Weekly Vulnerabilities Reports > June 16 to 22, 2008
Overview
91 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 86 products from 61 vendors including Xigla, SUN, Menalto, X, and Drupal. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Numeric Errors", "Permissions, Privileges, and Access Controls", and "Path Traversal".
- 84 reported vulnerabilities are remotely exploitables.
- 19 reported vulnerabilities have public exploit available.
- 51 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 76 reported vulnerabilities are exploitable by an anonymous user.
- Xigla has the most reported vulnerabilities, with 13 reported vulnerabilities.
- X has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
9 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-06-19 | CVE-2008-2786 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox 2.0/3.0 Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. | 10.0 |
2008-06-16 | CVE-2008-2362 | X | Numeric Errors vulnerability in X X11 R7.3 Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption. | 10.0 |
2008-06-19 | CVE-2008-2785 | Mozilla | Numeric Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349. | 9.3 |
2008-06-19 | CVE-2008-2779 | Globalscape | Path Traversal vulnerability in Globalscape Cuteftp 8.2.0 Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. | 9.3 |
2008-06-17 | CVE-2008-2745 | Black ICE | Buffer Errors vulnerability in Black ICE Annotation Software 10.95 Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in Black Ice Software Annotation Plugin 10.95 allows remote attackers to execute arbitrary code via a long parameter to the AnnoSaveToTiff method. | 9.3 |
2008-06-16 | CVE-2008-2712 | VIM Canonical | Improper Input Validation vulnerability in VIM Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. | 9.3 |
2008-06-16 | CVE-2008-2705 | SUN | Improper Authentication vulnerability in SUN Java System Access Manager 7.1 Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors. | 9.3 |
2008-06-16 | CVE-2008-2360 | X | Numeric Errors vulnerability in X X11 R7.3 Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow. | 9.0 |
2008-06-16 | CVE-2008-1377 | X | Numeric Errors vulnerability in X X11 R7.3 The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. | 9.0 |
29 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-06-18 | CVE-2008-2060 | Cisco | Configuration vulnerability in Cisco Intrusion Prevention System 5.1/6.0 Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a "specific series of jumbo Ethernet frames." | 7.8 |
2008-06-16 | CVE-2008-2707 | SUN Intel | Permissions, Privileges, and Access Controls vulnerability in Intel Network Interface Controller 82571/82572 Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors. | 7.8 |
2008-06-16 | CVE-2008-2639 | Citect | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Citect Citectfacilities and Citectscada Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222. | 7.6 |
2008-06-20 | CVE-2008-2796 | Freecms US | SQL Injection vulnerability in Freecms.Us Freecms 0.2 SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
2008-06-20 | CVE-2008-2793 | Clip Share | SQL Injection vulnerability in Clip-Share Clipshare SQL injection vulnerability in group_posts.php in ClipShare before 3.0.1 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | 7.5 |
2008-06-20 | CVE-2008-2792 | Erocms | SQL Injection vulnerability in Erocms SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter. | 7.5 |
2008-06-20 | CVE-2008-2791 | Kalptaru Infotech | SQL Injection vulnerability in Kalptaru Infotech Comparison Engine Power Script 1.0 SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-06-20 | CVE-2008-2790 | Mountaingrafix | SQL Injection vulnerability in Mountaingrafix Easytrade 2.X SQL injection vulnerability in detail.php in MountainGrafix easyTrade 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-06-20 | CVE-2008-2789 | Basic CMS | SQL Injection vulnerability in Basic-Cms SQL injection vulnerability in pages/index.php in BASIC-CMS allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | 7.5 |
2008-06-19 | CVE-2008-2782 | Otomigenx | Path Traversal vulnerability in Otomigenx 2.2 Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-06-19 | CVE-2008-2781 | Dzoic | SQL Injection vulnerability in Dzoic Handshakes 3.5 SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allows remote attackers to execute arbitrary SQL commands via the fname parameter in a members search action. | 7.5 |
2008-06-19 | CVE-2008-2778 | Revokesoft | SQL Injection vulnerability in Revokesoft Revokebb 1.0 SQL injection vulnerability in inc/class_search.php in the Search System in RevokeBB 1.0 RC11 allows remote attackers to execute arbitrary SQL commands via the search parameter. | 7.5 |
2008-06-19 | CVE-2008-2775 | DT Centrepiece | SQL Injection vulnerability in DT Centrepiece DT Centrepiece 4.0 SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to execute arbitrary SQL commands via the searchFor parameter. | 7.5 |
2008-06-19 | CVE-2008-2774 | Cartkeeper | SQL Injection vulnerability in Cartkeeper Ckgold Shopping Cart 2.5/2.7 SQL injection vulnerability in item.php in CartKeeper CKGold Shopping Cart 2.5 and 2.7 allows remote attackers to execute arbitrary SQL commands via the category_id parameter, a different vector than CVE-2007-4736. | 7.5 |
