Weekly Vulnerabilities Reports > June 9 to 15, 2008
Overview
79 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 40 high severity vulnerabilities. This weekly summary report vulnerabilities in 100 products from 54 vendors including Joomla, Microsoft, Apple, Realm Project, and Mebiblio. Vulnerabilities are notably categorized as "SQL Injection", "Improper Input Validation", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Path Traversal".
- 75 reported vulnerabilities are remotely exploitables.
- 50 reported vulnerabilities have public exploit available.
- 44 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 79 reported vulnerabilities are exploitable by an anonymous user.
- Joomla has the most reported vulnerabilities, with 11 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
15 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-06-13 | CVE-2008-2703 | Novell | Buffer Errors vulnerability in Novell Groupwise Messenger 2.0/2.0.2/2.0.3 Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name. | 10.0 |
2008-06-13 | CVE-2008-2689 | Browsercrm | Code Injection vulnerability in Browsercrm 5.002.00 PHP remote file inclusion vulnerability in pub/clients.php in BrowserCRM 5.002.00 allows remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter. | 10.0 |
2008-06-13 | CVE-2008-2654 | Lavrsen | Numeric Errors vulnerability in Lavrsen Motion Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and compiler. | 10.0 |
2008-06-10 | CVE-2008-0960 | Cisco Ecos Sourceware NET Snmp SUN Ingate Juniper | Improper Authentication vulnerability in Juniper Session and Resource Control and SRC PE SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. | 10.0 |
2008-06-10 | CVE-2008-2638 | 1 Script | Code Injection vulnerability in 1-Script 1-Book Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php. | 10.0 |
2008-06-13 | CVE-2008-2702 | Estsoft | Path Traversal vulnerability in Estsoft Alftp 4.1/5.0 Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. | 9.3 |
2008-06-13 | CVE-2008-2693 | Black ICE | Buffer Errors vulnerability in Black ICE Barcode SDK 5.01 Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control in BITiff.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via a long first argument to the SetByteOrder method. | 9.3 |
2008-06-13 | CVE-2008-2690 | Browsercrm | Code Injection vulnerability in Browsercrm 5.002.00 Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter to (1) kb.php, (2) login.php, (3) index.php, (4) contact_view.php, and (5) contact.php in pub/, different vectors than CVE-2008-2689. | 9.3 |
2008-06-12 | CVE-2008-2684 | Blackice | Code Injection vulnerability in Blackice Black ICE Barcode SDK 5.01 The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via long strings in the two arguments to the DownloadImageFileURL method, which trigger memory corruption. | 9.3 |
2008-06-12 | CVE-2008-2683 | Black ICE | Improper Input Validation vulnerability in Black ICE Barcode SDK 5.01 The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. | 9.3 |
2008-06-12 | CVE-2008-1444 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Directx Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." | 9.3 |
2008-06-12 | CVE-2008-1442 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 6/7 Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability." | 9.3 |
2008-06-12 | CVE-2008-0011 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Directx Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." | 9.3 |
2008-06-10 | CVE-2008-2152 | Openoffice | Numeric Errors vulnerability in Openoffice Openoffice.Org Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. | 9.3 |
2008-06-10 | CVE-2008-2635 | Barad DUR | Path Traversal vulnerability in Barad DUR Bitkinex 2.9.3 Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a .. | 9.3 |
40 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-06-12 | CVE-2008-1453 | Microsoft | Improper Input Validation vulnerability in Microsoft Windows-Nt, Windows Vista and Windows XP The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. | 8.3 |
2008-06-10 | CVE-2008-2636 | Cisco | Improper Input Validation vulnerability in Cisco Linksys Wrh54G Router 1.01.03 The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page" sequence, and ends with a ".asp" sequence. | 7.8 |
