Weekly Vulnerabilities Reports > June 23 to 29, 2008

Overview

100 new vulnerabilities reported during this period, including 21 critical vulnerabilities and 47 high severity vulnerabilities. This weekly summary report vulnerabilities in 94 products from 84 vendors including Canonical, Microsoft, Debian, Ruby Lang, and Elinestudio. Vulnerabilities are notably categorized as "SQL Injection", "Path Traversal", "Cross-site Scripting", "Code Injection", and "Permissions, Privileges, and Access Controls".

  • 96 reported vulnerabilities are remotely exploitables.
  • 62 reported vulnerabilities have public exploit available.
  • 62 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 99 reported vulnerabilities are exploitable by an anonymous user.
  • Canonical has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

21 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-06-27 CVE-2008-2899 J00Lean CMS Remote vulnerability in J00Lean-Cms 1.03

Unspecified vulnerability in includes/classes/page.php in j00lean-CMS 1.03 has unknown impact and attack vectors.

10.0
2008-06-27 CVE-2008-2888 Migcms Code Injection vulnerability in Migcms 2.0.5

Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[application][app_root] parameter to (1) collection.class.php and (2) content_image.class.php in lib/obj/.

10.0
2008-06-25 CVE-2008-2851 Offsystem Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Offsystem

Multiple buffer overflows in OFF System before 0.19.14 allow remote attackers to have an unknown impact via unspecified vectors related to "parsing of http headers."

10.0
2008-06-25 CVE-2008-2641 Adobe Remote Code Execution vulnerability in Adobe Acrobat 3D and Acrobat Reader

Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."

10.0
2008-06-24 CVE-2008-2833 Worldlevel Improper Authentication vulnerability in Worldlevel Le.Cms

admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters.

10.0
2008-06-24 CVE-2008-2832 Fullrevolution Code Injection vulnerability in Fullrevolution Aspwebcalendar2008

Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/.

10.0
2008-06-24 CVE-2008-2663 Ruby Lang
Debian
Canonical
Integer Overflow OR Wraparound vulnerability in multiple products

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725.

10.0
2008-06-24 CVE-2008-2662 Ruby Lang
Debian
Canonical
Numeric Errors vulnerability in multiple products

Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725.

10.0
2008-06-23 CVE-2008-2828 Tmsnc Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tmsnc

Stack-based buffer overflow in tmsnc allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an MSN packet with a UBX command containing a large UBX payload length field.

10.0
2008-06-23 CVE-2008-2824 Xerox Permissions, Privileges, and Access Controls vulnerability in Xerox Workcentre 7655/7665/7675

Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors.

10.0
2008-06-27 CVE-2008-2898 Hedgehog CMS Path Traversal vulnerability in Hedgehog-Cms 1.21

Directory traversal vulnerability in includes/header.php in Hedgehog-CMS 1.21 allows remote attackers to include and execute arbitrary local files via a ..

9.3
2008-06-27 CVE-2008-2894 NCH Software Path Traversal vulnerability in NCH Software NCH Software Classic FTP 1.02

Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a ..

9.3
2008-06-27 CVE-2008-2886 Jamroom Code Injection vulnerability in Jamroom

PHP remote file inclusion vulnerability in include/plugins/jrBrowser/purchase.php in Jamroom 3.3.0 through 3.3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter.

9.3
2008-06-27 CVE-2008-2885 Odars Code Injection vulnerability in Odars 1.0.2

PHP remote file inclusion vulnerability in src/browser/resource/categories/resource_categories_view.php in Open Digital Assets Repository System (ODARS) 1.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CLASSES_ROOT parameter.

9.3
2008-06-27 CVE-2008-2884 RSS Aggregator Code Injection vulnerability in RSS Aggregator RSS Aggregator

PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

9.3
2008-06-26 CVE-2008-2880 IBM Buffer Errors vulnerability in IBM AFP Viewer Plug-In 2.0.7.1/3.2.1.1

Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and 3.2.1.1 allows remote attackers to execute arbitrary code via a long SRC property value.