2008-06-18 | CVE-2008-2772 | Drupal | Code Injection vulnerability in Drupal Magic Tabs Module 5 The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks." | 7.5 |
2008-06-18 | CVE-2008-2770 | Mycrocms | SQL Injection vulnerability in Mycrocms 0.5 SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the entry_id parameter. | 7.5 |
2008-06-18 | CVE-2008-2769 | Phpraider | Code Injection vulnerability in PHPraider 1.0.6/1.0.7 PHP remote file inclusion vulnerability in authentication/smf/smf.functions.php in Simple Machines phpRaider 1.0.6 and 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[smf_path] parameter. | 7.5 |
2008-06-18 | CVE-2008-2765 | Xigla | SQL Injection vulnerability in Xigla Absolute Image Gallery XE SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action. | 7.5 |
2008-06-18 | CVE-2008-2755 | Jamm Media | SQL Injection vulnerability in Jamm-Media Jamm CMS SQL injection vulnerability in index.php in JAMM CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-06-18 | CVE-2008-2753 | Paridel | SQL Injection vulnerability in Paridel Pooya Site Builder 6.0 Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) xslIdn parameter to (a) utils/getXsl.aspx, and the (2) part parameter to (b) getXml.aspx and (c) getXls.aspx in utils/. | 7.5 |
2008-06-17 | CVE-2008-2746 | Gryphon | SQL Injection vulnerability in Gryphon Gllcts2 4.2.4 SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the detail parameter. | 7.5 |
2008-06-17 | CVE-2008-2742 | Achievo | Improper Input Validation vulnerability in Achievo Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. | 7.5 |
2008-06-16 | CVE-2008-2722 | Menalto | Permissions, Privileges, and Access Controls vulnerability in Menalto Gallery Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive. | 7.5 |
2008-06-16 | CVE-2008-1808 | Freetype | Numeric Errors vulnerability in Freetype Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow. | 7.5 |
2008-06-16 | CVE-2008-1807 | Freetype | Numeric Errors vulnerability in Freetype FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption. | 7.5 |
2008-06-16 | CVE-2008-1806 | Freetype | Numeric Errors vulnerability in Freetype Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow. | 7.5 |
2008-06-16 | CVE-2008-2710 | SUN | Numeric Errors vulnerability in SUN Opensolaris, Solaris and Sunos Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. | 7.2 |
2008-06-18 | CVE-2008-2752 | Microsoft | Resource Management Errors vulnerability in Microsoft Word 2000/2003 Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. | 7.1 |
2008-06-18 | CVE-2008-2749 | SUN | Denial of Service vulnerability in Sun Java System Calendar Server Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging (aka service.http.commandlog.all) is enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | 7.1 |
48 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-06-20 | CVE-2008-2794 | Symantec | Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Notification Server 6.0 Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors. | 6.8 |
2008-06-18 | CVE-2008-2754 | Efiction | SQL Injection vulnerability in Efiction 3.0/3.4.3 SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter. | 6.8 |
2008-06-18 | CVE-2008-2428 | Torrenttrader | SQL Injection vulnerability in Torrenttrader Classic 1.08 Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) wantusername parameter to account-signup.php, or the (3) receiver parameter to account-inbox.php in a msg action. | 6.8 |
2008-06-16 | CVE-2008-2361 | Xorg | Numeric Errors vulnerability in Xorg X11 R7.3 Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory. | 6.8 |
2008-06-16 | CVE-2008-1379 | X | Numeric Errors vulnerability in X X11 R7.3 Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height. | 6.8 |
2008-06-18 | CVE-2008-2767 | Xigla | SQL Injection vulnerability in Xigla Absolute Poll Manager XE SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter. | 6.5 |
2008-06-18 | CVE-2008-2763 | Xigla | SQL Injection vulnerability in Xigla Absolute Live Support XE 5.1 SQL injection vulnerability in search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter. | 6.5 |
2008-06-18 | CVE-2008-2762 | Xigla | SQL Injection vulnerability in Xigla Absolute Form Processor XE 4.0 SQL injection vulnerability in search.asp in Xigla Absolute Form Processor XE 4.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter. | 6.5 |
2008-06-18 | CVE-2008-2760 | Xigla | SQL Injection vulnerability in Xigla Absolute Banner Manager 2.0 SQL injection vulnerability in searchbanners.asp in Xigla Absolute Banner Manager XE 2.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter. | 6.5 |
2008-06-18 | CVE-2008-2757 | Xigla | SQL Injection vulnerability in Xigla Absolute News Manager XE 3.2 SQL injection vulnerability in search.asp in Xigla Absolute News Manager XE 3.2 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter. | 6.5 |
2008-06-16 | CVE-2008-2717 | Apache Typo3 | Permissions, Privileges, and Access Controls vulnerability in multiple products TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions. | 6.5 |