2008-06-13 | CVE-2008-2700 | GWM | SQL Injection vulnerability in GWM Galatolo Webmanager 1.0 SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-06-13 | CVE-2008-2699 | GWM | Path Traversal vulnerability in GWM Galatolo Webmanager 1.0 Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php. | 7.5 |
2008-06-13 | CVE-2008-2697 | Joomla Rapid Source | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php. | 7.5 |
2008-06-13 | CVE-2008-2695 | Phpinv | Path Traversal vulnerability in PHPinv 0.8.0 Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-06-13 | CVE-2008-2692 | Joomla | SQL Injection vulnerability in Joomla COM Yvcomment SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php. | 7.5 |
2008-06-13 | CVE-2008-2691 | Jiro | SQL Injection vulnerability in Jiro FAQ Manager Experience 1.0 SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter. | 7.5 |
2008-06-13 | CVE-2008-2688 | Pilotcart | SQL Injection vulnerability in Pilotcart Pilot Cart 7.3 SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the article parameter in a kb action. | 7.5 |
2008-06-13 | CVE-2008-2687 | Promanager | Path Traversal vulnerability in Promanager 0.73 Directory traversal vulnerability in inc/config.php in ProManager 0.73 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-06-13 | CVE-2008-2686 | Flux CMS | Improper Input Validation vulnerability in Flux CMS Flux CMS webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows remote attackers to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request for this filename. | 7.5 |
2008-06-12 | CVE-2008-2685 | Battleblog | SQL Injection vulnerability in Battleblog SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626. | 7.5 |
2008-06-12 | CVE-2008-2682 | Realm Project | Permissions, Privileges, and Access Controls vulnerability in Realm Project Realm CMS 2.3 _RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID. | 7.5 |
2008-06-12 | CVE-2008-2679 | Realm Project | SQL Injection vulnerability in Realm Project Realm CMS SQL injection vulnerability in the KeyWordsList function in _includes/inc_routines.asp in Realm CMS 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI. | 7.5 |
2008-06-12 | CVE-2008-2678 | Telephone | SQL Injection vulnerability in Telephone Directory 2008 Multiple SQL injection vulnerabilities in Telephone Directory 2008, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) code parameter in a confirm_data action to edit1.php and the (2) id parameter to view_more.php. | 7.5 |
2008-06-12 | CVE-2008-2676 | Joomla | SQL Injection vulnerability in Joomla COM News Portal and Joomla SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | 7.5 |
2008-06-12 | CVE-2008-2673 | Powie | SQL Injection vulnerability in Powie Pnews 2.08/2.10 SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter. | 7.5 |
2008-06-12 | CVE-2008-2672 | Erfurtwiki | Path Traversal vulnerability in Erfurtwiki Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and earlier, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-06-12 | CVE-2008-2671 | Dcfm Blog | SQL Injection vulnerability in Dcfm Blog Dcfm Blog 0.9.4 SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-06-12 | CVE-2008-2670 | Insanelysimple2 | SQL Injection vulnerability in Insanelysimple2 Isblog 0.5 Multiple SQL injection vulnerabilities in index.php in Insanely Simple Blog 0.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter, or (2) the term parameter in a search action. | 7.5 |
2008-06-12 | CVE-2008-2669 | Y Blog | SQL Injection vulnerability in Y-Blog Yblog 0.2.2.2 Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php. | 7.5 |
2008-06-10 | CVE-2008-2652 | Smeweb | SQL Injection vulnerability in Smeweb 1.4B/1.4F Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters. | 7.5 |
2008-06-10 | CVE-2008-2651 | Joomla | SQL Injection vulnerability in Joomla COM Joobb 0.5.9 SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the forum parameter in a forum action to index.php. | 7.5 |
2008-06-10 | CVE-2008-2649 | Don3 | Code Injection vulnerability in Don3 Desktoponnet 3 Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 Beta allow remote attackers to execute arbitrary PHP code via a URL in the app_path parameter to (1) don3_requiem.don3app/don3_requiem.php and (2) frontpage.don3app/frontpage.php. | 7.5 |
