Weekly Vulnerabilities Reports > July 21 to 27, 2008

Overview

87 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 86 products from 64 vendors including Claroline, Maian, Tuxplanet, Moodle, and Mantis. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Code Injection", "Improper Authentication", and "Improper Input Validation".

  • 84 reported vulnerabilities are remotely exploitables.
  • 38 reported vulnerabilities have public exploit available.
  • 48 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 81 reported vulnerabilities are exploitable by an anonymous user.
  • Claroline has the most reported vulnerabilities, with 4 reported vulnerabilities.
  • Redhat has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

9 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-07-27 CVE-2008-3335 Punbb Code Injection vulnerability in Punbb

Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors.

10.0
2008-07-22 CVE-2008-3257 BEA
BEA Systems
Oracle
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.

10.0
2008-07-21 CVE-2008-3252 Redhat
Fedora
Buffer Errors vulnerability in Fedora Newsx 1.6

Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.

10.0
2008-07-21 CVE-2008-3242 Ppmate Buffer Errors vulnerability in Ppmate Ppmedia Class 2.3.1.93

Heap-based buffer overflow in the PPMedia Class ActiveX control in PPMPlayer.dll in PPMate 2.3.1.93 allows remote attackers to execute arbitrary code via a long argument to the StartUrl method.

10.0
2008-07-21 CVE-2008-3235 IBM Credentials Management vulnerability in IBM Websphere Application Server

Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors.

10.0
2008-07-27 CVE-2008-3329 Twibright Security vulnerability in Links 'only proxies'

Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."

9.3
2008-07-24 CVE-2008-3285 Alain Barbet Code Injection vulnerability in Alain Barbet Filesys Smbclientparser

The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters.

9.3
2008-07-21 CVE-2008-3246 Blackberry
RIM
Code Injection vulnerability in multiple products

Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment.

9.3
2008-07-21 CVE-2008-3239 Phpizabi Improper Input Validation vulnerability in PHPizabi 0.848B

Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONF[CRON_LOGFILE] parameter and file contents in the CONF[LOCALE_LONG_DATE_TIME] parameter.

9.3

31 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-07-24 CVE-2008-3264 Asterisk Improper Authentication vulnerability in Asterisk products

The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.

7.8
2008-07-22 CVE-2008-3263 Asterisk Resource Management Errors vulnerability in Asterisk

The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.

7.8
2008-07-27 CVE-2008-3333 Mantis Path Traversal vulnerability in Mantis

Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).

7.5
2008-07-25 CVE-2008-3322 Maian Improper Authentication vulnerability in Maian Recipe

admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie.

7.5
2008-07-25 CVE-2008-3321 Maian Script World Improper Authentication vulnerability in Maian Script World Maian Uploader

admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie.

7.5
2008-07-25 CVE-2008-3320 Maian Improper Authentication vulnerability in Maian Guestbook

admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie.

7.5
2008-07-25 CVE-2008-3319 Maian Improper Authentication vulnerability in Maian Links

admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie.

7.5
2008-07-25 CVE-2008-3318 Maian Improper Authentication vulnerability in Maian Weblog

admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie.

7.5
2008-07-25 CVE-2008-3317 Maian Script World Improper Authentication vulnerability in Maian Script World Maian Search 1.0

admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie.

7.5
2008-07-25 CVE-2008-3313 Creacms Code Injection vulnerability in Creacms 1.0

Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2) cfg[base_uri_admin] parameter to _administration/fonctions/get_liste_langue.php.

7.5
2008-07-25 CVE-2008-3311 Adam Scheinberg Code Injection vulnerability in Adam Scheinberg Flip 3.0

PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter.

7.5
2008-07-25 CVE-2008-3310 Preproject SQL Injection vulnerability in Preproject PRE Survey Poll

SQL injection vulnerability in default.asp in Pre Survey Poll allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2008-07-25 CVE-2008-3309 Digiappz SQL Injection vulnerability in Digiappz Digileave

SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.

7.5
2008-07-25 CVE-2008-3307 Youtube Blog SQL Injection vulnerability in Youtube Blog Youtube Blog 0.1

SQL injection vulnerability in todos.php in C.

7.5
2008-07-25 CVE-2008-3306 Youtube Blog SQL Injection vulnerability in Youtube Blog Youtube Blog 0.1

SQL injection vulnerability in info.php in C.

7.5
2008-07-25 CVE-2008-3300 Alphadmin Permissions, Privileges, and Access Controls vulnerability in Alphadmin CMS 1.0.5

AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1.

7.5
2008-07-25 CVE-2008-3299 Esyndicat Improper Authentication vulnerability in Esyndicat 1.6

eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1.

7.5
2008-07-25 CVE-2008-3297 Social Engine SQL Injection vulnerability in Social Engine Social Engine

Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php.

7.5
2008-07-25 CVE-2008-3296 Xoops Path Traversal vulnerability in Xoops 2.0.18.1

Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-07-24 CVE-2008-3291 Aprox SQL Injection vulnerability in Aprox CMS Engine and Aproxengine

SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS Engine) 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-07-24 CVE-2008-3267 Mojoscripts SQL Injection vulnerability in Mojoscripts Mojojobs

SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.

