Weekly Vulnerabilities Reports > June 16 to 22, 2008

Overview

93 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 89 products from 64 vendors including Xigla, SUN, Menalto, X, and Drupal. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Numeric Errors", "Permissions, Privileges, and Access Controls", and "Improper Input Validation".

  • 86 reported vulnerabilities are remotely exploitables.
  • 19 reported vulnerabilities have public exploit available.
  • 51 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 78 reported vulnerabilities are exploitable by an anonymous user.
  • Xigla has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • X has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

9 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-06-19 CVE-2008-2786 Mozilla Buffer Errors vulnerability in Mozilla Firefox 2.0/3.0

Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors.

10.0
2008-06-16 CVE-2008-2362 X Numeric Errors vulnerability in X X11 R7.3

Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.

10.0
2008-06-19 CVE-2008-2785 Mozilla Numeric Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.

9.3
2008-06-19 CVE-2008-2779 Globalscape Path Traversal vulnerability in Globalscape Cuteftp 8.2.0

Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345.

9.3
2008-06-17 CVE-2008-2745 Black ICE Buffer Errors vulnerability in Black ICE Annotation Software 10.95

Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in Black Ice Software Annotation Plugin 10.95 allows remote attackers to execute arbitrary code via a long parameter to the AnnoSaveToTiff method.

9.3
2008-06-16 CVE-2008-2712 VIM
Canonical
Improper Input Validation vulnerability in VIM

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw.

9.3
2008-06-16 CVE-2008-2705 SUN Improper Authentication vulnerability in SUN Java System Access Manager 7.1

Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors.

9.3
2008-06-16 CVE-2008-2360 X Numeric Errors vulnerability in X X11 R7.3

Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow.

9.0
2008-06-16 CVE-2008-1377 X Numeric Errors vulnerability in X X11 R7.3

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

9.0

30 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-06-18 CVE-2008-2750 Linux Improper Input Validation vulnerability in Linux Kernel

The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable.

7.8
2008-06-18 CVE-2008-2060 Cisco Configuration vulnerability in Cisco Intrusion Prevention System 5.1/6.0

Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a "specific series of jumbo Ethernet frames."

7.8
2008-06-16 CVE-2008-2707 SUN
Intel
Permissions, Privileges, and Access Controls vulnerability in Intel Network Interface Controller 82571/82572

Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors.

7.8
2008-06-16 CVE-2008-2639 Citect Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Citect Citectfacilities and Citectscada

Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222.

7.6
2008-06-20 CVE-2008-2796 Freecms US SQL Injection vulnerability in Freecms.Us Freecms 0.2

SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2008-06-20 CVE-2008-2793 Clip Share SQL Injection vulnerability in Clip-Share Clipshare

SQL injection vulnerability in group_posts.php in ClipShare before 3.0.1 allows remote attackers to execute arbitrary SQL commands via the tid parameter.

7.5
2008-06-20 CVE-2008-2792 Erocms SQL Injection vulnerability in Erocms

SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter.

7.5
2008-06-20 CVE-2008-2791 Kalptaru Infotech SQL Injection vulnerability in Kalptaru Infotech Comparison Engine Power Script 1.0

SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-06-20 CVE-2008-2790 Mountaingrafix SQL Injection vulnerability in Mountaingrafix Easytrade 2.X

SQL injection vulnerability in detail.php in MountainGrafix easyTrade 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-06-20 CVE-2008-2789 Basic CMS SQL Injection vulnerability in Basic-Cms

SQL injection vulnerability in pages/index.php in BASIC-CMS allows remote attackers to execute arbitrary SQL commands via the page_id parameter.

7.5
2008-06-19 CVE-2008-2782 Otomigenx Path Traversal vulnerability in Otomigenx 2.2

Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2008-06-19 CVE-2008-2781 Dzoic SQL Injection vulnerability in Dzoic Handshakes 3.5

SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allows remote attackers to execute arbitrary SQL commands via the fname parameter in a members search action.

7.5
2008-06-19 CVE-2008-2778 Revokesoft SQL Injection vulnerability in Revokesoft Revokebb 1.0

SQL injection vulnerability in inc/class_search.php in the Search System in RevokeBB 1.0 RC11 allows remote attackers to execute arbitrary SQL commands via the search parameter.

7.5
2008-06-19 CVE-2008-2775 DT Centrepiece SQL Injection vulnerability in DT Centrepiece DT Centrepiece 4.0

SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to execute arbitrary SQL commands via the searchFor parameter.