2008-06-10 | CVE-2008-2647 | Mebiblio | SQL Injection vulnerability in Mebiblio 0.4.7 SQL injection vulnerability in admin/journal_change_mask.inc.php in meBiblio 0.4.7 allows remote attackers to execute arbitrary SQL commands via the JID parameter. | 7.5 |
2008-06-10 | CVE-2008-2645 | Brim Project | Code Injection vulnerability in Brim-Project Brim 1.0.1 Multiple PHP remote file inclusion vulnerabilities in Brim (formerly Booby) 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in (1) barrel/, (2) barry/, (3) mylook/, (4) oerdec/, (5) penguin/, (6) sidebar/, (7) slashdot/, and (8) text-only/ in templates/. | 7.5 |
2008-06-10 | CVE-2008-2643 | Joomla | SQL Injection vulnerability in Joomla COM Biblestudy SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php. | 7.5 |
2008-06-10 | CVE-2008-2642 | Kmrg ITB | SQL Injection vulnerability in Kmrg-Itb Otomigenx 2.2 SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remote attackers to execute arbitrary SQL commands via the userAccount parameter (aka the User Name field) to index.php. | 7.5 |
2008-06-10 | CVE-2008-2634 | Bearrivernet NET | SQL Injection vulnerability in Bearrivernet.Net I-Pos Internet PAY Online Store 1.1 SQL injection vulnerability in index.asp in I-Pos Internet Pay Online Store 1.3 Beta and earlier allows remote attackers to execute arbitrary SQL commands via the item parameter. | 7.5 |
2008-06-10 | CVE-2008-2633 | Joomla | SQL Injection vulnerability in Joomla COM Joomradio and Joomla Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php. | 7.5 |
2008-06-10 | CVE-2008-2632 | Joomla | SQL Injection vulnerability in Joomla COM Acctexp and Joomla SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php. | 7.5 |
2008-06-10 | CVE-2008-2630 | Joomla | SQL Injection vulnerability in Joomla COM JB2 0.1.1 SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php. | 7.5 |
2008-06-10 | CVE-2008-2629 | Drupal Lifetype | SQL Injection vulnerability in Lifetype SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php. | 7.5 |
2008-06-10 | CVE-2008-2628 | Joomla RON Liskey | SQL Injection vulnerability in RON Liskey COM Equotes 0.9.4 SQL injection vulnerability in the eQuotes (com_equotes) component 0.9.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 7.5 |
2008-06-10 | CVE-2008-2627 | Joomla | SQL Injection vulnerability in Joomla COM Idoblog SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 and earlier and 1.0, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the userid parameter in a userblog action to index.php. | 7.5 |
2008-06-10 | CVE-2008-2626 | Battleblog | SQL Injection vulnerability in Battleblog 1.05/1.0D/1.20 SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter. | 7.5 |
2008-06-12 | CVE-2008-1451 | Microsoft | Improper Input Validation vulnerability in Microsoft Windows 2000 and Windows 2003 Server The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability." | 7.2 |
2008-06-10 | CVE-2008-2358 | Linux | Numeric Errors vulnerability in Linux Kernel Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow. | 7.2 |
2008-06-12 | CVE-2008-1445 | Microsoft | Improper Input Validation vulnerability in Microsoft Windows-Nt, Windows 2003 Server and Windows XP Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. | 7.1 |
2008-06-09 | CVE-2008-1106 | Akamai Technologies RED Swoosh | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files. | 7.1 |
24 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-06-13 | CVE-2008-2701 | Joomla | SQL Injection vulnerability in Joomla COM Gameq 4.0 SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php. | 6.8 |
2008-06-10 | CVE-2008-2650 | Cmsimple | Path Traversal vulnerability in Cmsimple 3.1 Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2008-06-10 | CVE-2008-2648 | Mebiblio | Improper Input Validation vulnerability in Mebiblio 0.4.7 Unrestricted file upload vulnerability in upload/uploader.html in meBiblio 0.4.7 allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the files/ directory. | 6.8 |
2008-06-10 | CVE-2008-1585 | Apple | Improper Input Validation vulnerability in Apple Quicktime Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs. | 6.8 |
