Weekly Vulnerabilities Reports > July 7 to 13, 2008

Overview

153 new vulnerabilities reported during this period, including 24 critical vulnerabilities and 60 high severity vulnerabilities. This weekly summary report vulnerabilities in 168 products from 79 vendors including Typo3, Microsoft, Mozilla, SUN, and Drupal. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Information Exposure", and "Resource Management Errors".

  • 146 reported vulnerabilities are remotely exploitables.
  • 42 reported vulnerabilities have public exploit available.
  • 66 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 139 reported vulnerabilities are exploitable by an anonymous user.
  • Typo3 has the most reported vulnerabilities, with 23 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

24 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-07-11 CVE-2008-3150 Neutrino CMS Path Traversal vulnerability in Neutrino-Cms Atomic Edition 0.8.4

Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions.

10.0
2008-07-10 CVE-2008-3116 Hanghai USE of Externally-Controlled Format String vulnerability in Hanghai 5TH Street, High Street 5 and HOT Step

Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message.

10.0
2008-07-09 CVE-2008-3113 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.

10.0
2008-07-09 CVE-2008-3112 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Jdk, JRE and SDK

Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.

10.0
2008-07-09 CVE-2008-3111 SUN Improper Input Validation vulnerability in SUN Jdk, JRE and SDK

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.

10.0
2008-07-09 CVE-2008-3108 SUN Buffer Errors vulnerability in SUN Jdk, JRE and SDK

Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing.

10.0
2008-07-09 CVE-2008-3107 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.

10.0
2008-07-09 CVE-2008-3079 Microsoft
Opera
Remote Security vulnerability in Opera

Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors.

10.0
2008-07-07 CVE-2008-2811 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.

10.0
2008-07-07 CVE-2008-2799 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.

10.0
2008-07-07 CVE-2008-2798 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.

10.0
2008-07-07 CVE-2008-3042 Typo3 Permissions, Privileges, and Access Controls vulnerability in Typo3 DAM Frontend Extension

Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Improper Error Handling."

10.0
2008-07-08 CVE-2008-1454 Microsoft Unspecified vulnerability in Microsoft products

Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.

9.4
2008-07-11 CVE-2008-3156 Panda Permissions, Privileges, and Access Controls vulnerability in Panda Activescan 2.0

The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.

9.3
2008-07-11 CVE-2008-3155 Panda Buffer Errors vulnerability in Panda Activescan 2.0

Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method.

9.3
2008-07-09 CVE-2008-3103 SUN Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE

Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors.

9.3
2008-07-09 CVE-2008-2244 Microsoft Resource Management Errors vulnerability in Microsoft Office Word 2002

Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.

9.3
2008-07-08 CVE-2008-1435 Microsoft Code Injection vulnerability in Microsoft Windows-Nt and Windows Vista

Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."

9.3
2008-07-07 CVE-2008-2430 Microsoft
Videolan
Numeric Errors vulnerability in Videolan VLC Media Player 0.8.6H

Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.

9.3
2008-07-07 CVE-2008-3033 RSS Aggregator Improper Authentication vulnerability in RSS Aggregator RSS Aggregator 1.0

RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php.

9.3
2008-07-07 CVE-2008-3024 Blackberry Out-Of-Bounds Write vulnerability in Blackberry QNX Momentics 6.2.0/6.3.0/6.3.2

Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/.

9.3
2008-07-08 CVE-2008-0107 Microsoft Numeric Errors vulnerability in Microsoft products

Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."

9.0
2008-07-08 CVE-2008-0106 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.

9.0
2008-07-08 CVE-2008-0086 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.

9.0

60 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-07-09 CVE-2008-3105 SUN Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE

Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application.

8.3
2008-07-11 CVE-2008-3149 F5 Path Traversal vulnerability in F5 Firepass 1200 6.0.2

The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote attackers to cause a denial of service (daemon crash) by walking the hrSWInstalled OID branch in HOST-RESOURCES-MIB.

7.8
2008-07-10 CVE-2008-3135 Secretwars Numeric Errors vulnerability in Secretwars Soldner Secret Wars

Soldner Secret Wars 33724 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a large numeric value in a 0x80 data block.

7.8
2008-07-09 CVE-2008-3078 Opera Information Exposure vulnerability in Opera Browser

Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image.

7.8
2008-07-11 CVE-2008-3154 Webblizzard SQL Injection vulnerability in Webblizzard Content Management System

SQL injection vulnerability in index.php in WebBlizzard CMS allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2008-07-11 CVE-2008-3153 Tritoncms SQL Injection vulnerability in Tritoncms Triton CMS PRO

SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.

