Weekly Vulnerabilities Reports > June 23 to 29, 2008
Overview
99 new vulnerabilities reported during this period, including 21 critical vulnerabilities and 47 high severity vulnerabilities. This weekly summary report vulnerabilities in 93 products from 84 vendors including Canonical, Microsoft, Ruby Lang, Debian, and Elinestudio. Vulnerabilities are notably categorized as "SQL Injection", "Path Traversal", "Cross-site Scripting", "Code Injection", and "Permissions, Privileges, and Access Controls".
- 96 reported vulnerabilities are remotely exploitables.
- 62 reported vulnerabilities have public exploit available.
- 62 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 98 reported vulnerabilities are exploitable by an anonymous user.
- Canonical has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
21 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-06-27 | CVE-2008-2899 | J00Lean CMS | Remote vulnerability in J00Lean-Cms 1.03 Unspecified vulnerability in includes/classes/page.php in j00lean-CMS 1.03 has unknown impact and attack vectors. | 10.0 |
2008-06-27 | CVE-2008-2888 | Migcms | Code Injection vulnerability in Migcms 2.0.5 Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[application][app_root] parameter to (1) collection.class.php and (2) content_image.class.php in lib/obj/. | 10.0 |
2008-06-25 | CVE-2008-2851 | Offsystem | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Offsystem Multiple buffer overflows in OFF System before 0.19.14 allow remote attackers to have an unknown impact via unspecified vectors related to "parsing of http headers." | 10.0 |
2008-06-25 | CVE-2008-2641 | Adobe | Remote Code Execution vulnerability in Adobe Acrobat 3D and Acrobat Reader Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method." | 10.0 |
2008-06-24 | CVE-2008-2833 | Worldlevel | Improper Authentication vulnerability in Worldlevel Le.Cms admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters. | 10.0 |
2008-06-24 | CVE-2008-2832 | Fullrevolution | Code Injection vulnerability in Fullrevolution Aspwebcalendar2008 Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/. | 10.0 |
2008-06-24 | CVE-2008-2663 | Ruby Lang Debian Canonical | Integer Overflow OR Wraparound vulnerability in multiple products Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. | 10.0 |
2008-06-24 | CVE-2008-2662 | Ruby Lang Debian Canonical | Numeric Errors vulnerability in multiple products Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. | 10.0 |
2008-06-23 | CVE-2008-2828 | Tmsnc | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tmsnc Stack-based buffer overflow in tmsnc allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an MSN packet with a UBX command containing a large UBX payload length field. | 10.0 |
2008-06-23 | CVE-2008-2824 | Xerox | Permissions, Privileges, and Access Controls vulnerability in Xerox Workcentre 7655/7665/7675 Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors. | 10.0 |
2008-06-27 | CVE-2008-2898 | Hedgehog CMS | Path Traversal vulnerability in Hedgehog-Cms 1.21 Directory traversal vulnerability in includes/header.php in Hedgehog-CMS 1.21 allows remote attackers to include and execute arbitrary local files via a .. | 9.3 |
2008-06-27 | CVE-2008-2894 | NCH Software | Path Traversal vulnerability in NCH Software NCH Software Classic FTP 1.02 Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. | 9.3 |
2008-06-27 | CVE-2008-2886 | Jamroom | Code Injection vulnerability in Jamroom PHP remote file inclusion vulnerability in include/plugins/jrBrowser/purchase.php in Jamroom 3.3.0 through 3.3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter. | 9.3 |
2008-06-27 | CVE-2008-2885 | Odars | Code Injection vulnerability in Odars 1.0.2 PHP remote file inclusion vulnerability in src/browser/resource/categories/resource_categories_view.php in Open Digital Assets Repository System (ODARS) 1.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CLASSES_ROOT parameter. | 9.3 |
2008-06-27 | CVE-2008-2884 | RSS Aggregator | Code Injection vulnerability in RSS Aggregator RSS Aggregator PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | 9.3 |
2008-06-26 | CVE-2008-2880 | IBM | Buffer Errors vulnerability in IBM AFP Viewer Plug-In 2.0.7.1/3.2.1.1 Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and 3.2.1.1 allows remote attackers to execute arbitrary code via a long SRC property value. | 9.3 |