9.3
2008-06-24 CVE-2008-2427 Pagesperso Orange
Microsoft
Freebsd
Redhat
Buffer Errors vulnerability in Pagesperso-Orange GFL Sdk, Nconvert and Xnview

Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file.

9.3
2008-06-23 CVE-2008-2307 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari

Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.

9.3
2008-06-23 CVE-2008-2306 Microsoft
Apple
Permissions, Privileges, and Access Controls vulnerability in Apple Safari

Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files.

9.3
2008-06-23 CVE-2008-2822 3Dftp Path Traversal vulnerability in 3Dftp 3D-Ftp Client 8.01

Multiple directory traversal vulnerabilities in the FTP client in 3D-FTP Client 8.01 (8.0 build 1) allow remote FTP servers to create or overwrite arbitrary files via a ..

9.3
2008-06-23 CVE-2008-2821 Microsoft
Glub
Path Traversal vulnerability in Glub Secure FTP

Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.

9.3

47 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-06-26 CVE-2008-2061 Cisco Improper Input Validation vulnerability in Cisco Unified Communications Manager

The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748.

7.8
2008-06-24 CVE-2008-2726 Ruby Lang
Debian
Canonical
Numeric Errors vulnerability in multiple products

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue.

7.8
2008-06-24 CVE-2008-2725 Ruby Lang
Debian
Canonical
Numeric Errors vulnerability in multiple products

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664.

7.8
2008-06-24 CVE-2008-2664 Ruby Lang
Debian
Canonical
Resource Management Errors vulnerability in multiple products

The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725.

7.8
2008-06-27 CVE-2008-2900 Phpauction SQL Injection vulnerability in PHPauction 3.2

SQL injection vulnerability in item.php in PHPAuction 3.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-06-27 CVE-2008-2897 Pagesquid SQL Injection vulnerability in Pagesquid CMS 0.3

SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2008-06-27 CVE-2008-2896 Getfireant Path Traversal vulnerability in Getfireant Fireant 1.3

Directory traversal vulnerability in index.php in FireAnt 1.3 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-06-27 CVE-2008-2895 Aprox Path Traversal vulnerability in Aprox Aproxengine 5.1.0.4

Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-06-27 CVE-2008-2893 Ajhyip SQL Injection vulnerability in Ajhyip AJ Square Aj-Hyip

SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-2532.

7.5
2008-06-27 CVE-2008-2892 Feellove
Joomla
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.

7.5
2008-06-27 CVE-2008-2891 Emusoft SQL Injection vulnerability in Emusoft Emucms 0.3

SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a category action.

7.5
2008-06-27 CVE-2008-2890 Offl SQL Injection vulnerability in Offl Online Fantasy Football League 0.2.6

Multiple SQL injection vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fflteam_id parameter to teams.php, the (2) league_id parameter to leagues.php, and the (3) player_id parameter to players.php.

7.5
2008-06-26 CVE-2008-2883 Jamroom Code Injection vulnerability in Jamroom

PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter.

7.5
2008-06-26 CVE-2008-2882 Aspindir Permissions, Privileges, and Access Controls vulnerability in Aspindir Shibby Shop

upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.

7.5
2008-06-26 CVE-2008-2876 Munky Path Traversal vulnerability in Munky 0.0.1

Directory traversal vulnerability in index.php in mUnky 0.0.1 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-06-26 CVE-2008-2875 Webdevindo CMS SQL Injection vulnerability in Webdevindo-Cms 1.0.0

SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 allows remote attackers to execute arbitrary SQL commands via the hal parameter.

7.5
2008-06-26 CVE-2008-2874 Softbizscripts SQL Injection vulnerability in Softbizscripts Softbiz Jokes and Funny Pics Script

SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbjoke_id parameter, a different vector than CVE-2008-1050.

7.5
2008-06-26 CVE-2008-2872 Aspindir SQL Injection vulnerability in Aspindir Shibby Shop

SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.

7.5
2008-06-26 CVE-2008-2870 Sharecms SQL Injection vulnerability in Sharecms 0.1

Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow remote attackers to execute arbitrary SQL commands via the (1) eventID parameter to event_info.php and the (2) userID parameter to list_user.php.