7.5
2008-07-11 CVE-2008-3152 Orbitscripts SQL Injection vulnerability in Orbitscripts Smartppc and Smartppc PRO

SQL injection vulnerability in directory.php in SmartPPC and SmartPPC Pro allows remote attackers to execute arbitrary SQL commands via the idDirectory parameter.

7.5
2008-07-11 CVE-2008-3151 Phpnuke
Warpspeed
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action.

7.5
2008-07-10 CVE-2008-3136 Ashopsoftware SQL Injection vulnerability in Ashopsoftware Ashop Deluxe 4

SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2008-07-10 CVE-2008-3132 Joomla SQL Injection vulnerability in Joomla COM Beamospetition

SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.

7.5
2008-07-10 CVE-2008-3129 Catviz SQL Injection vulnerability in Catviz 0.4Beta1

Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta 1 allow remote attackers to execute arbitrary SQL commands via the (1) foreign_key_value parameter in the news page and (2) webpage parameter in the webpage_multi_edit form.

7.5
2008-07-10 CVE-2008-3125 Mole Group SQL Injection vulnerability in Mole Group Lastminute Script 4.0

SQL injection vulnerability in index.php in Mole Group Lastminute Script 4.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2008-07-10 CVE-2008-3124 Mole Group SQL Injection vulnerability in Mole Group Hotel Script 1.0

SQL injection vulnerability in index.php in Mole Group Hotel Script 1.0 allows remote attackers to execute arbitrary SQL commands via the file parameter.

7.5
2008-07-10 CVE-2008-3123 Mole Group SQL Injection vulnerability in Mole Group Real Estate Script

SQL injection vulnerability in index.php in Mole Group Real Estate Script 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action.

7.5
2008-07-10 CVE-2008-3119 Dreamlevels SQL Injection vulnerability in Dreamlevels Dream Pics Builder

SQL injection vulnerability in index.php in DreamPics Builder allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2008-07-10 CVE-2008-3118 Phpmotion SQL Injection vulnerability in PHPmotion 1.0

SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the vid parameter.

7.5
2008-07-09 CVE-2008-3115 SUN Configuration vulnerability in SUN JDK and JRE

Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases.

7.5
2008-07-09 CVE-2008-3109 SUN Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.

7.5
2008-07-09 CVE-2008-3090 Blognplus SQL Injection vulnerability in Blognplus 2.5.5

Multiple SQL injection vulnerabilities in index.php in BlognPlus (BURO GUN +) 2.5.5 MySQL and PostgreSQL editions allow remote attackers to execute arbitrary SQL commands via the (1) p, (2) e, (3) d, and (4) m parameters, a different vulnerability than CVE-2008-2819.

7.5
2008-07-09 CVE-2008-3089 Xpoze SQL Injection vulnerability in Xpoze PRO 3.06

SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze Pro CMS 2008) allows remote attackers to execute arbitrary SQL commands via the uid parameter.

7.5
2008-07-09 CVE-2008-3083 Brightcode
Joomla
SQL Injection vulnerability in multiple products

SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2008-07-09 CVE-2008-2376 Redhat
Ruby Lang
Numeric Errors vulnerability in Ruby-Lang Ruby 1.8.6.230

Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE.

7.5
2008-07-08 CVE-2008-3073 Simple Machines Multiple Unspecified vulnerability in Simple Machine Forum Prior to 1.1.5 and 1.0.13

Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors, probably cross-site scripting (XSS), related to "use of the html-tag."

7.5
2008-07-08 CVE-2008-3072 Simple Machines Numeric Errors vulnerability in Simple Machines Simple Machines Forum

Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors.

7.5
2008-07-08 CVE-2008-3071 Mybb Path Traversal vulnerability in Mybb

Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable.

7.5
2008-07-08 CVE-2008-3070 Mybb SQL-Injection vulnerability in MyBB

Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection.

7.5
2008-07-07 CVE-2008-3068 Microsoft Remote Information Disclosure vulnerability in Microsoft Crypto API X.509 Certificate Validation

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.

7.5
2008-07-07 CVE-2008-2950 Poppler Code Injection vulnerability in Poppler

The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.

7.5
2008-07-07 CVE-2008-2806 Mozilla Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect.

7.5
2008-07-07 CVE-2008-2802 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level."