7.5
2008-06-19 CVE-2008-2774 Cartkeeper SQL Injection vulnerability in Cartkeeper Ckgold Shopping Cart 2.5/2.7

SQL injection vulnerability in item.php in CartKeeper CKGold Shopping Cart 2.5 and 2.7 allows remote attackers to execute arbitrary SQL commands via the category_id parameter, a different vector than CVE-2007-4736.

7.5
2008-06-18 CVE-2008-2772 Drupal Code Injection vulnerability in Drupal Magic Tabs Module 5

The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks."

7.5
2008-06-18 CVE-2008-2770 Mycrocms SQL Injection vulnerability in Mycrocms 0.5

SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.

7.5
2008-06-18 CVE-2008-2769 Phpraider Code Injection vulnerability in PHPraider 1.0.6/1.0.7

PHP remote file inclusion vulnerability in authentication/smf/smf.functions.php in Simple Machines phpRaider 1.0.6 and 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[smf_path] parameter.

7.5
2008-06-18 CVE-2008-2765 Xigla SQL Injection vulnerability in Xigla Absolute Image Gallery XE

SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.

7.5
2008-06-18 CVE-2008-2755 Jamm Media SQL Injection vulnerability in Jamm-Media Jamm CMS

SQL injection vulnerability in index.php in JAMM CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-06-18 CVE-2008-2753 Paridel SQL Injection vulnerability in Paridel Pooya Site Builder 6.0

Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) xslIdn parameter to (a) utils/getXsl.aspx, and the (2) part parameter to (b) getXml.aspx and (c) getXls.aspx in utils/.

7.5
2008-06-17 CVE-2008-2746 Gryphon SQL Injection vulnerability in Gryphon Gllcts2 4.2.4

SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the detail parameter.

7.5
2008-06-17 CVE-2008-2742 Achievo Improper Input Validation vulnerability in Achievo

Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory.

7.5
2008-06-16 CVE-2008-2722 Menalto Permissions, Privileges, and Access Controls vulnerability in Menalto Gallery

Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive.

7.5
2008-06-16 CVE-2008-1808 Freetype Numeric Errors vulnerability in Freetype

Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.

7.5
2008-06-16 CVE-2008-1807 Freetype Numeric Errors vulnerability in Freetype

FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.

7.5
2008-06-16 CVE-2008-1806 Freetype Numeric Errors vulnerability in Freetype

Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.

7.5
2008-06-16 CVE-2008-2710 SUN Numeric Errors vulnerability in SUN Opensolaris, Solaris and Sunos

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory.

7.2
2008-06-18 CVE-2008-2752 Microsoft Resource Management Errors vulnerability in Microsoft Word 2000/2003

Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file.

7.1
2008-06-18 CVE-2008-2749 SUN Denial of Service vulnerability in Sun Java System Calendar Server

Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging (aka service.http.commandlog.all) is enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

7.1

49 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-06-20 CVE-2008-2794 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Notification Server 6.0

Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors.

6.8
2008-06-18 CVE-2008-2754 Efiction SQL Injection vulnerability in Efiction 3.0/3.4.3

SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter.

6.8
2008-06-18 CVE-2008-2428 Torrenttrader SQL Injection vulnerability in Torrenttrader Classic 1.08

Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) wantusername parameter to account-signup.php, or the (3) receiver parameter to account-inbox.php in a msg action.

6.8
2008-06-16 CVE-2008-2719 Nasm Numeric Errors vulnerability in Nasm Netwide Assembler 2.02

Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.

6.8
2008-06-16 CVE-2008-2361 Xorg Numeric Errors vulnerability in Xorg X11 R7.3

Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.

6.8
2008-06-16 CVE-2008-1379 X Numeric Errors vulnerability in X X11 R7.3

Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height.

6.8
2008-06-18 CVE-2008-2767 Xigla SQL Injection vulnerability in Xigla Absolute Poll Manager XE

SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter.

6.5
2008-06-18 CVE-2008-2763 Xigla SQL Injection vulnerability in Xigla Absolute Live Support XE 5.1

SQL injection vulnerability in search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.

6.5
2008-06-18 CVE-2008-2762 Xigla SQL Injection vulnerability in Xigla Absolute Form Processor XE 4.0

SQL injection vulnerability in search.asp in Xigla Absolute Form Processor XE 4.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.

6.5
2008-06-18 CVE-2008-2760 Xigla SQL Injection vulnerability in Xigla Absolute Banner Manager 2.0

SQL injection vulnerability in searchbanners.asp in Xigla Absolute Banner Manager XE 2.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.