7.5
2008-07-24 CVE-2008-3266 Softacid SQL Injection vulnerability in Softacid Hotel Reservation System Multi

SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel Reservation System (HRS) Multi allows remote attackers to execute arbitrary SQL commands via the key parameter.

7.5
2008-07-22 CVE-2008-3258 Zoph SQL Injection vulnerability in Zoph

Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-07-22 CVE-2008-3256 Siteframe SQL Injection vulnerability in Siteframe Beaumont and Siteframe CMS

SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and earlier, and Siteframe Beaumont 5.0.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-07-21 CVE-2008-3251 TPL Design SQL Injection vulnerability in TPL Design Tplsoccersite 1.0

Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in tampereunited/.

7.5
2008-07-21 CVE-2008-3250 Arctictracker SQL Injection vulnerability in Arctictracker Arctic Issue Tracker 2.0.0

SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter.

7.5
2008-07-21 CVE-2008-3245 Cable Modems SQL Injection vulnerability in Cable-Modems PHPhoo3

SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter.

7.5
2008-07-21 CVE-2008-3241 Ultrastats SQL Injection vulnerability in Ultrastats 0.2.136/0.2.140/0.2.142

SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-07-21 CVE-2008-3240 Alstrasoft SQL Injection vulnerability in Alstrasoft Affiliate Network PRO

SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action.

7.5
2008-07-21 CVE-2008-3238 Itechscripts SQL Injection vulnerability in Itechscripts Itechbids 7.0

Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php.

7.5
2008-07-24 CVE-2008-3247 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors.

7.2

42 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-07-25 CVE-2008-3312 Lemoncms Path Traversal vulnerability in Lemoncms Lemon CMS 1.10

Directory traversal vulnerability in lemon_includes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-07-25 CVE-2008-3308 Carlos Desseno Code Injection vulnerability in Carlos Desseno Youtube Blog 0.1

PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C.

6.8
2008-07-25 CVE-2008-3303 Tuxplanet Permissions, Privileges, and Access Controls vulnerability in Tuxplanet Bilboblog 0.2.1

admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters.

6.8
2008-07-24 CVE-2008-3268 Brickhost Permissions, Privileges, and Access Controls vulnerability in Brickhost PHPscheduleit

Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names.

6.8
2008-07-24 CVE-2008-3265 Joomla SQL Injection vulnerability in Joomla COM Dtregister 2.2.3

SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php.

6.8
2008-07-22 CVE-2008-3254 Precoc SQL Injection vulnerability in Precoc Precms 1.0

SQL injection vulnerability in index.php in preCMS 1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a UserProfil action.

6.8
2008-07-27 CVE-2008-3332 Mantis Code Injection vulnerability in Mantis

Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.

6.5
2008-07-24 CVE-2008-3292 Ezwebalbum Improper Authentication vulnerability in Ezwebalbum 1.0

constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.

6.4
2008-07-25 CVE-2008-3325 Moodle
Debian
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.

6.0
2008-07-25 CVE-2008-3302 Tuxplanet SQL Injection vulnerability in Tuxplanet Bilboblog 0.2.1

SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.

6.0
2008-07-25 CVE-2008-3298 Social Engine Code Injection vulnerability in Social Engine Social Engine

SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code.

6.0
2008-07-27 CVE-2008-2951 Trac Improper Input Validation vulnerability in Trac

Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.

5.8
2008-07-22 CVE-2008-3262 Claroline Cross-Site Request Forgery (CSRF) vulnerability in Claroline

Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password.

5.8
2008-07-21 CVE-2008-3249 Lenovo Credentials Management vulnerability in Lenovo Thinkvantage System Update 3.13

The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.

5.1
2008-07-25 CVE-2008-3314 Zdaemon Improper Input Validation vulnerability in Zdaemon

ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted type 6 command, which triggers a NULL pointer dereference.

5.0
2008-07-25 CVE-2008-3304 Tuxplanet Information Exposure vulnerability in Tuxplanet Bilboblog 0.2.1

BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message.

5.0
2008-07-24 CVE-2008-3293 Ezwebalbum Path Traversal vulnerability in Ezwebalbum 1.0

Directory traversal vulnerability in download.php in EZWebAlbum allows remote attackers to read arbitrary files via the dlfilename parameter.

5.0
2008-07-24 CVE-2008-3290 EMC Dantz Resource Management Errors vulnerability in EMC Dantz Retrospect Backup Client 7.5.116

retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via a series of long packets containing 0x00 characters to TCP port 497 that trigger memory corruption, probably involving an English product version on a Chinese OS version.

5.0
2008-07-24 CVE-2008-3288 EMC Cryptographic Issues vulnerability in EMC Dantz Retrospect Backup Server 7.5.508

The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords.

5.0
2008-07-24 CVE-2008-3287 EMC Dantz Improper Input Validation vulnerability in EMC Dantz Retrospect Backup Client 7.5.116

retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via malformed packets to TCP port 497, which trigger a NULL pointer dereference.

