Weekly Vulnerabilities Reports > July 28 to August 3, 2008

Overview

115 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 60 high severity vulnerabilities. This weekly summary report vulnerabilities in 121 products from 88 vendors including Myiosoft, Python Software Foundation, SUN, Realnetworks, and Epic Games. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Code Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Permissions, Privileges, and Access Controls".

  • 111 reported vulnerabilities are remotely exploitables.
  • 51 reported vulnerabilities have public exploit available.
  • 62 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 112 reported vulnerabilities are exploitable by an anonymous user.
  • Myiosoft has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • Realnetworks has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-08-01 CVE-2008-3175 Broadcom
CA
Numeric Errors vulnerability in multiple products

Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted message that triggers a buffer overflow.

10.0
2008-08-01 CVE-2008-1662 HP Configuration vulnerability in HP Hp-Ux and System Administration Manager

Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list."

10.0
2008-07-31 CVE-2008-3411 Axesstel Improper Authentication vulnerability in Axesstel Akw-D800 D2Eth10901Vebr

The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests.

10.0
2008-07-30 CVE-2008-3376 Jamroom Permissions, Privileges, and Access Controls vulnerability in Jamroom

Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors.

10.0
2008-07-30 CVE-2008-3362 Giulio Ganci
Wordpress
Improper Input Validation vulnerability in multiple products

Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/.

10.0
2008-07-28 CVE-2008-3349 Netapp
IBM
Permissions, Privileges, and Access Controls vulnerability in Netapp Data Ontap

Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests.

10.0
2008-07-28 CVE-2008-3064 Realnetworks Permissions, Privileges, and Access Controls vulnerability in Realnetworks Realplayer 10.0/10.5

Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability." RealPlayer has indicated that a version exists called "enterprise." Link: http://service.real.com/realplayer/security/07252008_player/en/

10.0
2008-08-01 CVE-2007-2952 Blue Coat Systems Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Blue Coat Systems Filter and K9 web Protection

Multiple stack-based buffer overflows in the filter service (aka k9filter.exe) in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow (1) remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and (2) man-in-the-middle attackers to execute arbitrary code via an HTTP response with a long HTTP version field.

9.3
2008-07-31 CVE-2008-3430 Eyeball Networks Buffer Errors vulnerability in Eyeball Networks Eyeball Messenger SDK 5.0.907.1

Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in Eyeball MessengerSDK, as used in products such as SiOL Komunikator 1.3, allows remote attackers to execute arbitrary code via a large argument supplied to the BGColor method.

9.3
2008-07-30 CVE-2008-3364 Trend Micro Buffer Errors vulnerability in Trend Micro Officescan 7.3

Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties.

9.3
2008-07-29 CVE-2008-3360 Intellitamper Buffer Errors vulnerability in Intellitamper 2.0.7

Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.

9.3
2008-07-28 CVE-2008-3066 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer 10.0/10.5

Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file.

9.3
2008-07-28 CVE-2007-5400 Real
Realnetworks
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling in RealNetworks RealPlayer 10.5 Build 6.0.12.1483 might allow remote attackers to execute arbitrary code via a crafted SWF file.

9.3

60 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-07-29 CVE-2008-1667 EPS
HP
Numeric Errors vulnerability in multiple products

The Probe Builder Service (aka PBOVISServer.exe) in European Performance Systems (EPS) Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services (OVIS) on Windows, allows remote attackers to kill arbitrary processes via a process ID number in an unspecified opcode.

7.8
2008-07-28 CVE-2008-3323 Redhat Improper Input Validation vulnerability in Redhat Cygwin 1.5.19/1.5.7/1.5.71

setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package.

