff.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via a long first argument to the SetByteOrder method.

9.3
2008-06-13 CVE-2008-2690 Browsercrm Code Injection vulnerability in Browsercrm 5.002.00

Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter to (1) kb.php, (2) login.php, (3) index.php, (4) contact_view.php, and (5) contact.php in pub/, different vectors than CVE-2008-2689.

9.3
2008-06-12 CVE-2008-2684 Blackice Code Injection vulnerability in Blackice Black ICE Barcode SDK 5.01

The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via long strings in the two arguments to the DownloadImageFileURL method, which trigger memory corruption.

9.3
2008-06-12 CVE-2008-2683 Black ICE Improper Input Validation vulnerability in Black ICE Barcode SDK 5.01

The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument.

9.3
2008-06-12 CVE-2008-1444 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Directx

Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."

9.3
2008-06-12 CVE-2008-1442 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 6/7

Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability."

9.3
2008-06-12 CVE-2008-0956 Backweb
Logitech
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in the BackWeb Lite Install Runner ActiveX control in the BackWeb Web Package ActiveX object in LiteInstActivator.dll in BackWeb before 8.1.1.87, as used in Logitech Desktop Manager (LDM) before 2.56, allow remote attackers to execute arbitrary code via unspecified vectors.

9.3
2008-06-12 CVE-2008-0011 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Directx

Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."

9.3
2008-06-10 CVE-2008-2152 Openoffice Numeric Errors vulnerability in Openoffice Openoffice.Org

Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow.

9.3
2008-06-10 CVE-2008-2635 Barad DUR Path Traversal vulnerability in Barad DUR Bitkinex 2.9.3

Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a ..

9.3

41 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-06-12 CVE-2008-1453 Microsoft Improper Input Validation vulnerability in Microsoft Windows-Nt, Windows Vista and Windows XP

The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets.

8.3
2008-06-10 CVE-2008-2636 Cisco Improper Input Validation vulnerability in Cisco Linksys Wrh54G Router 1.01.03

The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page" sequence, and ends with a ".asp" sequence.

7.8
2008-06-13 CVE-2008-2700 GWM SQL Injection vulnerability in GWM Galatolo Webmanager 1.0

SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-06-13 CVE-2008-2699 GWM Path Traversal vulnerability in GWM Galatolo Webmanager 1.0

Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php.

7.5
2008-06-13 CVE-2008-2697 Joomla
Rapid Source
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php.

7.5
2008-06-13 CVE-2008-2695 Phpinv Path Traversal vulnerability in PHPinv 0.8.0

Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-06-13 CVE-2008-2692 Joomla SQL Injection vulnerability in Joomla COM Yvcomment

SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php.

7.5
2008-06-13 CVE-2008-2691 Jiro SQL Injection vulnerability in Jiro FAQ Manager Experience 1.0

SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter.

7.5
2008-06-13 CVE-2008-2688 Pilotcart SQL Injection vulnerability in Pilotcart Pilot Cart 7.3

SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the article parameter in a kb action.

7.5
2008-06-13 CVE-2008-2687 Promanager Path Traversal vulnerability in Promanager 0.73

Directory traversal vulnerability in inc/config.php in ProManager 0.73 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-06-13 CVE-2008-2686 Flux CMS Improper Input Validation vulnerability in Flux CMS Flux CMS

webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows remote attackers to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request for this filename.

7.5
2008-06-12 CVE-2008-2685 Battleblog SQL Injection vulnerability in Battleblog

SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626.

7.5
2008-06-12 CVE-2008-2682 Realm Project Permissions, Privileges, and Access Controls vulnerability in Realm Project Realm CMS 2.3

_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.

7.5
2008-06-12 CVE-2008-2679 Realm Project SQL Injection vulnerability in Realm Project Realm CMS

SQL injection vulnerability in the KeyWordsList function in _includes/inc_routines.asp in Realm CMS 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI.

7.5
2008-06-12 CVE-2008-2678 Telephone SQL Injection vulnerability in Telephone Directory 2008

Multiple SQL injection vulnerabilities in Telephone Directory 2008, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) code parameter in a confirm_data action to edit1.php and the (2) id parameter to view_more.php.

7.5
2008-06-12 CVE-2008-2676 Joomla SQL Injection vulnerability in Joomla COM News Portal and Joomla

SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

7.5
2008-06-12 CVE-2008-2673 Powie SQL Injection vulnerability in Powie Pnews 2.08/2.10

SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter.

7.5
2008-06-12 CVE-2008-2672 Erfurtwiki Path Traversal vulnerability in Erfurtwiki

Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and earlier, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a ..