2008-06-24 | CVE-2008-2427 | Pagesperso Orange Microsoft Freebsd Redhat | Buffer Errors vulnerability in Pagesperso-Orange GFL Sdk, Nconvert and Xnview Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file. | 9.3 |
2008-06-23 | CVE-2008-2307 | Apple Microsoft | Resource Management Errors vulnerability in Apple Safari Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. | 9.3 |
2008-06-23 | CVE-2008-2306 | Microsoft Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. | 9.3 |
2008-06-23 | CVE-2008-2822 | 3Dftp | Path Traversal vulnerability in 3Dftp 3D-Ftp Client 8.01 Multiple directory traversal vulnerabilities in the FTP client in 3D-FTP Client 8.01 (8.0 build 1) allow remote FTP servers to create or overwrite arbitrary files via a .. | 9.3 |
2008-06-23 | CVE-2008-2821 | Microsoft Glub | Path Traversal vulnerability in Glub Secure FTP Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345. | 9.3 |
47 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-06-26 | CVE-2008-2061 | Cisco | Improper Input Validation vulnerability in Cisco Unified Communications Manager The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748. | 7.8 |
2008-06-24 | CVE-2008-2726 | Ruby Lang Debian Canonical | Numeric Errors vulnerability in multiple products Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. | 7.8 |
2008-06-24 | CVE-2008-2725 | Ruby Lang Debian Canonical | Numeric Errors vulnerability in multiple products Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. | 7.8 |
2008-06-24 | CVE-2008-2664 | Ruby Lang Debian Canonical | Resource Management Errors vulnerability in multiple products The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. | 7.8 |
2008-06-27 | CVE-2008-2900 | Phpauction | SQL Injection vulnerability in PHPauction 3.2 SQL injection vulnerability in item.php in PHPAuction 3.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-06-27 | CVE-2008-2897 | Pagesquid | SQL Injection vulnerability in Pagesquid CMS 0.3 SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
2008-06-27 | CVE-2008-2896 | Getfireant | Path Traversal vulnerability in Getfireant Fireant 1.3 Directory traversal vulnerability in index.php in FireAnt 1.3 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-06-27 | CVE-2008-2895 | Aprox | Path Traversal vulnerability in Aprox Aproxengine 5.1.0.4 Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-06-27 | CVE-2008-2893 | Ajhyip | SQL Injection vulnerability in Ajhyip AJ Square Aj-Hyip SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-2532. | 7.5 |
2008-06-27 | CVE-2008-2892 | Feellove Joomla | SQL Injection vulnerability in multiple products SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php. | 7.5 |
2008-06-27 | CVE-2008-2891 | Emusoft | SQL Injection vulnerability in Emusoft Emucms 0.3 SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a category action. | 7.5 |
2008-06-27 | CVE-2008-2890 | Offl | SQL Injection vulnerability in Offl Online Fantasy Football League 0.2.6 Multiple SQL injection vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fflteam_id parameter to teams.php, the (2) league_id parameter to leagues.php, and the (3) player_id parameter to players.php. | 7.5 |
2008-06-26 | CVE-2008-2883 | Jamroom | Code Injection vulnerability in Jamroom PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter. | 7.5 |
2008-06-26 | CVE-2008-2882 | Aspindir | Permissions, Privileges, and Access Controls vulnerability in Aspindir Shibby Shop upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request. | 7.5 |
2008-06-26 | CVE-2008-2876 | Munky | Path Traversal vulnerability in Munky 0.0.1 Directory traversal vulnerability in index.php in mUnky 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-06-26 | CVE-2008-2875 | Webdevindo CMS | SQL Injection vulnerability in Webdevindo-Cms 1.0.0 SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 allows remote attackers to execute arbitrary SQL commands via the hal parameter. | 7.5 |
2008-06-26 | CVE-2008-2874 | Softbizscripts | SQL Injection vulnerability in Softbizscripts Softbiz Jokes and Funny Pics Script SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbjoke_id parameter, a different vector than CVE-2008-1050. | 7.5 |
2008-06-26 | CVE-2008-2872 | Aspindir | SQL Injection vulnerability in Aspindir Shibby Shop SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter. | 7.5 |