7.6
2008-08-01 CVE-2008-3442 Winzip Code Injection vulnerability in Winzip

WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

7.5
2008-08-01 CVE-2008-3441 Nullsoft Code Injection vulnerability in Nullsoft Winamp

Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

7.5
2008-08-01 CVE-2008-3440 SUN Code Injection vulnerability in SUN Java 1.6.0

Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

7.5
2008-08-01 CVE-2008-3439 Speedbit Code Injection vulnerability in Speedbit Video Accelerator

SpeedBit Video Acceleration before 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

7.5
2008-08-01 CVE-2008-3438 Apple Code Injection vulnerability in Apple mac OS X

Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

7.5
2008-08-01 CVE-2008-3437 Openoffice Code Injection vulnerability in Openoffice Openoffice.Org

OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

7.5
2008-08-01 CVE-2008-3436 Notepad Code Injection vulnerability in Notepad++

The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

7.5
2008-08-01 CVE-2008-3435 Linkedin Code Injection vulnerability in Linkedin Browser Toolbar

LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

7.5
2008-08-01 CVE-2008-3434 Apple Code Injection vulnerability in Apple Itunes

Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

7.5
2008-08-01 CVE-2008-3433 Speedbit Code Injection vulnerability in Speedbit Download Accelerator Plus 8.0/8.1/8.5

SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

7.5
2008-08-01 CVE-2008-3143 Python Software Foundation Numeric Errors vulnerability in Python Software Foundation Python

Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."

7.5
2008-08-01 CVE-2008-3142 Python Software Foundation Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Python Software Foundation Python

Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.

7.5
2008-08-01 CVE-2008-2935 Xmlsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xmlsoft Libxslt

Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."

7.5
2008-08-01 CVE-2008-2316 Python Software Foundation Numeric Errors vulnerability in Python Software Foundation Python

Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."

7.5
2008-08-01 CVE-2008-2315 Python Software Foundation Numeric Errors vulnerability in Python Software Foundation Python

Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules.

7.5
2008-08-01 CVE-2008-1376 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat NFS Utils 1.0.9

A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions.

7.5
2008-07-31 CVE-2008-3424 Condor Project Permissions, Privileges, and Access Controls vulnerability in Condor Project Condor

Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.

7.5
2008-07-31 CVE-2008-3420 Willo SQL Injection vulnerability in Willo Mobius web Publishing Software

Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to browse.php or (2) the s parameter in an exhibitions action to detail.php.

7.5
2008-07-31 CVE-2008-3419 Greatclone SQL Injection vulnerability in Greatclone Youtuber Clone

SQL injection vulnerability in ugroups.php in Youtuber Clone allows remote attackers to execute arbitrary SQL commands via the UID parameter.

7.5
2008-07-31 CVE-2008-3418 Willo SQL Injection vulnerability in Willo Trio

SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-07-31 CVE-2008-3417 Fipsasp SQL Injection vulnerability in Fipsasp Fipscms Light

SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the r parameter, a different vector than CVE-2006-6115 and CVE-2007-2561.

7.5
2008-07-31 CVE-2008-3416 Icebb SQL Injection vulnerability in Icebb 1.0

SQL injection vulnerability in modules/members.php in IceBB before 1.0-rc9.3 allows remote attackers to execute arbitrary SQL commands via the username parameter in a members action to index.php, related to an incorrect protection mechanism in the clean_string function in includes/functions.php.

7.5
2008-07-31 CVE-2008-3415 Cmscout Path Traversal vulnerability in Cmscout 2.05

Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences.

7.5
2008-07-31 CVE-2008-3414 Siteadmin SQL Injection vulnerability in Siteadmin CMS

SQL injection vulnerability in line2.php in SiteAdmin allows remote attackers to execute arbitrary SQL commands via the art parameter.

7.5
2008-07-31 CVE-2008-3413 Greatclone SQL Injection vulnerability in Greatclone Auction Platinum

SQL injection vulnerability in category.php in Greatclone GC Auction Platinum allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.

7.5
2008-07-31 CVE-2008-3412 Ecshop SQL Injection vulnerability in Ecshop Epshop

SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI.

7.5
2008-07-31 CVE-2008-3409 Epic Games Buffer Errors vulnerability in Epic Games Unreal Tournament 3 1.1/1.2

Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a UDP packet containing a large value in a certain size field, followed by a data string of that size, aka attack 1 in ut3mendo.c.