2008-06-10 | CVE-2008-1584 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file. | 6.8 |
2008-06-10 | CVE-2008-1583 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581. | 6.8 |
2008-06-10 | CVE-2008-1582 | Apple | Resource Management Errors vulnerability in Apple Quicktime 7.4.5 Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption. | 6.8 |
2008-06-10 | CVE-2008-1581 | Microsoft Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image. | 6.8 |
2008-06-12 | CVE-2008-2674 | Redhat Fujitsu SUN Microsoft | Arbitrary File Access vulnerability in Fujitsu Interstage Management Console Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors. | 6.4 |
2008-06-12 | CVE-2008-1441 | Microsoft | Improper Input Validation vulnerability in Microsoft products Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." | 5.4 |
2008-06-13 | CVE-2008-2704 | Novell | Improper Input Validation vulnerability in Novell Groupwise Messenger Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. | 5.0 |
2008-06-12 | CVE-2008-2681 | Realm Project | Information Exposure vulnerability in Realm Project Realm CMS Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to _db/compact.asp, which reveals the database path in an error message. | 5.0 |
2008-06-10 | CVE-2008-2631 | Altn | Resource Management Errors vulnerability in Altn Mdaemon 9.6.4/9.6.5 The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted HTTP POST request. | 5.0 |
2008-06-11 | CVE-2008-2230 | Reportbug NG | Code Injection vulnerability in Reportbug-Ng Reportbug and Reportbug-Ng Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and (2) reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory. | 4.6 |
2008-06-13 | CVE-2008-2698 | WEB Album | Cross-Site Scripting vulnerability in Web-Album Webalbum 2.0 Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php (aka the "add comment" section) in WEBalbum 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) id, or (3) category parameter. | 4.3 |
2008-06-13 | CVE-2008-2696 | Exiv2 | Numeric Errors vulnerability in Exiv2 0.16 Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to "pretty printing" and the RationalValue::toLong function. | 4.3 |
2008-06-13 | CVE-2008-2694 | Phpinv | Cross-Site Scripting vulnerability in PHPinv 0.8.0 Cross-site scripting (XSS) vulnerability in search.php in phpInv 0.8.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | 4.3 |
2008-06-12 | CVE-2008-2680 | Realm Project | Cross-Site Scripting vulnerability in Realm Project Realm CMS Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp in Realm CMS 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) CmpctedDB and (2) Boyut parameters. | 4.3 |
2008-06-12 | CVE-2008-2677 | Telephone | Cross-Site Scripting vulnerability in Telephone Directory 2008 Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Directory 2008 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | 4.3 |
2008-06-12 | CVE-2008-2675 | Softcomplex | Cross-Site Scripting vulnerability in Softcomplex PHP Image Gallery 1.0 Cross-site scripting (XSS) vulnerability in index.php in PHP Image Gallery allows remote attackers to inject arbitrary web script or HTML via the action parameter. | 4.3 |
2008-06-12 | CVE-2008-2668 | Y Blog | Cross-Site Scripting vulnerability in Y-Blog Yblog 0.2.2.2 Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php. | 4.3 |
2008-06-10 | CVE-2008-2646 | Mebiblio | Cross-Site Scripting vulnerability in Mebiblio 0.4.7 Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sql parameter to dbadd.inc.php, (2) InsertJournal parameter to add_journal_mask.inc.php, (3) InsertBibliography parameter to insert_mask.inc.php, and (4) LabelYear parameter to search_mask.inc.php. | 4.3 |
2008-06-10 | CVE-2008-2644 | Smeweb | Cross-Site Scripting vulnerability in Smeweb 1.4B/1.4F Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the (1) data parameter to catalog.php, the (2) keyword parameter to search.php, the (3) page parameter to bb.php, and the (4) new_s parameter to order.php. | 4.3 |
2008-06-10 | CVE-2008-2637 | F5 | Cross-Site Scripting vulnerability in F5 Firepass SSL VPN 6.0.2 Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php. | 4.3 |
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|