7.5
2008-06-12 CVE-2008-2671 Dcfm Blog SQL Injection vulnerability in Dcfm Blog Dcfm Blog 0.9.4

SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-06-12 CVE-2008-2670 Insanelysimple2 SQL Injection vulnerability in Insanelysimple2 Isblog 0.5

Multiple SQL injection vulnerabilities in index.php in Insanely Simple Blog 0.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter, or (2) the term parameter in a search action.

7.5
2008-06-12 CVE-2008-2669 Y Blog SQL Injection vulnerability in Y-Blog Yblog 0.2.2.2

Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php.

7.5
2008-06-10 CVE-2008-2652 Smeweb SQL Injection vulnerability in Smeweb 1.4B/1.4F

Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters.

7.5
2008-06-10 CVE-2008-2651 Joomla SQL Injection vulnerability in Joomla COM Joobb 0.5.9

SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the forum parameter in a forum action to index.php.

7.5
2008-06-10 CVE-2008-2649 Don3 Code Injection vulnerability in Don3 Desktoponnet 3

Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 Beta allow remote attackers to execute arbitrary PHP code via a URL in the app_path parameter to (1) don3_requiem.don3app/don3_requiem.php and (2) frontpage.don3app/frontpage.php.

7.5
2008-06-10 CVE-2008-2647 Mebiblio SQL Injection vulnerability in Mebiblio 0.4.7

SQL injection vulnerability in admin/journal_change_mask.inc.php in meBiblio 0.4.7 allows remote attackers to execute arbitrary SQL commands via the JID parameter.

7.5
2008-06-10 CVE-2008-2645 Brim Project Code Injection vulnerability in Brim-Project Brim 1.0.1

Multiple PHP remote file inclusion vulnerabilities in Brim (formerly Booby) 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in (1) barrel/, (2) barry/, (3) mylook/, (4) oerdec/, (5) penguin/, (6) sidebar/, (7) slashdot/, and (8) text-only/ in templates/.

7.5
2008-06-10 CVE-2008-2643 Joomla SQL Injection vulnerability in Joomla COM Biblestudy

SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.

7.5
2008-06-10 CVE-2008-2642 Kmrg ITB SQL Injection vulnerability in Kmrg-Itb Otomigenx 2.2

SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remote attackers to execute arbitrary SQL commands via the userAccount parameter (aka the User Name field) to index.php.

7.5
2008-06-10 CVE-2008-2634 Bearrivernet NET SQL Injection vulnerability in Bearrivernet.Net I-Pos Internet PAY Online Store 1.1

SQL injection vulnerability in index.asp in I-Pos Internet Pay Online Store 1.3 Beta and earlier allows remote attackers to execute arbitrary SQL commands via the item parameter.

7.5
2008-06-10 CVE-2008-2633 Joomla SQL Injection vulnerability in Joomla COM Joomradio and Joomla

Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.

7.5
2008-06-10 CVE-2008-2632 Joomla SQL Injection vulnerability in Joomla COM Acctexp and Joomla

SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php.

7.5
2008-06-10 CVE-2008-2630 Joomla SQL Injection vulnerability in Joomla COM JB2 0.1.1

SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php.

7.5
2008-06-10 CVE-2008-2629 Drupal
Lifetype
SQL Injection vulnerability in Lifetype

SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.

7.5
2008-06-10 CVE-2008-2628 Joomla
RON Liskey
SQL Injection vulnerability in RON Liskey COM Equotes 0.9.4

SQL injection vulnerability in the eQuotes (com_equotes) component 0.9.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

7.5
2008-06-10 CVE-2008-2627 Joomla SQL Injection vulnerability in Joomla COM Idoblog

SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 and earlier and 1.0, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the userid parameter in a userblog action to index.php.

7.5
2008-06-10 CVE-2008-2626 Battleblog SQL Injection vulnerability in Battleblog 1.05/1.0D/1.20

SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter.

7.5
2008-06-12 CVE-2008-1451 Microsoft Improper Input Validation vulnerability in Microsoft Windows 2000 and Windows 2003 Server

The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."

7.2
2008-06-10 CVE-2008-2358 Linux Numeric Errors vulnerability in Linux Kernel

Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow.

7.2
2008-06-12 CVE-2008-1445 Microsoft Improper Input Validation vulnerability in Microsoft Windows-Nt, Windows 2003 Server and Windows XP

Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.

7.1
2008-06-12 CVE-2008-1440 Microsoft Improper Input Validation vulnerability in Microsoft Windows and Windows XP

Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."