7.5
2008-07-31 CVE-2008-3406 Phplinkat SQL Injection vulnerability in PHPlinkat 0.1

SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2008-07-31 CVE-2008-3403 Mojoscripts SQL Injection vulnerability in Mojoscripts Mojopersonals

SQL injection vulnerability in mojoClassified.cgi in MojoPersonals allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2008-07-31 CVE-2008-3402 Hscripts Code Injection vulnerability in Hscripts Hiox Random AD 2.0

Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php.

7.5
2008-07-31 CVE-2008-3401 Hscripts Code Injection vulnerability in Hscripts Hiox Random AD 1.3

PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.

7.5
2008-07-31 CVE-2008-3393 Infomining SQL Injection vulnerability in Infomining Bookmine

SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter.

7.5
2008-07-30 CVE-2008-3388 Easy Script SQL Injection vulnerability in Easy-Script DEF Blog 1.0.3

Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php.

7.5
2008-07-30 CVE-2008-3387 Phpfootball SQL Injection vulnerability in PHPfootball 1.6

SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter.

7.5
2008-07-30 CVE-2008-3386 Alstrasoft SQL Injection vulnerability in Alstrasoft Video Share Enterprise 4.51

SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086.

7.5
2008-07-30 CVE-2008-3384 CCE Interact Path Traversal vulnerability in Cce-Interact Interact 2.4.1

Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2008-07-30 CVE-2008-3383 Mojoscripts SQL Injection vulnerability in Mojoscripts Mojoauto

SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote attackers to execute arbitrary SQL commands via the cat_a parameter in a browse action.

7.5
2008-07-30 CVE-2008-3382 Mojoscripts SQL Injection vulnerability in Mojoscripts Mojoclassifieds 2.0

SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.

7.5
2008-07-30 CVE-2008-3378 Fizzmedia Negativekarma SQL Injection vulnerability in Fizzmedia Negativekarma Fizzmedia 1.51.2

SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter.

7.5
2008-07-30 CVE-2008-3377 Brandon Tallent SQL Injection vulnerability in Brandon Tallent PHPtest 0.6.3

SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter.

7.5
2008-07-30 CVE-2008-3375 Jamroom Improper Authentication vulnerability in Jamroom

The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie.

7.5
2008-07-30 CVE-2008-3374 Gregarius SQL Injection vulnerability in Gregarius

SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action.

7.5
2008-07-30 CVE-2008-3372 Greatclone SQL Injection vulnerability in Greatclone Getacoder Clone

SQL injection vulnerability in search_form.php in Getacoder Clone allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.

7.5
2008-07-30 CVE-2008-3371 Talkback Path Traversal vulnerability in Talkback 2.3.5

Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.

7.5
2008-07-30 CVE-2008-3370 EMC SQL Injection vulnerability in EMC Centera Universal Access 4.04735

SQL injection vulnerability in the CUA Login Module in EMC Centera Universal Access (CUA) 4.0_4735.p4 allows remote attackers to execute arbitrary SQL commands via the user (user name) field.

7.5
2008-07-30 CVE-2008-3369 Viart SQL Injection vulnerability in Viart Shop

SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

7.5
2008-07-30 CVE-2008-3366 Pligg SQL Injection vulnerability in Pligg CMS 9.9.0

SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-07-30 CVE-2008-3363 Dokeos Path Traversal vulnerability in Dokeos E-Learning System 1.8.5

Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter.

7.5
2008-07-29 CVE-2008-3361 Intellitamper Buffer Errors vulnerability in Intellitamper 2.0.7

Stack-based buffer overflow in IntelliTamper 2.07 allows remote web sites to execute arbitrary code via a long HTTP Server header.

7.5
2008-07-29 CVE-2008-3359 OWL SQL Injection vulnerability in OWL Intranet Knowledgebase 0.94

SQL injection vulnerability in register.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2008-07-28 CVE-2008-3355 Camera Life SQL Injection vulnerability in Camera Life Camera Life 2.6.2

SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.

7.5
2008-07-28 CVE-2008-3354 Runcms Code Injection vulnerability in Runcms Newbb Plus Module and Runcms

Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659.

7.5
2008-07-28 CVE-2008-3352 Nersoft SQL Injection vulnerability in Nersoft Live Music Plus 1.1.0

SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action.