2008-06-26 | CVE-2008-2870 | Sharecms | SQL Injection vulnerability in Sharecms 0.1 Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow remote attackers to execute arbitrary SQL commands via the (1) eventID parameter to event_info.php and the (2) userID parameter to list_user.php. | 7.5 |
2008-06-26 | CVE-2008-2869 | E Topbiz | SQL Injection vulnerability in E-Topbiz Link ADS 1 SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. | 7.5 |
2008-06-26 | CVE-2008-2868 | Duware | SQL Injection vulnerability in Duware Ducalendar SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter. | 7.5 |
2008-06-26 | CVE-2008-2867 | E Topbiz | SQL Injection vulnerability in E-Topbiz Viral DX 1 2.07 SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter. | 7.5 |
2008-06-25 | CVE-2008-2866 | Caupo NET | SQL Injection vulnerability in Caupo.Net Cauposhop Classic 1.3 SQL injection vulnerability in csc_article_details.php in Caupo.net CaupoShop Classic 1.3 allows remote attackers to execute arbitrary SQL commands via the saArticle[ID] parameter. | 7.5 |
2008-06-25 | CVE-2008-2865 | Kalptaru Infotech | SQL Injection vulnerability in Kalptaru Infotech PHP Site Lock 2.0 SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site Lock 2.0 allows remote attackers to execute arbitrary SQL commands via the articleid parameter in a show_article action. | 7.5 |
2008-06-25 | CVE-2008-2863 | Elinestudio | Path Traversal vulnerability in Elinestudio Site Composer Multiple absolute path traversal vulnerabilities in eLineStudio Site Composer (ESC) 2.6 allow remote attackers to create or delete arbitrary directories via a full pathname in the inpCurrFolder parameter to (1) folderdel_.asp or (2) foldernew.asp in cms/assetmanager/. | 7.5 |
2008-06-25 | CVE-2008-2862 | Elinestudio | SQL Injection vulnerability in Elinestudio Site Composer Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp. | 7.5 |
2008-06-25 | CVE-2008-2860 | AJ Square | SQL Injection vulnerability in AJ Square AJ Auction Web2.0 SQL injection vulnerability in category.php in AJSquare AJ Auction Pro web 2.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. | 7.5 |
2008-06-25 | CVE-2008-2856 | Ownrs | SQL Injection vulnerability in Ownrs Beta3 SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-06-25 | CVE-2008-2854 | Orlando CMS | Code Injection vulnerability in Orlando CMS Orlando CMS 0.6 Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[preloc] parameter to (1) modules/core/logger/init.php and (2) AJAX/newscat.php. | 7.5 |
2008-06-25 | CVE-2008-2853 | Easy Webstore | SQL Injection vulnerability in Easy Webstore Easy Webstore 1.2 SQL injection vulnerability in index.php in Easy Webstore 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_path parameter. | 7.5 |
2008-06-25 | CVE-2008-2850 | Drupal | SQL Injection vulnerability in Drupal Trailscout Module SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API. | 7.5 |
2008-06-25 | CVE-2008-2847 | Softdivision | SQL Injection vulnerability in Softdivision Maxtrade AOI 1.3.23 SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 allows remote attackers to execute arbitrary SQL commands via the categori parameter in a pocategorisell action to modules.php. | 7.5 |
2008-06-25 | CVE-2008-2846 | Boatscripts | SQL Injection vulnerability in Boatscripts Classifieds SQL injection vulnerability in index.php in BoatScripts Classifieds allows remote attackers to execute arbitrary SQL commands via the type parameter. | 7.5 |
2008-06-25 | CVE-2008-2845 | Mybizz Classifieds | SQL Injection vulnerability in Mybizz-Classifieds SQL injection vulnerability in index.php in MyBizz-Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2008-06-25 | CVE-2008-2844 | Carscripts | SQL Injection vulnerability in Carscripts Classifieds SQL injection vulnerability in index.php in Carscripts Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2008-06-25 | CVE-2008-2843 | Doitlive | SQL Injection vulnerability in Doitlive CMS Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp. | 7.5 |
2008-06-24 | CVE-2008-2837 | CMS Brdconcept | SQL Injection vulnerability in Cms.Brdconcept Cms-Brd SQL injection vulnerability in index.php in CMS-BRD allows remote attackers to execute arbitrary SQL commands via the menuclick parameter. | 7.5 |
2008-06-24 | CVE-2008-2836 | K5N | Code Injection vulnerability in K5N Webcalendar 1.0.4 PHP remote file inclusion vulnerability in send_reminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter and a 0 value for the noSet parameter, a different vector than CVE-2007-1483. | 7.5 |
2008-06-24 | CVE-2008-2835 | Igsuite | SQL Injection vulnerability in Igsuite 3.2.4 SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows remote attackers to execute arbitrary SQL commands via the formid parameter. | 7.5 |
2008-06-24 | CVE-2008-2834 | Sidb | SQL Injection vulnerability in Sidb Scientific Image Database 0.41 SQL injection vulnerability in projects.php in Scientific Image DataBase 0.41 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-06-23 | CVE-2008-2823 | Phpeasynews | SQL Injection vulnerability in PHPeasynews PHPeasyblog SQL injection vulnerability in newsarchive.php in PHPeasyblog (formerly phpeasynews) 1.13 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter. | 7.5 |
2008-06-23 | CVE-2008-2819 | Blognplus | SQL Injection vulnerability in Blognplus SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and earlier MySQL and PostgreSQL editions allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2008-06-23 | CVE-2008-2818 | Easy Clanpage | Path Traversal vulnerability in Easy-Clanpage 3.0B1 Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-06-23 | CVE-2008-2817 | Nitropowered | SQL Injection vulnerability in Nitropowered Nitro web Gallery SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action. | 7.5 |
2008-06-23 | CVE-2008-2816 | O2Php | SQL Injection vulnerability in O2PHP Oxygen 2.0 SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin Board) 2.0 allows remote attackers to execute arbitrary SQL commands via the repquote parameter in a reply action, a different vector than CVE-2006-1572. | 7.5 |
2008-06-23 | CVE-2008-2815 | Mymarket | SQL Injection vulnerability in Mymarket 1.72 SQL injection vulnerability in shopping/index.php in MyMarket 1.72 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-06-23 | CVE-2008-2830 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.4/10.5 Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent. | 7.2 |
29 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-06-27 | CVE-2008-2889 | Wise FTP | Path Traversal vulnerability in Wise-Ftp 4.1.0/5.5.8 Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP 4.1.0 and 5.5.8 allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345. | 6.8 |
2008-06-27 | CVE-2008-2887 | Chaozzatwork | Path Traversal vulnerability in Chaozzatwork Fubarforum 1.5 Directory traversal vulnerability in index.php in chaozz@work FubarForum 1.5 allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2008-06-26 | CVE-2008-2877 | Cmsworks | Code Injection vulnerability in Cmsworks 2.2 PHP remote file inclusion vulnerability in admin/include/lib.module.php in cmsWorks 2.2 RC4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter. | 6.8 |
2008-06-25 | CVE-2008-2858 | Webchamado | SQL Injection vulnerability in Webchamado 1.1 SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter. | 6.8 |
2008-06-24 | CVE-2008-2841 | Microsoft Xchat | Code Injection vulnerability in multiple products Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI. | 6.8 |
2008-06-24 | CVE-2008-2840 | Exerocms | Path Traversal vulnerability in Exerocms Exero CMS 1.0.0/1.0.1 Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2008-06-23 | CVE-2008-2813 | Shoutcastadmin | Path Traversal vulnerability in Shoutcastadmin Wallcity-Server Shoutcast Admin Panel 2.0 Directory traversal vulnerability in index.php in WallCity-Server Shoutcast Admin Panel 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2008-06-26 | CVE-2008-2879 | Benjacms | Improper Authentication vulnerability in Benjacms Benja CMS 0.1 Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers to add or delete a menu. | 6.4 |
2008-06-26 | CVE-2008-2878 | Yektaweb | Input Validation vulnerability in Academic Web Tools CMS 1.4.2.8 Open redirect vulnerability in rss_getfile.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter. | 6.4 |
2008-06-23 | CVE-2008-2820 | Azimyt | Path Traversal vulnerability in Azimyt Open Azimyt CMS 0.21Stable/0.22Minimal Directory traversal vulnerability in lang/lang-system.php in Open Azimyt CMS 0.22 minimal and 0.21 stable allows remote attackers to include and execute arbitrary local files via a .. | 6.4 |
2008-06-26 | CVE-2008-2881 | Relative Real Estate Systems | Information Exposure vulnerability in Relative Real Estate Systems Relative Real Estate Systems Relative Real Estate Systems 3.0 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | 5.0 |
2008-06-26 | CVE-2008-2873 | Aspindir | Permissions, Privileges, and Access Controls vulnerability in Aspindir Shibby Shop sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb. | 5.0 |
2008-06-26 | CVE-2008-2730 | Cisco | Improper Authentication vulnerability in Cisco Unified Communications Manager 5.1/6.1 The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843. | 5.0 |
2008-06-26 | CVE-2008-2062 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Manager The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151. | 5.0 |
2008-06-25 | CVE-2008-2864 | Elinestudio | Information Exposure vulnerability in Elinestudio Site Composer 2.5 eLineStudio Site Composer (ESC) 2.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) trigger.asp or (2) common2.asp in cms/include/, which reveals the database path. | 5.0 |
2008-06-25 | CVE-2008-2859 | Netwin | Denial of Service vulnerability in SurgeMail IMAP Command Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command." | 5.0 |
2008-06-25 | CVE-2008-2857 | Alstrasoft | Credentials Management vulnerability in Alstrasoft Askme AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | 5.0 |
2008-06-24 | CVE-2008-2838 | Traindepot | Path Traversal vulnerability in Traindepot 0.1 Directory traversal vulnerability in index.php in Traindepot 0.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
2008-06-23 | CVE-2008-2829 | PHP Canonical | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function. | 5.0 |
2008-06-23 | CVE-2008-2827 | Perl | Permissions, Privileges, and Access Controls vulnerability in Perl 5.10 The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452. | 4.6 |
2008-06-26 | CVE-2008-2871 | Pegames | Cross-Site Scripting vulnerability in Pegames Multiple cross-site scripting (XSS) vulnerabilities in template2.php in PEGames allow remote attackers to inject arbitrary web script or HTML via the (1) sitetitle, (2) sitenav, (3) sitemain, and (4) sitealt parameters. | 4.3 |
2008-06-25 | CVE-2008-2861 | Elinestudio | Cross-Site Scripting vulnerability in Elinestudio Site Composer 2.5 Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail parameters to login.asp. | 4.3 |
2008-06-25 | CVE-2008-2855 | Ownrs | Cross-Site Scripting vulnerability in Ownrs Beta3 Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2008-06-25 | CVE-2008-2852 | Nathan Neulinger | Cross-Site Scripting vulnerability in Nathan Neulinger Cgiwrap Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when an Internet Explorer based browser is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to failure to set the charset in error messages. | 4.3 |
2008-06-25 | CVE-2008-2848 | Mindtouch | Cross-Site Scripting vulnerability in Mindtouch Dekiwiki Cross-site scripting (XSS) vulnerability in the search functionality in MindTouch DekiWiki before 8.05.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-06-25 | CVE-2008-2842 | Doitlive | Cross-Site Scripting vulnerability in Doitlive CMS Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doITLive CMS 2.50 and earlier allows remote attackers to inject arbitrary web script or HTML via the FILE parameter. | 4.3 |
2008-06-24 | CVE-2008-2839 | Traindepot | Cross-Site Scripting vulnerability in Traindepot 0.1 Cross-site scripting (XSS) vulnerability in the search module in Traindepot 0.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to index.php. | 4.3 |
2008-06-23 | CVE-2008-2825 | Xerox | Cross-Site Scripting vulnerability in Xerox Workcentre M123/M128/M133 Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-06-23 | CVE-2008-2814 | Shoutcastadmin | Cross-Site Scripting vulnerability in Shoutcastadmin Wallcity-Server Shoutcast Admin Panel 2.0 Cross-site scripting (XSS) vulnerability in WallCity-Server Shoutcast Admin Panel 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter to the login interface. | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-06-25 | CVE-2008-2849 | Drupal | Cross-Site Scripting vulnerability in Drupal Trailscout Module 5 Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2008-06-23 | CVE-2008-1952 | Xensource | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xensource XEN Para Virtualized Frame Buffer The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amount of guest memory. | 2.1 |