6.5
2008-06-18 CVE-2008-2757 Xigla SQL Injection vulnerability in Xigla Absolute News Manager XE 3.2

SQL injection vulnerability in search.asp in Xigla Absolute News Manager XE 3.2 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.

6.5
2008-06-16 CVE-2008-2717 Apache
Typo3
Permissions, Privileges, and Access Controls vulnerability in multiple products

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

6.5
2008-06-19 CVE-2008-2784 Spamdyke Permissions, Privileges, and Access Controls vulnerability in Spamdyke

The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.

6.4
2008-06-19 CVE-2008-2780 Albinoloverats Cryptographic Issues vulnerability in Albinoloverats Anubis Plugin

The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file.

6.4
2008-06-20 CVE-2008-2666 PHP Path Traversal vulnerability in PHP

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.

5.0
2008-06-20 CVE-2008-2665 PHP Path Traversal vulnerability in PHP 5.2.6

Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a ..

5.0
2008-06-18 CVE-2008-2771 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal and Node Hierarchy Module

The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.

5.0
2008-06-18 CVE-2008-2748 Skulltag Team Improper Input Validation vulnerability in Skulltag Team Skulltag

Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a denial of service (daemon hang) via a series of long, malformed connect packets, related to these packets being "parsed multiple times."

5.0
2008-06-16 CVE-2008-2724 Menalto Permissions, Privileges, and Access Controls vulnerability in Menalto Gallery

Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions.

5.0
2008-06-16 CVE-2008-2723 Menalto Information Exposure vulnerability in Menalto Gallery

embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address."

5.0
2008-06-16 CVE-2008-2721 Menalto Information Exposure vulnerability in Menalto Gallery

Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album.

5.0
2008-06-16 CVE-2008-2716 Opera Software Multiple Security vulnerability in Opera Web Browser 9.27

Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks.

5.0
2008-06-16 CVE-2008-2715 Opera Information Exposure vulnerability in Opera Browser

Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns.

5.0
2008-06-16 CVE-2008-2714 Opera Multiple Security vulnerability in Opera Web Browser 9.27

Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced."

5.0
2008-06-16 CVE-2008-2713 Clam Anti Virus Resource Management Errors vulnerability in Clam Anti-Virus Clamav

libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.

5.0
2008-06-16 CVE-2008-2708 SUN Kernel Denial of Service vulnerability in Sun Solaris 10 and OpenSolaris

Unspecified vulnerability in the Sun (1) UltraSPARC T2 and (2) UltraSPARC T2+ kernel modules in Sun Solaris 10, and OpenSolaris before snv_93, allows local users to cause a denial of service (panic) via unspecified vectors, probably related to core files.

4.9
2008-06-16 CVE-2008-2706 SUN Resource Management Errors vulnerability in SUN Solaris 10

Unspecified vulnerability in the event port implementation in Sun Solaris 10 allows local users to cause a denial of service (panic) by submitting and retrieving user-defined events, probably related to a NULL dereference.

4.9
2008-06-16 CVE-2008-2709 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM OS 400 V5R4M0/V5R4M5/V6R1M0

Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port.

4.7
2008-06-16 CVE-2008-2366 Redhat
Openoffice
Configuration vulnerability in Openoffice 1.1

Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path.

4.4
2008-06-20 CVE-2008-2797 Manageengine Cross-Site Scripting vulnerability in Manageengine Oputils 5.0

Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph.

4.3
2008-06-20 CVE-2008-2795 IDM Computer Solutions INC Path Traversal vulnerability in IDM Computer Solutions INC Ultraedit 14.00B

Directory traversal vulnerability in the FTP and SFTP clients in IDM Computer Solutions Inc UltraEdit 14.00b allows remote FTP servers to create or overwrite arbitrary files via a ..

4.3
2008-06-20 CVE-2008-2788 Opendocman Cross-Site Scripting vulnerability in Opendocman 1.2.5

Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.

4.3
2008-06-20 CVE-2008-2787 Opendocman Cross-Site Scripting vulnerability in Opendocman 1.2.5

Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter.

4.3
2008-06-19 CVE-2008-2783 Horde Cross-Site Scripting vulnerability in Horde Groupware, Groupware Webmail Edition and Kronolith

Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI.

4.3
2008-06-19 CVE-2008-2777 Luca Corbo Cross-Site Scripting vulnerability in Luca Corbo Ortro

Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-06-19 CVE-2008-2776 DT Centrepiece Cross-Site Scripting vulnerability in DT Centrepiece DT Centrepiece 4.0

Cross-site scripting (XSS) vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter.