7.5
2008-07-28 CVE-2008-3351 Atomphotoblog SQL Injection vulnerability in Atomphotoblog 1.0.9.1/1.1.5

SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0.9.1 and 1.1.5b1 allows remote attackers to execute arbitrary SQL commands via the photoId parameter in a show action.

7.5
2008-07-28 CVE-2008-3347 Myiosoft SQL Injection vulnerability in Myiosoft Easydynamicpages 3.0

SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter.

7.5
2008-07-28 CVE-2008-3346 E Topbiz SQL Injection vulnerability in E-Topbiz Shopcart DX

SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter.

7.5
2008-07-28 CVE-2008-3343 Myiosoft SQL Injection vulnerability in Myiosoft Easypublish 3.0

SQL injection vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr (trial edition) allows remote attackers to execute arbitrary SQL commands via the read parameter in a search action.

7.5
2008-07-28 CVE-2008-3341 Jobbex SQL Injection vulnerability in Jobbex Jobsite

Multiple SQL injection vulnerabilities in search_result.cfm in Jobbex JobSite allow remote attackers to execute arbitrary SQL commands via the (1) jobcountryid and (2) jobstateid parameters.

7.5

40 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-07-31 CVE-2008-3429 Httrack Buffer Errors vulnerability in Httrack and Winhttrack

Buffer overflow in URI processing in HTTrack and WinHTTrack before 3.42-3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL.

6.8
2008-07-31 CVE-2008-3408 Coolplayer Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Coolplayer

Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file.

6.8
2008-07-31 CVE-2008-3405 Nazgulled Path Traversal vulnerability in Nazgulled Nzfotolog 0.4.1

Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter.

6.8
2008-07-31 CVE-2008-3399 Xrms Code Injection vulnerability in Xrms CRM 1.99.2

PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.

6.8
2008-07-31 CVE-2008-3390 Minishowcase Path Traversal vulnerability in Minishowcase Image Gallery 09B136

Directory traversal vulnerability in libraries/general.init.php in Minishowcase Image Gallery 09b136, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-07-30 CVE-2008-3385 Linuxwebshop Path Traversal vulnerability in Linuxwebshop PHP Help Agent 1.0/1.1

Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-07-30 CVE-2008-3365 Microsoft
Pixelpost
Path Traversal vulnerability in Pixelpost 1.7.1

Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-07-28 CVE-2008-3345 Myiosoft SQL Injection vulnerability in Myiosoft Easye-Cards 3.10/3.5

SQL injection vulnerability in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a pickup action.

6.8
2008-07-28 CVE-2008-3339 Avidweb Technologies Information Exposure vulnerability in Avidweb Technologies Jobbex Jobsite

search_result.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message.

6.8
2008-07-31 CVE-2008-3428 Phpfreechat Improper Authentication vulnerability in PHPfreechat 1.0/1.1

Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter.

6.5
2008-07-31 CVE-2008-3425 SUN Improper Authentication vulnerability in SUN products

Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors.

6.5
2008-07-30 CVE-2008-3368 Atutor Code Injection vulnerability in Atutor

PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter.

6.5
2008-07-31 CVE-2008-3392 Webwizguide Cross-Site Request Forgery (CSRF) vulnerability in Webwizguide web WIZ Forum 9.5

Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp.

5.8
2008-08-01 CVE-2008-3144 Python Software Foundation Numeric Errors vulnerability in Python Software Foundation Python

Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations.

5.0
2008-07-31 CVE-2008-3410 Epic Games Improper Input Validation vulnerability in Epic Games Unreal Tournament 3 1.1/1.2

Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a UDP packet in which the value of a certain size field is greater than the total packet length, aka attack 2 in ut3mendo.c.

5.0
2008-07-31 CVE-2008-3407 Phplinkat Improper Authentication vulnerability in PHPlinkat 0.1

phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie.

5.0
2008-07-31 CVE-2008-3396 Epic Games Improper Input Validation vulnerability in Epic Games Unreal Tournament 2004 3120/3334

Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain sequence of malformed packets.