5.0
2008-07-24 CVE-2008-3286 Sierra Improper Input Validation vulnerability in Sierra Swat 4

SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference; or (3) a GAMESPYRESPONSE command followed by a long RS string.

5.0
2008-07-24 CVE-2008-3269 Winsoftmagic Resource Management Errors vulnerability in Winsoftmagic Winremotepc Full and Winremotepc Lite

WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2008 allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet to TCP port 4321.

5.0
2008-07-22 CVE-2008-3188 Opensuse Inadequate Encryption Strength vulnerability in Opensuse 11.0

libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.

5.0
2008-07-21 CVE-2008-3236 IBM Cryptographic Issues vulnerability in IBM Websphere Application Server

Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted.

5.0
2008-07-21 CVE-2008-3187 Opensuse Improper Input Validation vulnerability in Opensuse Zypper 10.2/10.3/11.0

zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a spoofed key.

5.0
2008-07-27 CVE-2008-3336 Punbb Cross-Site Scripting vulnerability in Punbb

Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php.

4.3
2008-07-27 CVE-2008-3334 Mybb Cross-Site Scripting vulnerability in Mybb

Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php.

4.3
2008-07-27 CVE-2008-3330 Debian Cross-Site Scripting vulnerability in Debian Horde and Turba

Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.

4.3
2008-07-27 CVE-2008-3328 Edgewall Software Cross-Site Scripting vulnerability in Edgewall Software Trac

Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2008-07-25 CVE-2008-3327 Moodle Information Exposure vulnerability in Moodle 1.6.5

Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message.

4.3
2008-07-25 CVE-2008-3316 Portalparts Cross-Site Scripting vulnerability in Portalparts Forum Plugin 2.3.1

Cross-site scripting (XSS) vulnerability in the search feature in the Forum plugin before 2.7.1 for Geeklog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to (1) public_html/index.php, (2) config.php, and (3) functions.inc.

4.3
2008-07-25 CVE-2008-3315 Claroline Cross-Site Scripting vulnerability in Claroline 1.8.10

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php.

4.3
2008-07-25 CVE-2008-3305 Carlos Desseno Cross-Site Scripting vulnerability in Carlos Desseno Youtube Blog 0.1

Cross-site scripting (XSS) vulnerability in mensaje.php in C.

4.3
2008-07-25 CVE-2008-3295 Xoops Cross-Site Scripting vulnerability in Xoops 2.0.18.1

Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter.

4.3
2008-07-24 CVE-2008-3289 EMC Dantz Information Exposure vulnerability in EMC Dantz Retrospect Backup Client 7.5.116

EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet.

4.3
2008-07-22 CVE-2008-3261 Claroline Link Following vulnerability in Claroline

Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.

4.3
2008-07-22 CVE-2008-3260 Claroline Cross-Site Scripting vulnerability in Claroline

Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.

4.3
2008-07-22 CVE-2008-3255 LN LAB Cross-Site Scripting vulnerability in Ln-Lab Webproxy

Cross-site scripting (XSS) vulnerability in LunarNight Laboratory WebProxy 1.7.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-07-22 CVE-2008-3253 Citrix Cross-Site Scripting vulnerability in Citrix Xenserver 4.1.0

Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-07-21 CVE-2008-3244 F Prot Improper Input Validation vulnerability in F-Prot Antivirus and Scanning Engine

The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allows remote attackers to cause a denial of service (engine crash) via a CHM file with a large nb_dir value that triggers an out-of-bounds read.

4.3
2008-07-21 CVE-2008-3243 F Prot Improper Input Validation vulnerability in F-Prot Antivirus and Scanning Engine

Multiple unspecified vulnerabilities in the scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allow remote attackers to cause a denial of service via (1) a crafted UPX-compressed file, which triggers an engine crash; (2) a crafted Microsoft Office file, which triggers an infinite loop; or (3) an ASPack-compressed file, which triggers an engine crash.

4.3
2008-07-21 CVE-2008-3237 Itechscripts Cross-Site Scripting vulnerability in Itechscripts Itechbids 7.0

Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter.

4.3

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-07-24 CVE-2008-3294 VIM Code Injection vulnerability in VIM

src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.

3.7
2008-07-27 CVE-2008-3331 Mantis Cross-Site Scripting vulnerability in Mantis

Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.

3.5
2008-07-25 CVE-2008-3301 Tuxplanet Cross-Site Scripting vulnerability in Tuxplanet Bilboblog 0.2.1

Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to inject arbitrary web script or HTML via the (2) titleId parameter to head.php, reachable through index.php; the (3) t_lang[lang_copyright] parameter to footer.php; the (4) content parameter to the default URI under admin/; the (5) url, (6) t_lang[lang_admin_help], (7) t_lang[lang_admin_clear_cache], (8) t_lang[lang_admin_home], and (9) t_lang[lang_admin_logout] parameters to admin/homelink.php; and the (10) t_lang[lang_admin_new_post] parameter to admin/post.php.

3.5
2008-07-25 CVE-2008-3326 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).

2.6
2008-07-22 CVE-2008-3259 Openbsd Information Exposure vulnerability in Openbsd Openssh

OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.

1.2