7.5
2008-07-07 CVE-2008-2801 Mozilla Improper Authentication vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

7.5
2008-07-07 CVE-2008-2374 Bluez Improper Input Validation vulnerability in Bluez Libs and Bluez Utils

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.

7.5
2008-07-07 CVE-2008-2371 Pcre Buffer Errors vulnerability in Pcre 7.7

Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.

7.5
2008-07-07 CVE-2008-1676 Redhat
Netscape
Credentials Management vulnerability in Netscape Certificate Management System 6.0/6.01/6.1

Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate.

7.5
2008-07-07 CVE-2008-3056 Typo3 SQL Injection vulnerability in Typo3 Codeon Petition Extension

SQL injection vulnerability in the Codeon Petition (cd_petition) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-07-07 CVE-2008-3055 Typo3 SQL Injection vulnerability in Typo3 Support View Extension

SQL injection vulnerability in the Support view (ext_tbl) extension 0.0.102 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-07-07 CVE-2008-3054 Typo3 SQL Injection vulnerability in Typo3 Branchenbuch Extension

SQL injection vulnerability in the Branchenbuch (aka Yellow Pages o (mh_branchenbuch) extension 0.8.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-07-07 CVE-2008-3053 Typo3 SQL Injection vulnerability in Typo3 SQL Frontend Extension

SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-07-07 CVE-2008-3052 Typo3 Resource Management Errors vulnerability in Typo3 SQL Frontend Extension

Unspecified vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to cause a denial of service via unknown vectors.

7.5
2008-07-07 CVE-2008-3051 Typo3 SQL Injection vulnerability in Typo3 Pinboard Extension

SQL injection vulnerability in the Pinboard extension 0.0.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-07-07 CVE-2008-3048 Typo3 Multiple Unspecified vulnerability in TYPO3 PDF Generator 2 Extension

Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Unprotected test functionality."

7.5
2008-07-07 CVE-2008-3047 Typo3 Permissions, Privileges, and Access Controls vulnerability in Typo3 KB Unpack Extension

Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors.

7.5
2008-07-07 CVE-2008-3046 Typo3 Permissions, Privileges, and Access Controls vulnerability in Typo3 Packman Extension 0.2.0

Incomplete blacklist vulnerability in the Packman (kb_packman) extension 0.2.1 and earlier for TYPO3 has unknown impact and attack vectors.

7.5
2008-07-07 CVE-2008-3045 Typo3 Unspecified vulnerability in Typo3 Industry Database

Unspecified vulnerability in the Industry Database (aka Branchendatenbank pro_industrydb) extension 1.0.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Insufficient Verification of Data Authenticity."

7.5
2008-07-07 CVE-2008-3044 Typo3 SQL Injection vulnerability in Typo3 News Calendar Extension

SQL injection vulnerability in the News Calendar (newscalendar) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-07-07 CVE-2008-3043 Typo3 Code Injection vulnerability in Typo3 WEC Discussion Forum 1.6.0/1.6.1

Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types."

7.5
2008-07-07 CVE-2008-3041 Typo3 Permissions, Privileges, and Access Controls vulnerability in Typo3 DAM Frontend Extension

Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "broken access control."

7.5
2008-07-07 CVE-2008-3039 Typo3 SQL Injection vulnerability in Typo3 DAM Frontend Extension

SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-07-07 CVE-2008-3038 Typo3 SQL Injection vulnerability in Typo3 Address Directory

SQL injection vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-07-07 CVE-2008-3036 CMS Little Path Traversal vulnerability in CMS Little CMS Little 0.0.1

Directory traversal vulnerability in index.php in CMS little 0.0.1 allows remote attackers to include and execute arbitrary local files, and probably remote files, via a ..

7.5
2008-07-07 CVE-2008-3034 RSS Aggregator SQL Injection vulnerability in RSS Aggregator RSS Aggregator 1.0

Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.

7.5
2008-07-07 CVE-2008-3031 Simple PHP Agenda Path Traversal vulnerability in Simple PHP Agenda Simple PHP Agenda

Directory traversal vulnerability in index.php in Simple PHP Agenda 2.2.4 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-07-07 CVE-2008-3030 Efes Tech Shop SQL Injection vulnerability in Efes Tech Shop Efes Tech Shop 2.0

SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an urunler action.

7.5
2008-07-07 CVE-2008-3027 Vangogh WEB CMS SQL Injection vulnerability in Vangogh web CMS Vangogh web CMS 0.9

SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the article_ID parameter to index.php.

7.5
2008-07-07 CVE-2008-3026 Oneclick CMS SQL Injection vulnerability in Oneclick CMS Oneclick CMS 20080124

SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-07-07 CVE-2008-3025 PLX WEB Studio SQL Injection vulnerability in PLX web Studio PLX AD Trader 3.2

SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter in a redir action.

7.5
2008-07-07 CVE-2008-3022 Phpbbportal Code Injection vulnerability in PHPbbportal PHPortal 1.2

Multiple PHP remote file inclusion vulnerabilities in sablonlar/gunaysoft/gunaysoft.php in PHPortal 1.2 Beta allow remote attackers to execute arbitrary PHP code via a URL in (1) icerikyolu, (2) sayfaid, and (3) uzanti parameters.

7.5
2008-07-09 CVE-2008-2931 Linux
Debian
Novell
Opensuse
Canonical
Improper Privilege Management vulnerability in multiple products

The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.

7.2
2008-07-09 CVE-2008-2812 Linux
Canonical
Novell
Opensuse
Suse
Debian
Avaya
Null Pointer Dereference vulnerability in multiple products

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.

7.2
2008-07-09 CVE-2008-2375 Redhat Resource Management Errors vulnerability in Redhat Vsftpd

Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.

7.1

65 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-07-11 CVE-2008-3158 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Client for Windows 4.91Sp4

Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory.

6.9
2008-07-11 CVE-2008-3148 Mackt
Ollydbg
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in (1) OllyDBG 1.10 and (2) ImpREC 1.7f allows user-assisted attackers to execute arbitrary code via a crafted DLL file that contains a long string.

6.8
2008-07-10 CVE-2008-3133 Barenuked SQL Injection vulnerability in Barenuked CMS 1.1.0

SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the password parameter.

6.8
2008-07-10 CVE-2008-3131 Powie SQL Injection vulnerability in Powie Psys 0.7.0

SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showid parameter.

6.8
2008-07-10 CVE-2008-3127 Hiox India Improper Input Validation vulnerability in Hiox India Banner Rotator 1.3

PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIOX Banner Rotator (HBR) 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.

6.8
2008-07-09 CVE-2008-3104 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Jdk, JRE and SDK

Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet.

6.8
2008-07-09 CVE-2007-3652 Fascript SQL Injection vulnerability in Fascript Faname 1.0

SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

6.8
2008-07-07 CVE-2008-2927 Pidgin
Adium
Numeric Errors vulnerability in multiple products

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.

6.8
2008-07-07 CVE-2008-2810 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut.

6.8
2008-07-07 CVE-2008-2803 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.

6.8
2008-07-07 CVE-2008-2463 Microsoft Code Injection vulnerability in Microsoft Office Snapshot Viewer Activex Office2000/Office2003/Officexp

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method.

6.8
2008-07-10 CVE-2008-3126 Fujitsu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fujitsu Serverview

Multiple stack-based buffer overflows in the ServerView web interface (SnmpGetMibValues.exe) in Fujitsu Siemens Computers ServerView 04.60.07 and earlier allow remote authenticated users to execute arbitrary code via a crafted URL.

6.5
2008-07-10 CVE-2008-3122 Xerox SQL Injection vulnerability in Xerox Centreware web

Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to execute arbitrary SQL commands via the unspecified vectors.

6.5
2008-07-10 CVE-2008-3117 Phpmotion Improper Input Validation vulnerability in PHPmotion 1.0

Unrestricted file upload vulnerability in update_profile.php in PHPmotion 2.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a .php file with a content type of (1) image/gif, (2) image/jpeg, or (3) image/pjpeg, then accessing it via a direct request to the file under pictures/.

6.5
2008-07-09 CVE-2008-3096 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal Outline Designer Module 5

The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each content reader's authentication level to match that of the content author, which might allow remote attackers to gain privileges.

6.5
2008-07-09 CVE-2008-3093 Phplizardo Code Injection vulnerability in PHPlizardo Imperialbb

Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the Upload_Avatar parameter and sending the image/gif content type.

6.5
2008-07-09 CVE-2008-3092 Drupal SQL Injection vulnerability in Drupal Taxonomy Autotagger Module 5

SQL injection vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to execute arbitrary SQL commands via unspecified vectors.

6.5
2008-07-09 CVE-2008-3081 Avaya Improper Input Validation vulnerability in Avaya Messaging Storage Server 3/3.1/4.0

Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.

6.5
2008-07-07 CVE-2008-3035 Xchangeboard SQL Injection vulnerability in Xchangeboard

SQL injection vulnerability in newThread.php in XchangeBoard 1.70 Final and earlier allows remote authenticated users to execute arbitrary SQL commands via the boardID parameter.

6.5
2008-07-09 CVE-2008-3080 Mywebland Cross-Site Request Forgery (CSRF) vulnerability in Mywebland Mybloggie 2.1.6

Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators.

5.1
2008-07-09 CVE-2007-1899 Mywebland SQL Injection vulnerability in Mywebland Mybloggie 2.1.6

Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php.

5.1
2008-07-07 CVE-2008-2667 Courier MTA
Suse
SQL Injection vulnerability in Courier-Mta Courtier-Authlib

SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.

5.1
2008-07-11 CVE-2008-3157 Nortel Resource Management Errors vulnerability in Nortel SIP Multimedia PC Client 4.0

Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit the number of concurrent sessions, which allows attackers to cause a denial of service (resource consumption) via a large number of sessions.

5.0
2008-07-10 CVE-2008-3140 Wireshark Multiple vulnerability in Wireshark 1.0.0

The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet."

5.0
2008-07-10 CVE-2008-3139 Rpath
Wireshark
Information Exposure vulnerability in multiple products

The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.

5.0
2008-07-10 CVE-2008-3138 Rpath
Wireshark
Information Exposure vulnerability in multiple products

The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.

5.0
2008-07-10 CVE-2008-3134 Graphicsmagick Resource Management Errors vulnerability in Graphicsmagick

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

5.0
2008-07-10 CVE-2008-3128 Pivot Path Traversal vulnerability in Pivot 1.40.5

Directory traversal vulnerability in search.php in Pivot 1.40.5 allows remote attackers to read arbitrary files via a ..

5.0
2008-07-10 CVE-2008-1678 Openssl Resource Management Errors vulnerability in Openssl 0.9.8F/0.9.8G/0.9.8H

Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.

5.0
2008-07-09 CVE-2008-3114 SUN Information Exposure vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074.

5.0
2008-07-09 CVE-2008-3087 Kasseler CMS Path Traversal vulnerability in Kasseler-Cms Kasseler CMS 1.3.0

Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote attackers to read arbitrary files via a ..

5.0
2008-07-09 CVE-2007-3650 Mywebland Information Exposure vulnerability in Mywebland Mybloggie 2.1.6

myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.

5.0
2008-07-08 CVE-2008-1447 Canonical
Cisco
Debian
Microsoft
Redhat
ISC
Insufficient Entropy vulnerability in ISC Bind 4/8/9.2.9

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."

5.0
2008-07-08 CVE-2008-0085 Microsoft Information Exposure vulnerability in Microsoft products

SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.

5.0
2008-07-07 CVE-2008-2807 Mozilla Information Exposure vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file.

5.0
2008-07-07 CVE-2008-2805 Mozilla Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range.

5.0
2008-07-07 CVE-2008-3050 Typo3 Resource Management Errors vulnerability in Typo3 PDF Generator 2 Extension

Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to cause a denial of service via unspecified vectors.

5.0
2008-07-07 CVE-2008-3049 Typo3 Information Exposure vulnerability in Typo3 PDF Generator 2 Extension

The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to obtain sensitive information via unspecified vectors.

5.0
2008-07-07 CVE-2008-3040 Typo3 Information Exposure vulnerability in Typo3 DAM Frontend Extension

Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.

5.0
2008-07-10 CVE-2008-3141 Wireshark Information Exposure vulnerability in Wireshark

Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.

4.9
2008-07-09 CVE-2008-3077 Linux USE After Free vulnerability in Linux Kernel

arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the x86_64 platform leaks task_struct references into the sys32_ptrace function, which allows local users to cause a denial of service (system crash) or have unspecified other impact via unknown vectors, possibly a use-after-free vulnerability.

4.9
2008-07-11 CVE-2008-3147 Wefi Information Exposure vulnerability in Wefi 3.2.1.4.1

WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) WPA, and (3) WPA2 access-point keys in (a) ClientWeFiLog.dat, (b) ClientWeFiLog.bak, and possibly (c) a certain .inf file under %PROGRAMFILES%\WeFi\Users\, and uses cleartext for the ClientWeFiLog files, which allows local users to obtain sensitive information by reading these files.