2008-06-19 | CVE-2008-2784 | Spamdyke | Permissions, Privileges, and Access Controls vulnerability in Spamdyke The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command. | 6.4 |
2008-06-19 | CVE-2008-2780 | Albinoloverats | Cryptographic Issues vulnerability in Albinoloverats Anubis Plugin The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file. | 6.4 |
2008-06-20 | CVE-2008-2666 | PHP | Path Traversal vulnerability in PHP Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function. | 5.0 |
2008-06-20 | CVE-2008-2665 | PHP | Path Traversal vulnerability in PHP 5.2.6 Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. | 5.0 |
2008-06-18 | CVE-2008-2771 | Drupal | Permissions, Privileges, and Access Controls vulnerability in Drupal and Node Hierarchy Module The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors. | 5.0 |
2008-06-18 | CVE-2008-2748 | Skulltag Team | Improper Input Validation vulnerability in Skulltag Team Skulltag Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a denial of service (daemon hang) via a series of long, malformed connect packets, related to these packets being "parsed multiple times." | 5.0 |
2008-06-16 | CVE-2008-2724 | Menalto | Permissions, Privileges, and Access Controls vulnerability in Menalto Gallery Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions. | 5.0 |
2008-06-16 | CVE-2008-2723 | Menalto | Information Exposure vulnerability in Menalto Gallery embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address." | 5.0 |
2008-06-16 | CVE-2008-2721 | Menalto | Information Exposure vulnerability in Menalto Gallery Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album. | 5.0 |
2008-06-16 | CVE-2008-2716 | Opera | Improper Restriction of Rendered UI Layers or Frames vulnerability in Opera Browser Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks. | 5.0 |
2008-06-16 | CVE-2008-2715 | Opera | Information Exposure vulnerability in Opera Browser Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns. | 5.0 |
2008-06-16 | CVE-2008-2714 | Opera | Multiple Security vulnerability in Opera Web Browser 9.27 Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced." | 5.0 |
2008-06-16 | CVE-2008-2713 | Clam Anti Virus | Resource Management Errors vulnerability in Clam Anti-Virus Clamav libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read. | 5.0 |
2008-06-16 | CVE-2008-2708 | SUN | Kernel Denial of Service vulnerability in Sun Solaris 10 and OpenSolaris Unspecified vulnerability in the Sun (1) UltraSPARC T2 and (2) UltraSPARC T2+ kernel modules in Sun Solaris 10, and OpenSolaris before snv_93, allows local users to cause a denial of service (panic) via unspecified vectors, probably related to core files. | 4.9 |
2008-06-16 | CVE-2008-2706 | SUN | Resource Management Errors vulnerability in SUN Solaris 10 Unspecified vulnerability in the event port implementation in Sun Solaris 10 allows local users to cause a denial of service (panic) by submitting and retrieving user-defined events, probably related to a NULL dereference. | 4.9 |
2008-06-16 | CVE-2008-2709 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM OS 400 V5R4M0/V5R4M5/V6R1M0 Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. | 4.7 |
2008-06-16 | CVE-2008-2366 | Redhat Openoffice | Configuration vulnerability in Openoffice 1.1 Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path. | 4.4 |
2008-06-20 | CVE-2008-2797 | Manageengine | Cross-Site Scripting vulnerability in Manageengine Oputils 5.0 Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. | 4.3 |
2008-06-20 | CVE-2008-2795 | IDM Computer Solutions INC | Path Traversal vulnerability in IDM Computer Solutions INC Ultraedit 14.00B Directory traversal vulnerability in the FTP and SFTP clients in IDM Computer Solutions Inc UltraEdit 14.00b allows remote FTP servers to create or overwrite arbitrary files via a .. | 4.3 |
2008-06-20 | CVE-2008-2788 | Opendocman | Cross-Site Scripting vulnerability in Opendocman 1.2.5 Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. | 4.3 |
2008-06-20 | CVE-2008-2787 | Opendocman | Cross-Site Scripting vulnerability in Opendocman 1.2.5 Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter. | 4.3 |
2008-06-19 | CVE-2008-2783 | Horde | Cross-Site Scripting vulnerability in Horde Groupware, Groupware Webmail Edition and Kronolith Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. | 4.3 |
2008-06-19 | CVE-2008-2777 | Luca Corbo | Cross-Site Scripting vulnerability in Luca Corbo Ortro Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-06-19 | CVE-2008-2776 | DT Centrepiece | Cross-Site Scripting vulnerability in DT Centrepiece DT Centrepiece 4.0 Cross-site scripting (XSS) vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter. | 4.3 |
2008-06-18 | CVE-2008-2773 | Drupal | Cross-Site Scripting vulnerability in Drupal Taxonomy Image Module 5/6 Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-06-18 | CVE-2008-2766 | Xigla | Cross-Site Scripting vulnerability in Xigla Absolute Image Gallery XE Cross-site scripting (XSS) vulnerability in Xigla Absolute Image Gallery XE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) admin/search.asp and (2) gallery.asp. | 4.3 |