7.1
2008-06-09 CVE-2008-1106 Akamai Technologies
RED Swoosh
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files.

7.1

25 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-06-13 CVE-2008-2701 Joomla SQL Injection vulnerability in Joomla COM Gameq 4.0

SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php.

6.8
2008-06-10 CVE-2008-2650 Cmsimple Path Traversal vulnerability in Cmsimple 3.1

Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-06-10 CVE-2008-2648 Mebiblio Improper Input Validation vulnerability in Mebiblio 0.4.7

Unrestricted file upload vulnerability in upload/uploader.html in meBiblio 0.4.7 allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the files/ directory.

6.8
2008-06-10 CVE-2008-1585 Apple Improper Input Validation vulnerability in Apple Quicktime

Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs.

6.8
2008-06-10 CVE-2008-1584 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file.

6.8
2008-06-10 CVE-2008-1583 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581.

6.8
2008-06-10 CVE-2008-1582 Apple Resource Management Errors vulnerability in Apple Quicktime 7.4.5

Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption.

6.8
2008-06-10 CVE-2008-1581 Microsoft
Apple
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image.

6.8
2008-06-12 CVE-2008-2674 Redhat
Fujitsu
SUN
Microsoft
Arbitrary File Access vulnerability in Fujitsu Interstage Management Console

Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors.

6.4
2008-06-12 CVE-2008-1441 Microsoft Improper Input Validation vulnerability in Microsoft products

Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."

5.4
2008-06-13 CVE-2008-2704 Novell Improper Input Validation vulnerability in Novell Groupwise Messenger

Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert.

5.0
2008-06-13 CVE-2008-2364 Apache Resource Management Errors vulnerability in Apache Http Server 2.0.63/2.2.8

The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.

5.0
2008-06-12 CVE-2008-2681 Realm Project Information Exposure vulnerability in Realm Project Realm CMS

Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to _db/compact.asp, which reveals the database path in an error message.

5.0
2008-06-10 CVE-2008-2631 Altn Resource Management Errors vulnerability in Altn Mdaemon 9.6.4/9.6.5

The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted HTTP POST request.

5.0
2008-06-11 CVE-2008-2230 Reportbug NG Code Injection vulnerability in Reportbug-Ng Reportbug and Reportbug-Ng

Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and (2) reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory.

4.6
2008-06-13 CVE-2008-2698 WEB Album Cross-Site Scripting vulnerability in Web-Album Webalbum 2.0

Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php (aka the "add comment" section) in WEBalbum 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) id, or (3) category parameter.

4.3
2008-06-13 CVE-2008-2696 Exiv2 Numeric Errors vulnerability in Exiv2 0.16

Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to "pretty printing" and the RationalValue::toLong function.

4.3
2008-06-13 CVE-2008-2694 Phpinv Cross-Site Scripting vulnerability in PHPinv 0.8.0

Cross-site scripting (XSS) vulnerability in search.php in phpInv 0.8.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

4.3
2008-06-12 CVE-2008-2680 Realm Project Cross-Site Scripting vulnerability in Realm Project Realm CMS

Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp in Realm CMS 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) CmpctedDB and (2) Boyut parameters.

4.3
2008-06-12 CVE-2008-2677 Telephone Cross-Site Scripting vulnerability in Telephone Directory 2008

Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Directory 2008 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

4.3
2008-06-12 CVE-2008-2675 Softcomplex Cross-Site Scripting vulnerability in Softcomplex PHP Image Gallery 1.0

Cross-site scripting (XSS) vulnerability in index.php in PHP Image Gallery allows remote attackers to inject arbitrary web script or HTML via the action parameter.

4.3
2008-06-12 CVE-2008-2668 Y Blog Cross-Site Scripting vulnerability in Y-Blog Yblog 0.2.2.2

Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php.

4.3
2008-06-10 CVE-2008-2646 Mebiblio Cross-Site Scripting vulnerability in Mebiblio 0.4.7

Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sql parameter to dbadd.inc.php, (2) InsertJournal parameter to add_journal_mask.inc.php, (3) InsertBibliography parameter to insert_mask.inc.php, and (4) LabelYear parameter to search_mask.inc.php.

4.3
2008-06-10 CVE-2008-2644 Smeweb Cross-Site Scripting vulnerability in Smeweb 1.4B/1.4F

Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the (1) data parameter to catalog.php, the (2) keyword parameter to search.php, the (3) page parameter to bb.php, and the (4) new_s parameter to order.php.

4.3
2008-06-10 CVE-2008-2637 F5 Cross-Site Scripting vulnerability in F5 Firepass SSL VPN 6.0.2

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.

4.3

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS