Weekly Vulnerabilities Reports > June 30 to July 6, 2008

Overview

93 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 75 products from 58 vendors including Linux, Apple, Microsoft, Drupal, and Preprojects. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Path Traversal", "Improper Input Validation", and "Code Injection".

  • 83 reported vulnerabilities are remotely exploitables.
  • 49 reported vulnerabilities have public exploit available.
  • 55 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 91 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-07-03 CVE-2008-3001 Drupal Code Injection vulnerability in Drupal Aggregation Module

The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.

9.3
2008-07-02 CVE-2008-2959 Microsoft Buffer Errors vulnerability in Microsoft Visual Basic Enterprise Edition 6.0

Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function.

9.3
2008-06-30 CVE-2008-2910 Muvee Buffer Errors vulnerability in Muvee Autoproducer 6.0/6.1

Buffer overflow in the DXTTextOutEffect ActiveX control (aka the Text-Effect DXT Filter), as distributed in TextOut.dll 6.0.18.1 and mvtextout.dll, in muvee autoProducer 6.0 and 6.1 allows remote attackers to execute arbitrary code via a long FontSetting property value.

9.3
2008-06-30 CVE-2008-2908 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Client

Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client for Windows before 4.36 allow remote attackers to execute arbitrary code via a long value of the (1) operation, (2) printer-url, or (3) target-frame parameter.

9.3

31 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-07-01 CVE-2008-2954 Linux Improper Input Validation vulnerability in Linux Direct Connect

client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via an empty private message, which triggers an out-of-bounds read.

7.8
2008-06-30 CVE-2008-2946 SUN Resource Management Errors vulnerability in SUN Solaris and Sunos

The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterprise Agents in Sun Solaris 8 through 10 allows remote attackers to cause a denial of service (daemon crash) via malformed packets.

7.8
2008-07-01 CVE-2008-2311 Apple Race Condition vulnerability in Apple mac OS X and mac OS X Server

Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.

7.6
2008-07-03 CVE-2008-2999 Drupal SQL Injection vulnerability in Drupal Aggregation Module and Drupal

Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-07-03 CVE-2008-2995 Phpeasydata SQL Injection vulnerability in PHPeasydata 1.5.4

Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via (1) the annuaire parameter to annuaire.php or (2) the username field in admin/login.php.

7.5
2008-07-03 CVE-2008-2993 FOG Path Traversal vulnerability in FOG Forum 0.8.1

Multiple directory traversal vulnerabilities in index.php in FOG Forum 0.8.1 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2008-07-02 CVE-2008-2990 Joomla
Mambo
Code Injection vulnerability in multiple products

PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.

7.5
2008-07-02 CVE-2008-2989 Homap SQL Injection vulnerability in Homap 0.1

SQL injection vulnerability in index.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary SQL commands via the go parameter.

7.5
2008-07-02 CVE-2008-2988 Benjacms Improper Input Validation vulnerability in Benjacms Benja CMS 0.1

Unrestricted file upload vulnerability in admin/upload.php in Benja CMS 0.1 allows remote attackers to upload and execute arbitrary PHP files via unspecified vectors, followed by a direct request to the file in billeder/.

7.5
2008-07-02 CVE-2008-2986 Phpdmca Code Injection vulnerability in PHPdmca 1.0.0

Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the ourlinux_root_path parameter to (1) adodb-errorpear.inc.php and (2) adodb-pear.inc.php in adodb/.

7.5
2008-07-02 CVE-2008-2983 CWH Underground SQL Injection vulnerability in CWH Underground Demo4 CMS 01

SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-07-02 CVE-2008-2977 Ourvideo CMS Code Injection vulnerability in Ourvideo CMS Ourvideo CMS 9.5

Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 allow remote attackers to execute arbitrary PHP code via a URL in the include_connection parameter to (1) edit_top_feature.php and (2) edit_topics_feature.php in phpi/.

7.5
2008-07-02 CVE-2008-2972 Kblance SQL Injection vulnerability in Kblance NIL

SQL injection vulnerability in index.php in KbLance allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a comment action.

7.5
2008-07-02 CVE-2008-2971 Cistyle SQL Injection vulnerability in Cistyle Ciblog 3.1

SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-07-02 CVE-2008-2970 Yektaweb Improper Input Validation vulnerability in Yektaweb Academic web Tools

Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/.

7.5
2008-07-02 CVE-2008-2968 Yektaweb SQL Injection vulnerability in Yektaweb Academic web Tools

SQL injection vulnerability in rating.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the book_id parameter.

7.5
2008-07-02 CVE-2008-2966 Jaxultrabb Path Traversal vulnerability in Jaxultrabb

Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 and earlier allows remote attackers to read arbitrary local files via a ..

7.5
2008-07-02 CVE-2008-2964 Researchguide SQL Injection vulnerability in Researchguide 0.5

SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-06-30 CVE-2008-2945 SUN Improper Input Validation vulnerability in SUN products

Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.

7.5
2008-06-30 CVE-2008-2925 Valarsoft SQL Injection vulnerability in Valarsoft Webmatic

SQL injection vulnerability in Webmatic before 2.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-06-30 CVE-2008-2922 T0Pp8Uzz Buffer Errors vulnerability in T0Pp8Uzz Dana IRC Client 1.1/1.2

Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long IRC message.

7.5
2008-06-30 CVE-2008-2921 Eztechhelp Company SQL Injection vulnerability in Eztechhelp Company Ezcms 1.0/1.1

SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2008-06-30 CVE-2008-2920 Ezcms Improper Authentication vulnerability in Ezcms Eztechhelp Ezcms

admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and earlier does not require authentication, which allows remote attackers to create, modify, read, and delete files.

7.5
2008-06-30 CVE-2008-2918 Application Dynamics SQL Injection vulnerability in Application Dynamics Cartweaver 3.0

SQL injection vulnerability in details.php in Application Dynamics Cartweaver 3.0 allows remote attackers to execute arbitrary SQL commands via the prodId parameter, possibly a related issue to CVE-2006-2046.3.

7.5
2008-06-30 CVE-2008-2917 Preprojects SQL Injection vulnerability in Preprojects E-Smart Cart

SQL injection vulnerability in productsofcat.asp in E-SMART CART allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

7.5
2008-06-30 CVE-2008-2915 Preprojects SQL Injection vulnerability in Preprojects PRE JOB Board

Multiple SQL injection vulnerabilities in jobseekers/JobSearch.php (aka the search module) in Pre Job Board allow remote attackers to execute arbitrary SQL commands via the (1) position or (2) kw parameter.

7.5
2008-06-30 CVE-2008-2914 Preprojects SQL Injection vulnerability in Preprojects PHP Jobwebsite PRO

SQL injection vulnerability in jobseekers/JobSearch3.php (aka the search module) in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the (1) kw or (2) position parameter.

7.5
2008-06-30 CVE-2008-2912 Contenido Code Injection vulnerability in Contenido CMS 4.8.4

Multiple PHP remote file inclusion vulnerabilities in Contenido CMS 4.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenido_path parameter to (a) contenido/backend_search.php; the (2) cfg[path][contenido] parameter to (b) move_articles.php, (c) move_old_stats.php, (d) optimize_database.php, (e) run_newsletter_job.php, (f) send_reminder.php, (g) session_cleanup.php, and (h) setfrontenduserstate.php in contenido/cronjobs/, and (i) includes/include.newsletter_jobs_subnav.php and (j) plugins/content_allocation/includes/include.right_top.php in contenido/; the (3) cfg[path][templates] parameter to (k) includes/include.newsletter_jobs_subnav.php and (l) plugins/content_allocation/includes/include.right_top.php in contenido/; and the (4) cfg[templates][right_top_blank] parameter to (m) plugins/content_allocation/includes/include.right_top.php and (n) contenido/includes/include.newsletter_jobs_subnav.php in contenido/, different vectors than CVE-2006-5380.

7.5
2008-06-30 CVE-2008-2909 Clever Copy SQL Injection vulnerability in Clever Copy Clever Copy 3.0

SQL injection vulnerability in results.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the searchtype parameter.

7.5
2008-06-30 CVE-2008-2904 Phpmycart SQL Injection vulnerability in PHPmycart

SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2008-06-30 CVE-2008-2902 Alstrasoft SQL Injection vulnerability in Alstrasoft Askme PRO

SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5

57 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-07-03 CVE-2008-3000 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal Aggregation Module

The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions.

6.8
2008-07-03 CVE-2008-2996 Gravityboardx SQL Injection vulnerability in Gravityboardx Gravity Board X 2.0

Multiple SQL injection vulnerabilities in index.php in Gravity Board X (GBX) 2.0 Beta, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchquery parameter in a getsearch action, and the (2) board_id parameter in a viewboard action.

6.8
2008-07-02 CVE-2008-2985 Cmreams Path Traversal vulnerability in Cmreams CMS 1.3.1.1

Directory traversal vulnerability in load_language.php in CMReams CMS 1.3.1.1 Beta 2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page_language parameter.

6.8
2008-07-02 CVE-2008-2982 Homeph Design Path Traversal vulnerability in Homeph Design Homeph Design 2.10

Multiple directory traversal vulnerabilities in HomePH Design 2.10 RC2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) thumb_template parameter to (a) admin/templates/template_thumbnail.php, and the (2) language parameter to (b) account/account.php, (c) downloads/downloads.php, (d) forum/forum.php, (e) fotogalerie/delete.php, and (f) fotogalerie/fotogalerie.php in admin/features/.

6.8
2008-07-02 CVE-2008-2981 Homeph Design Code Injection vulnerability in Homeph Design Homeph Design 2.10

PHP remote file inclusion vulnerability in admin/templates/template_thumbnail.php in HomePH Design 2.10 RC2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the thumb_template parameter.

6.8
2008-07-02 CVE-2008-2978 Ourvideocms Path Traversal vulnerability in Ourvideocms Ourvideo CMS 9.5

Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the prefix parameter.

6.8
2008-07-02 CVE-2008-2976 Tinx CMS Path Traversal vulnerability in Tinx CMS Tinx CMS 1.1

Multiple directory traversal vulnerabilities in TinX/cms 1.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) language parameter to (a) include_me.php, (b) admin/ajax.php, and (c) admin/objects/catalog.ajaxhandler.php; and the (2) prefix parameter to (d) admin/inc/config.php.

6.8
2008-07-02 CVE-2008-2974 MM Chat Path Traversal vulnerability in MM Chat MM Chat 1.5

Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter.

6.8
2008-07-02 CVE-2008-2963 Myblog SQL Injection vulnerability in Myblog

Multiple SQL injection vulnerabilities in MyBlog allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to (a) index.php, and the (2) id parameter to (b) member.php and (c) post.php.

6.8
2008-07-01 CVE-2008-2310 Apple USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server

Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.

6.8
2008-07-01 CVE-2008-2309 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.

6.8
2008-06-30 CVE-2008-2949 Microsoft Denial-Of-Service vulnerability in Microsoft IE 6/7

Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener.

6.8
2008-06-30 CVE-2008-2948 Microsoft Denial-Of-Service vulnerability in Microsoft IE and Internet Explorer

Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener.

6.8
2008-06-30 CVE-2008-2947 Microsoft Improper Access Control vulnerability in Microsoft Internet Explorer 5.01/6/7

Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.

6.8
2008-06-30 CVE-2008-2942 Mercurial Path Traversal vulnerability in Mercurial 1.0.1

Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.

6.8
2008-06-30 CVE-2008-2919 Gryphonllc SQL Injection vulnerability in Gryphonllc Gryphon Gllcts2 4.2.4

SQL injection vulnerability in listing.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the sort parameter.

6.8
2008-06-30 CVE-2008-2916 Preprojects SQL Injection vulnerability in Preprojects PRE ADS Portal

Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to showcategory.php and the (2) id parameter to software-description.php.

6.8
2008-06-30 CVE-2008-2913 Devalcms Path Traversal vulnerability in Devalcms 1.4A

Directory traversal vulnerability in func.php in Devalcms 1.4a, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-06-30 CVE-2008-2907 Webchamado SQL Injection vulnerability in Webchamado 1.1

SQL injection vulnerability in admin/index.php in WebChamado 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the eml parameter.

6.8
2008-06-30 CVE-2008-2906 Webchamado SQL Injection vulnerability in Webchamado 1.1

SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the tsk_id parameter.

6.8
2008-06-30 CVE-2008-2905 Mambo Code Injection vulnerability in Mambo

PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2008-06-30 CVE-2008-2903 Awbs SQL Injection vulnerability in Awbs Advanced Webhost Billing System

SQL injection vulnerability in news.php in Advanced Webhost Billing System (AWBS) 2.3.3 through 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the viewnews parameter.

6.8
2008-06-30 CVE-2008-2901 Haudenschilt SQL Injection vulnerability in Haudenschilt Family Connections CMS 1.4

Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.4 allow remote authenticated users to execute arbitrary SQL commands via the (1) address parameter to addressbook.php, the (2) getnews parameter to familynews.php, and the (3) poll_id parameter to home.php in a results action.

6.5
2008-07-01 CVE-2008-2957 Pidgin Improper Input Validation vulnerability in Pidgin 2.0.0

The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.

6.4
2008-06-30 CVE-2008-2943 IBM Resource Management Errors vulnerability in IBM Tivoli Directory Server

Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using ldapadd to attempt to create a duplicate ibm-globalAdminGroup LDAP database entry.

6.0
2008-07-02 CVE-2008-2969 Yektaweb Path Traversal vulnerability in Yektaweb Academic web Tools 1.4.3.1

Directory traversal vulnerability in download.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to read arbitrary files via a ..

5.0
2008-07-02 CVE-2008-2961 Cmsmini Path Traversal vulnerability in Cmsmini CMS Mini 0.2.2

Multiple directory traversal vulnerabilities in view/index.php in CMS Mini 0.2.2 allow remote attackers to read arbitrary local files via a ..

5.0
2008-07-01 CVE-2008-2956 Pidgin Resource Management Errors vulnerability in Pidgin 2.0.0

** DISPUTED ** Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents.

5.0
2008-07-01 CVE-2008-2953 Linux Improper Input Validation vulnerability in Linux Direct Connect

Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via "partial file list requests" that trigger a NULL pointer dereference.

5.0
2008-07-01 CVE-2008-2952 Openldap Resource Management Errors vulnerability in Openldap

liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.

5.0
2008-07-02 CVE-2008-2826 Linux
Opensuse
Debian
Canonical
Integer Overflow OR Wraparound vulnerability in multiple products

Integer overflow in the sctp_getsockopt_local_addrs_old function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service (resource consumption and system outage) via vectors involving a large addr_num field in an sctp_getaddrs_old data structure.

4.9
2008-07-02 CVE-2008-2372 Linux Improper Input Validation vulnerability in Linux Kernel

The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages."

4.9
2008-06-30 CVE-2008-2729 RED HAT Information Exposure vulnerability in RED HAT Linux Kernel

arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.

4.9
2008-06-30 CVE-2008-0598 Linux Information Exposure vulnerability in Linux Kernel 2.6.18/2.6.9

Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary.

4.9
2008-06-30 CVE-2008-2944 RED HAT Resource Management Errors vulnerability in RED HAT Enterprise Linux Kernel and Fedora Core

Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CVE-2008-2365.

4.9
2008-06-30 CVE-2008-2365 Linux
Redhat
Race Condition vulnerability in multiple products

Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514.

4.7
2008-07-01 CVE-2008-2313 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory.

4.6
2008-07-01 CVE-2008-2308 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information.

4.6
2008-07-01 CVE-2008-2958 Checkinstall Race Condition vulnerability in Checkinstall 1.6.1

Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories.

4.4
2008-07-01 CVE-2008-2314 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors.

4.4
2008-07-03 CVE-2008-2998 Drupal Cross-Site Scripting vulnerability in Drupal Aggregation Module

Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-07-03 CVE-2008-2997 Gravityboardx Cross-Site Scripting vulnerability in Gravityboardx Gravity Board X 2.0

Cross-site scripting (XSS) vulnerability in index.php in Gravity Board X (GBX) 2.0 Beta allows remote attackers to inject arbitrary web script or HTML via the subject parameter in a postnewsubmit (aka create new thread) action.