4.7
2008-07-10 CVE-2008-3137 Wireshark Improper Input Validation vulnerability in Wireshark

The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

4.3
2008-07-10 CVE-2008-3130 Simple Machines Cross-Site Scripting vulnerability in Simple Machines Opencart 0.7.7

Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenCart 0.7.7 allow remote attackers to inject arbitrary web script or HTML via the (1) firstname and (2) search parameters.

4.3
2008-07-10 CVE-2008-3121 Xerox Cross-Site Scripting vulnerability in Xerox Centreware web

Multiple cross-site scripting (XSS) vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-07-09 CVE-2008-3110 SUN Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet.

4.3
2008-07-09 CVE-2008-3106 SUN Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE

Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105.

4.3
2008-07-09 CVE-2008-3094 Drupal Information Exposure vulnerability in Drupal and Organic Groups Module

The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors.

4.3
2008-07-09 CVE-2008-3088 Kasseler CMS Cross-Site Scripting vulnerability in Kasseler-Cms Kasseler CMS 1.3.0/1.3.1

Cross-site scripting (XSS) vulnerability in the Files module in Kasseler CMS 1.3.0 and 1.3.1 Lite allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a Category action to index.php.

4.3
2008-07-09 CVE-2008-2991 Adobe Cross-Site Scripting vulnerability in Adobe Robohelp Server 6/7

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Help Errors log.

4.3
2008-07-09 CVE-2008-3082 Commtouch Cross-Site Scripting vulnerability in Commtouch Enterprise Anti-Spam Gateway 4/5

Cross-site scripting (XSS) vulnerability in UPM/English/login/login.asp in Commtouch Enterprise Anti-Spam Gateway 4 and 5 allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter.

4.3
2008-07-09 CVE-2008-1663 HP Cross-Site Scripting vulnerability in HP System Management Homepage 2.1.10/2.1.11

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-07-09 CVE-2007-3653 Fascript Cross-Site Scripting vulnerability in Fascript Faname 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php.

4.3
2008-07-09 CVE-2007-3651 Fascript Information Exposure vulnerability in Fascript Faname 1.0

class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation path in an error message.

4.3
2008-07-08 CVE-2008-2248 Microsoft Cross-Site Scripting vulnerability in Microsoft Exchange Server and Outlook web Access

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.

4.3
2008-07-08 CVE-2008-2247 Microsoft Cross-Site Scripting vulnerability in Microsoft Exchange Server 2003/2007

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248.

4.3
2008-07-08 CVE-2008-3069 Mybb Cross-Site Scripting vulnerability in Mybb

Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php.

4.3
2008-07-07 CVE-2008-2808 Redhat
Ubuntu
Mozilla
Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.

4.3
2008-07-07 CVE-2008-2800 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onreadystatechange handler in conjunction with an XMLHttpRequest.

4.3
2008-07-07 CVE-2008-3037 Typo3 Cross-Site Scripting vulnerability in Typo3 Address Directory

Cross-site scripting (XSS) vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-07-07 CVE-2008-3032 Typo3 Cross-Site Scripting vulnerability in Typo3 PHPmyadmin 0.2.2/3.0

Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-07-07 CVE-2008-3029 Typo3 Cross-Site Scripting vulnerability in Typo3 WEC Discussion Forum 1.6/1.6.0/1.6.1

Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-07-07 CVE-2008-3028 Typo3 Cross-Site Scripting vulnerability in Typo3 Send A Card 2.2/2.2.1

Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card (sr_sendcard) extension 2.2.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-07-07 CVE-2008-3023 Fswiki
Microsoft
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and earlier, and 3.6.3 dev3 and earlier development versions, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2005-1799.

4.3
2008-07-08 CVE-2008-2809 Mozilla
Netscape
Improper Input Validation vulnerability in multiple products

Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-07-09 CVE-2008-3097 Drupal Cross-Site Scripting vulnerability in Drupal Tinytax Taxonomy Block Module 5

Cross-site scripting (XSS) vulnerability in the Tinytax module (aka Tinytax taxonomy block) 5.x before 5.x-1.10-1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML, probably by creating a crafted taxonomy term.

3.5
2008-07-09 CVE-2008-3095 Drupal Cross-Site Scripting vulnerability in Drupal Organic Groups Module 5/6

Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors.

3.5
2008-07-09 CVE-2008-3091 Drupal Cross-Site Scripting vulnerability in Drupal Taxonomy Autotagger Module 5

Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors.

3.5
2008-07-07 CVE-2008-3067 Suse Credentials Management vulnerability in Suse Opensuse 10.3

sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits.

2.1