2008-06-18 | CVE-2008-2759 | Xigla | Cross-Site Scripting vulnerability in Xigla Absolute Form Processor XE 4.0 Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showfields, (2) text, and (3) submissions parameters to search.asp and the (4) name parameter to users.asp. | 4.3 |
2008-06-18 | CVE-2008-2756 | Xigla | Cross-Site Scripting vulnerability in Xigla Absolute Control Panel XE 1.0 Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla Absolute Control Panel XE 1.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter and other unspecified parameters. | 4.3 |
2008-06-18 | CVE-2008-2751 | Oracle SUN | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, or (4) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (a) resourceNode/customResourceNew.jsf; the (5) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (6) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (7) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, (8) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiLookupProp:jndiLookup, or (9) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (b) resourceNode/externalResourceNew.jsf; the (10) propertyForm:propertySheet:propertSectionTextField:jndiProp:Jndi, (11) propertyForm:propertySheet:propertSectionTextField:nameProp:name, or (12) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (c) resourceNode/jmsDestinationNew.jsf; the (13) propertyForm:propertySheet:generalPropertySheet:jndiProp:Jndi or (14) propertyForm:propertySheet:generalPropertySheet:descProp:cd parameter to (d) resourceNode/jmsConnectionNew.jsf; the (15) propertyForm:propertySheet:propertSectionTextField:jndiProp:jnditext or (16) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (e) resourceNode/jdbcResourceNew.jsf; the (17) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:nameProp:name, (18) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:classNameProp:classname, or (19) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:loadOrderProp:loadOrder parameter to (f) applications/lifecycleModulesNew.jsf; or the (20) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:jndiProp:name, (21) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:resTypeProp:resType, or (22) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:dbProp:db parameter to (g) resourceNode/jdbcConnectionPoolNew1.jsf. | 4.3 |
2008-06-18 | CVE-2008-2640 | Adobe | Cross-Site Scripting vulnerability in Adobe Flex and Flex Builder Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/. | 4.3 |
2008-06-18 | CVE-2008-0925 | Novell | Cross-Site Scripting vulnerability in Novell Edirectory Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack." | 4.3 |
2008-06-17 | CVE-2008-2744 | Vbulletin | Cross-Site Scripting vulnerability in Vbulletin 3.6.10/3.7.1 Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors and an "obscure method." NOTE: the vector is probably in the redirect parameter to the Admin Control Panel (admincp/index.php). | 4.3 |
2008-06-17 | CVE-2008-2743 | Xerox | Cross-Site Scripting vulnerability in Xerox 4110, Xerox 4590 and Xerox 4595 Cross-site scripting (XSS) vulnerability in the embedded web server in Xerox 4110, 4590, and 4595 Copier/Printers allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 4.3 |
2008-06-16 | CVE-2008-2720 | Menalto | Cross-Site Scripting vulnerability in Menalto Gallery Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) host and (2) path components of a URL. | 4.3 |
2008-06-16 | CVE-2008-2718 | Typo3 | Cross-Site Scripting vulnerability in Typo3 Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-06-16 | CVE-2008-2711 | Fetchmail | Improper Input Validation vulnerability in Fetchmail fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages. | 4.3 |
2008-06-16 | CVE-2008-0071 | Bittorrent Utorrent | Improper Input Validation vulnerability in multiple products The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header. | 4.3 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-06-18 | CVE-2008-2768 | Xigla | Cross-Site Scripting vulnerability in Xigla Absolute Poll Manager XE Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors ("all fields"). | 3.5 |
2008-06-18 | CVE-2008-2764 | Xigla | Cross-Site Scripting vulnerability in Xigla Absolute Live Support XE 5.1 Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors ("all fields"). | 3.5 |
2008-06-18 | CVE-2008-2761 | Xigla | Cross-Site Scripting vulnerability in Xigla Absolute Banner Manager 2.0 Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in (1) searchbanners.asp and (2) listadvertisers.asp, and other unspecified fields. | 3.5 |
2008-06-18 | CVE-2008-2758 | Xigla | Cross-Site Scripting vulnerability in Xigla Absolute News Manager XE 3.2 Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parameter to (b) admin/publishers.asp, and other unspecified vectors to (c) anmviewer.asp and (d) editarticleX.asp in admin/. | 3.5 |
2008-06-18 | CVE-2008-2747 | Microsoft NO IP | Information Exposure vulnerability in No-Ip Dynamic Update Client 2.2.1 No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values. | 2.1 |