4.3
2008-07-03 CVE-2008-2994 Phpeasydata Cross-Site Scripting vulnerability in PHPeasydata 1.5.4

Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to inject arbitrary web script or HTML via the (1) annuaire parameter to (a) last_records.php and (b) annuaire.php and the (2) by and (3) cat_id parameters to annuaire.php.

4.3
2008-07-02 CVE-2008-2987 Benjacms Cross-Site Scripting vulnerability in Benjacms Benja CMS 0.1

Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_edit_submenu.php, (2) admin_new_submenu.php, and (3) admin_edit_topmenu.php in admin/.

4.3
2008-07-02 CVE-2008-2984 Cmreams Cross-Site Scripting vulnerability in Cmreams CMS 1.3.1.1

Cross-site scripting (XSS) vulnerability in backend/umleitung.php in CMReams CMS 1.3.1.1 Beta 2 allows remote attackers to inject arbitrary web script or HTML via the lang[be_red_text] parameter.

4.3
2008-07-02 CVE-2008-2980 Homeph Design Cross-Site Scripting vulnerability in Homeph Design Homeph Design 2.10

Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2.10 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) error_meldung parameter to admin/features/register/register.php, the (2) feature_language[ueberschrift] parameter to admin/features/memberlist/memberlist.php, the (3) language_array[ueberschrift] parameter to admin/features/lostpassword/lostpassword.php, the (4) language_feature[titel] parameter to admin/features/kalender/eingabe.php, and the (5) language_feature[bildmenu] parameter to admin/features/fotogalerie/eingabe.php.

4.3
2008-07-02 CVE-2008-2979 Ourvideo CMS Cross-Site Scripting vulnerability in Ourvideo CMS Ourvideo CMS 9.5

Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php in Ourvideo CMS 9.5 allow remote attackers to inject arbitrary web script or HTML via the (1) top_page and (2) end_page parameters.

4.3
2008-07-02 CVE-2008-2975 Tinx CMS Cross-Site Scripting vulnerability in Tinx CMS Tinx CMS 1.1

Cross-site scripting (XSS) vulnerability in admin/objects/obj_image.php in TinX/cms 1.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter.

4.3
2008-07-02 CVE-2008-2973 MM Chat Cross-Site Scripting vulnerability in MM Chat MM Chat 1.5

Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in MM Chat 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sitename and (2) wmessage parameters.

4.3
2008-07-02 CVE-2008-2967 Yektaweb Cross-Site Scripting vulnerability in Yektaweb Academic web Tools

Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlarea.js.php, and allow remote authenticated users to inject arbitrary web script or HTML via an unspecified field in room.php.

4.3
2008-07-02 CVE-2008-2965 Jaxbot Cross-Site Scripting vulnerability in Jaxbot Jaxultrabb

Cross-site scripting (XSS) vulnerability in viewforum.php in JaxUltraBB (JUBB) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter.

4.3
2008-07-02 CVE-2008-2962 Myblog Cross-Site Scripting vulnerability in Myblog

Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) sort parameters to index.php, and the (3) id parameter to post.php.

4.3
2008-07-01 CVE-2008-2955 Pidgin Improper Input Validation vulnerability in Pidgin 2.4.1

Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.

4.3
2008-06-30 CVE-2008-2462 Caucho Cross-Site Scripting vulnerability in Caucho Resin

Cross-site scripting (XSS) vulnerability in the viewfile documentation command in Caucho Resin before 3.0.25, and 3.1.x before 3.1.4, allows remote attackers to inject arbitrary web script or HTML via the file parameter.

4.3
2008-06-30 CVE-2008-2924 Valarsoft Cross-Site Scripting vulnerability in Valarsoft Webmatic

Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-06-30 CVE-2008-2923 Lyris Cross-Site Scripting vulnerability in Lyris List Manager 8.8/8.95/9.3D

Cross-site scripting (XSS) vulnerability in read/search/results in Lyris ListManager 8.8, 8.95, and 9.3d allows remote attackers to inject arbitrary web script or HTML via the words parameter.

4.3
2008-06-30 CVE-2008-2911 Contenido Cross-Site Scripting vulnerability in Contenido Contendio 4.8.4

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Contenido 4.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) contenido, (2) Belang, and (3) username parameters.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-07-02 CVE-2008-2960 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/.

2.6