4.3
2008-06-18 CVE-2008-2773 Drupal Cross-Site Scripting vulnerability in Drupal Taxonomy Image Module 5/6

Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-06-18 CVE-2008-2766 Xigla Cross-Site Scripting vulnerability in Xigla Absolute Image Gallery XE

Cross-site scripting (XSS) vulnerability in Xigla Absolute Image Gallery XE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) admin/search.asp and (2) gallery.asp.

4.3
2008-06-18 CVE-2008-2759 Xigla Cross-Site Scripting vulnerability in Xigla Absolute Form Processor XE 4.0

Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showfields, (2) text, and (3) submissions parameters to search.asp and the (4) name parameter to users.asp.

4.3
2008-06-18 CVE-2008-2756 Xigla Cross-Site Scripting vulnerability in Xigla Absolute Control Panel XE 1.0

Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla Absolute Control Panel XE 1.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter and other unspecified parameters.

4.3
2008-06-18 CVE-2008-2751 Oracle
SUN
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, or (4) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (a) resourceNode/customResourceNew.jsf; the (5) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (6) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (7) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, (8) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiLookupProp:jndiLookup, or (9) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (b) resourceNode/externalResourceNew.jsf; the (10) propertyForm:propertySheet:propertSectionTextField:jndiProp:Jndi, (11) propertyForm:propertySheet:propertSectionTextField:nameProp:name, or (12) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (c) resourceNode/jmsDestinationNew.jsf; the (13) propertyForm:propertySheet:generalPropertySheet:jndiProp:Jndi or (14) propertyForm:propertySheet:generalPropertySheet:descProp:cd parameter to (d) resourceNode/jmsConnectionNew.jsf; the (15) propertyForm:propertySheet:propertSectionTextField:jndiProp:jnditext or (16) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (e) resourceNode/jdbcResourceNew.jsf; the (17) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:nameProp:name, (18) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:classNameProp:classname, or (19) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:loadOrderProp:loadOrder parameter to (f) applications/lifecycleModulesNew.jsf; or the (20) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:jndiProp:name, (21) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:resTypeProp:resType, or (22) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:dbProp:db parameter to (g) resourceNode/jdbcConnectionPoolNew1.jsf.

4.3
2008-06-18 CVE-2008-2640 Adobe Cross-Site Scripting vulnerability in Adobe Flex and Flex Builder

Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/.

4.3
2008-06-18 CVE-2008-0925 Novell Cross-Site Scripting vulnerability in Novell Edirectory

Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack."

4.3
2008-06-17 CVE-2008-2744 Vbulletin Cross-Site Scripting vulnerability in Vbulletin 3.6.10/3.7.1

Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors and an "obscure method." NOTE: the vector is probably in the redirect parameter to the Admin Control Panel (admincp/index.php).

4.3
2008-06-17 CVE-2008-2743 Xerox Cross-Site Scripting vulnerability in Xerox 4110, Xerox 4590 and Xerox 4595

Cross-site scripting (XSS) vulnerability in the embedded web server in Xerox 4110, 4590, and 4595 Copier/Printers allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

4.3
2008-06-16 CVE-2008-2720 Menalto Cross-Site Scripting vulnerability in Menalto Gallery

Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) host and (2) path components of a URL.

4.3
2008-06-16 CVE-2008-2718 Typo3 Cross-Site Scripting vulnerability in Typo3

Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-06-16 CVE-2008-2711 Fetchmail Improper Input Validation vulnerability in Fetchmail

fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.

4.3
2008-06-16 CVE-2008-0071 Bittorrent
Utorrent
Improper Input Validation vulnerability in multiple products

The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header.

4.3

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-06-18 CVE-2008-2768 Xigla Cross-Site Scripting vulnerability in Xigla Absolute Poll Manager XE

Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors ("all fields").

3.5
2008-06-18 CVE-2008-2764 Xigla Cross-Site Scripting vulnerability in Xigla Absolute Live Support XE 5.1

Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors ("all fields").

3.5
2008-06-18 CVE-2008-2761 Xigla Cross-Site Scripting vulnerability in Xigla Absolute Banner Manager 2.0

Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in (1) searchbanners.asp and (2) listadvertisers.asp, and other unspecified fields.

3.5
2008-06-18 CVE-2008-2758 Xigla Cross-Site Scripting vulnerability in Xigla Absolute News Manager XE 3.2

Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parameter to (b) admin/publishers.asp, and other unspecified vectors to (c) anmviewer.asp and (d) editarticleX.asp in admin/.

3.5
2008-06-18 CVE-2008-2747 Microsoft
NO IP
Information Exposure vulnerability in No-Ip Dynamic Update Client 2.2.1

No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.

2.1