7.5
2008-06-26 CVE-2008-2869 E Topbiz SQL Injection vulnerability in E-Topbiz Link ADS 1

SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows remote attackers to execute arbitrary SQL commands via the linkid parameter.

7.5
2008-06-26 CVE-2008-2868 Duware SQL Injection vulnerability in Duware Ducalendar

SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter.

7.5
2008-06-26 CVE-2008-2867 E Topbiz SQL Injection vulnerability in E-Topbiz Viral DX 1 2.07

SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter.

7.5
2008-06-25 CVE-2008-2866 Caupo NET SQL Injection vulnerability in Caupo.Net Cauposhop Classic 1.3

SQL injection vulnerability in csc_article_details.php in Caupo.net CaupoShop Classic 1.3 allows remote attackers to execute arbitrary SQL commands via the saArticle[ID] parameter.

7.5
2008-06-25 CVE-2008-2865 Kalptaru Infotech SQL Injection vulnerability in Kalptaru Infotech PHP Site Lock 2.0

SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site Lock 2.0 allows remote attackers to execute arbitrary SQL commands via the articleid parameter in a show_article action.

7.5
2008-06-25 CVE-2008-2863 Elinestudio Path Traversal vulnerability in Elinestudio Site Composer

Multiple absolute path traversal vulnerabilities in eLineStudio Site Composer (ESC) 2.6 allow remote attackers to create or delete arbitrary directories via a full pathname in the inpCurrFolder parameter to (1) folderdel_.asp or (2) foldernew.asp in cms/assetmanager/.

7.5
2008-06-25 CVE-2008-2862 Elinestudio SQL Injection vulnerability in Elinestudio Site Composer

Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp.

7.5
2008-06-25 CVE-2008-2860 AJ Square SQL Injection vulnerability in AJ Square AJ Auction Web2.0

SQL injection vulnerability in category.php in AJSquare AJ Auction Pro web 2.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.

7.5
2008-06-25 CVE-2008-2856 Ownrs SQL Injection vulnerability in Ownrs Beta3

SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-06-25 CVE-2008-2854 Orlando CMS Code Injection vulnerability in Orlando CMS Orlando CMS 0.6

Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[preloc] parameter to (1) modules/core/logger/init.php and (2) AJAX/newscat.php.

7.5
2008-06-25 CVE-2008-2853 Easy Webstore SQL Injection vulnerability in Easy Webstore Easy Webstore 1.2

SQL injection vulnerability in index.php in Easy Webstore 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_path parameter.

7.5
2008-06-25 CVE-2008-2850 Drupal SQL Injection vulnerability in Drupal Trailscout Module

SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API.

7.5
2008-06-25 CVE-2008-2847 Softdivision SQL Injection vulnerability in Softdivision Maxtrade AOI 1.3.23

SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 allows remote attackers to execute arbitrary SQL commands via the categori parameter in a pocategorisell action to modules.php.

7.5
2008-06-25 CVE-2008-2846 Boatscripts SQL Injection vulnerability in Boatscripts Classifieds

SQL injection vulnerability in index.php in BoatScripts Classifieds allows remote attackers to execute arbitrary SQL commands via the type parameter.

7.5
2008-06-25 CVE-2008-2845 Mybizz Classifieds SQL Injection vulnerability in Mybizz-Classifieds

SQL injection vulnerability in index.php in MyBizz-Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2008-06-25 CVE-2008-2844 Carscripts SQL Injection vulnerability in Carscripts Classifieds

SQL injection vulnerability in index.php in Carscripts Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2008-06-25 CVE-2008-2843 Doitlive SQL Injection vulnerability in Doitlive CMS

Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp.

7.5
2008-06-24 CVE-2008-2837 CMS Brdconcept SQL Injection vulnerability in Cms.Brdconcept Cms-Brd

SQL injection vulnerability in index.php in CMS-BRD allows remote attackers to execute arbitrary SQL commands via the menuclick parameter.

7.5
2008-06-24 CVE-2008-2836 K5N Code Injection vulnerability in K5N Webcalendar 1.0.4

PHP remote file inclusion vulnerability in send_reminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter and a 0 value for the noSet parameter, a different vector than CVE-2007-1483.

7.5
2008-06-24 CVE-2008-2835 Igsuite SQL Injection vulnerability in Igsuite 3.2.4

SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows remote attackers to execute arbitrary SQL commands via the formid parameter.

7.5
2008-06-24 CVE-2008-2834 Sidb SQL Injection vulnerability in Sidb Scientific Image Database 0.41

SQL injection vulnerability in projects.php in Scientific Image DataBase 0.41 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-06-23 CVE-2008-2823 Phpeasynews SQL Injection vulnerability in PHPeasynews PHPeasyblog

SQL injection vulnerability in newsarchive.php in PHPeasyblog (formerly phpeasynews) 1.13 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.

7.5
2008-06-23 CVE-2008-2819 Blognplus SQL Injection vulnerability in Blognplus

SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and earlier MySQL and PostgreSQL editions allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-06-23 CVE-2008-2818 Easy Clanpage Path Traversal vulnerability in Easy-Clanpage 3.0B1

Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-06-23 CVE-2008-2817 Nitropowered SQL Injection vulnerability in Nitropowered Nitro web Gallery

SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action.

7.5
2008-06-23 CVE-2008-2816 O2Php SQL Injection vulnerability in O2PHP Oxygen 2.0

SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin Board) 2.0 allows remote attackers to execute arbitrary SQL commands via the repquote parameter in a reply action, a different vector than CVE-2006-1572.

7.5
2008-06-23 CVE-2008-2815 Mymarket SQL Injection vulnerability in Mymarket 1.72

SQL injection vulnerability in shopping/index.php in MyMarket 1.72 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-06-23 CVE-2008-2830 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.4/10.5

Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent.

7.2

30 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-06-27 CVE-2008-2889 Wise FTP Path Traversal vulnerability in Wise-Ftp 4.1.0/5.5.8

Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP 4.1.0 and 5.5.8 allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.

6.8
2008-06-27 CVE-2008-2887 Chaozzatwork Path Traversal vulnerability in Chaozzatwork Fubarforum 1.5

Directory traversal vulnerability in index.php in [email protected] FubarForum 1.5 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-06-26 CVE-2008-2877 Cmsworks Code Injection vulnerability in Cmsworks 2.2

PHP remote file inclusion vulnerability in admin/include/lib.module.php in cmsWorks 2.2 RC4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter.

6.8
2008-06-25 CVE-2008-2858 Webchamado SQL Injection vulnerability in Webchamado 1.1

SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter.

6.8
2008-06-24 CVE-2008-2841 Microsoft
Xchat
Code Injection vulnerability in multiple products

Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.

6.8
2008-06-24 CVE-2008-2840 Exerocms Path Traversal vulnerability in Exerocms Exero CMS 1.0.0/1.0.1

Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a ..

6.8
2008-06-23 CVE-2008-2813 Shoutcastadmin Path Traversal vulnerability in Shoutcastadmin Wallcity-Server Shoutcast Admin Panel 2.0

Directory traversal vulnerability in index.php in WallCity-Server Shoutcast Admin Panel 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-06-26 CVE-2008-2879 Benjacms Improper Authentication vulnerability in Benjacms Benja CMS 0.1

Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers to add or delete a menu.

6.4
2008-06-26 CVE-2008-2878 Yektaweb Input Validation vulnerability in Academic Web Tools CMS 1.4.2.8

Open redirect vulnerability in rss_getfile.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter.

6.4
2008-06-23 CVE-2008-2820 Azimyt Path Traversal vulnerability in Azimyt Open Azimyt CMS 0.21Stable/0.22Minimal

Directory traversal vulnerability in lang/lang-system.php in Open Azimyt CMS 0.22 minimal and 0.21 stable allows remote attackers to include and execute arbitrary local files via a ..

6.4
2008-06-26 CVE-2008-2881 Relative Real Estate Systems Information Exposure vulnerability in Relative Real Estate Systems Relative Real Estate Systems

Relative Real Estate Systems 3.0 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.

5.0
2008-06-26 CVE-2008-2873 Aspindir Permissions, Privileges, and Access Controls vulnerability in Aspindir Shibby Shop

sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.

5.0
2008-06-26 CVE-2008-2730 Cisco Improper Authentication vulnerability in Cisco Unified Communications Manager 5.1/6.1

The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843.

5.0
2008-06-26 CVE-2008-2062 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Manager

The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.

5.0
2008-06-25 CVE-2008-2864 Elinestudio Information Exposure vulnerability in Elinestudio Site Composer 2.5

eLineStudio Site Composer (ESC) 2.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) trigger.asp or (2) common2.asp in cms/include/, which reveals the database path.

5.0
2008-06-25 CVE-2008-2859 Netwin Denial of Service vulnerability in SurgeMail IMAP Command

Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command."

5.0
2008-06-25 CVE-2008-2857 Alstrasoft Credentials Management vulnerability in Alstrasoft Askme

AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.

5.0
2008-06-24 CVE-2008-2838 Traindepot Path Traversal vulnerability in Traindepot 0.1

Directory traversal vulnerability in index.php in Traindepot 0.1 allows remote attackers to read arbitrary files via a ..

5.0
2008-06-23 CVE-2008-2829 PHP
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function.

5.0
2008-06-25 CVE-2008-1951 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux 4/5

Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries before 1-13a.el4_6.1 in Red Hat Enterprise Linux (RHEL) 4, and before 1-31.el5_2.1 in RHEL 5, allows local users to gain privileges via a malicious library in a certain subdirectory of /var/tmp, related to an incorrect RPATH setting, as demonstrated by a malicious libc.so library for tog-pegasus.

4.6
2008-06-23 CVE-2008-2827 Perl Permissions, Privileges, and Access Controls vulnerability in Perl 5.10

The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.

4.6
2008-06-26 CVE-2008-2871 Pegames Cross-Site Scripting vulnerability in Pegames

Multiple cross-site scripting (XSS) vulnerabilities in template2.php in PEGames allow remote attackers to inject arbitrary web script or HTML via the (1) sitetitle, (2) sitenav, (3) sitemain, and (4) sitealt parameters.

4.3
2008-06-25 CVE-2008-2861 Elinestudio Cross-Site Scripting vulnerability in Elinestudio Site Composer 2.5

Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail parameters to login.asp.

4.3
2008-06-25 CVE-2008-2855 Ownrs Cross-Site Scripting vulnerability in Ownrs Beta3

Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2008-06-25 CVE-2008-2852 Nathan Neulinger Cross-Site Scripting vulnerability in Nathan Neulinger Cgiwrap

Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when an Internet Explorer based browser is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to failure to set the charset in error messages.

4.3
2008-06-25 CVE-2008-2848 Mindtouch Cross-Site Scripting vulnerability in Mindtouch Dekiwiki

Cross-site scripting (XSS) vulnerability in the search functionality in MindTouch DekiWiki before 8.05.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-06-25 CVE-2008-2842 Doitlive Cross-Site Scripting vulnerability in Doitlive CMS

Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doITLive CMS 2.50 and earlier allows remote attackers to inject arbitrary web script or HTML via the FILE parameter.

4.3
2008-06-24 CVE-2008-2839 Traindepot Cross-Site Scripting vulnerability in Traindepot 0.1

Cross-site scripting (XSS) vulnerability in the search module in Traindepot 0.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to index.php.

4.3
2008-06-23 CVE-2008-2825 Xerox Cross-Site Scripting vulnerability in Xerox Workcentre M123/M128/M133

Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-06-23 CVE-2008-2814 Shoutcastadmin Cross-Site Scripting vulnerability in Shoutcastadmin Wallcity-Server Shoutcast Admin Panel 2.0

Cross-site scripting (XSS) vulnerability in WallCity-Server Shoutcast Admin Panel 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter to the login interface.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-06-25 CVE-2008-2849 Drupal Cross-Site Scripting vulnerability in Drupal Trailscout Module 5

Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors.

3.5
2008-06-23 CVE-2008-1952 Xensource Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xensource XEN Para Virtualized Frame Buffer

The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amount of guest memory.

2.1