5.0
2008-07-31 CVE-2008-3395 Linux
Calacode
Permissions, Privileges, and Access Controls vulnerability in Calacode Atmail 5.41

Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files.

5.0
2008-07-30 CVE-2008-3373 Grisoft Numeric Errors vulnerability in Grisoft AVG Antivirus 7.1/7.5/8.0

The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allows remote attackers to cause a denial of service (engine crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.

5.0
2008-07-28 CVE-2008-3350 THE Kelleys Unspecified vulnerability in the Kelleys Dnsmasq 2.43

dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.

5.0
2008-08-01 CVE-2008-2235 Siemens
Opensc Project
Cryptographic Issues vulnerability in Opensc-Project Opensc

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.

4.9
2008-08-01 CVE-2008-1810 Linux
SAP
Permissions, Privileges, and Access Controls vulnerability in SAP Maxdb 7.6.03.15

Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable.

4.4
2008-07-28 CVE-2008-1946 GNU Permissions, Privileges, and Access Controls vulnerability in GNU Coreutils 5.2.1

The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.

4.4
2008-07-31 CVE-2008-3422 Mono
Mono Project
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren).

4.3
2008-07-31 CVE-2008-3421 Blackboard Cross-Site Request Forgery (CSRF) vulnerability in Blackboard Academic Suite 8.0.260.7

Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp.

4.3
2008-07-31 CVE-2008-3404 Mdsjack Cross-Site Scripting vulnerability in Mdsjack Mjguest 6.8

Cross-site scripting (XSS) vulnerability in guestbook.js.php in MJGuest 6.8 GT allows remote attackers to inject arbitrary web script or HTML via the link parameter.

4.3
2008-07-31 CVE-2008-3400 Xrms Information Exposure vulnerability in Xrms CRM 1.99.2

XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.

4.3
2008-07-31 CVE-2008-3397 Runesoft Cross-Site Scripting vulnerability in Runesoft Cerberus CMS

Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie.

4.3
2008-07-31 CVE-2008-3394 Infomining Cross-Site Scripting vulnerability in Infomining Bookmine

Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in BookMine allow remote attackers to inject arbitrary web script or HTML via the (1) gallery and (2) search_string parameters.

4.3
2008-07-31 CVE-2008-3391 Webwizguide Cross-Site Scripting vulnerability in Webwizguide web WIZ Forum 9.5

Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9.5 allow remote attackers to inject arbitrary web script or HTML via the mode parameter to (1) admin_group_details.asp and (2) admin_category_details.asp.

4.3
2008-07-30 CVE-2008-3381 Moinmoin Cross-Site Scripting vulnerability in Moinmoin 1.6.3/1.7.0

Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-07-30 CVE-2008-3380 Myiosoft Cross-Site Scripting vulnerability in Myiosoft Easybookmarker 4.0

Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in MyioSoft EasyBookMarker 4.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the rs parameter.

4.3
2008-07-30 CVE-2008-3379 Snarky Cross-Site Scripting vulnerability in Snarky Visualpic 0.3.1

Cross-site scripting (XSS) vulnerability in Snark VisualPic 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the pic parameter to the default URI.

4.3
2008-07-30 CVE-2008-3367 Webwizguide Cross-Site Scripting vulnerability in Webwizguide web WIZ Rich Text Editor 3/4.0/4.01

Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web Wiz Rich Text Editor (RTE) 3.x and 4.x before 4.03 allows remote attackers to inject arbitrary web script or HTML via the email parameter.

4.3
2008-07-29 CVE-2008-3100 OWL Cross-Site Scripting vulnerability in OWL Intranet Knowledgebase 0.94

Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter in a getpasswd action to register.php.

4.3
2008-07-28 CVE-2008-3353 Puresw Cross-Site Scripting vulnerability in Puresw Lore

Multiple cross-site scripting (XSS) vulnerabilities in Pure Software Lore before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) article comments feature and the (2) search log feature.

4.3
2008-07-28 CVE-2008-3348 Myiosoft Cross-Site Scripting vulnerability in Myiosoft Easydynamicpages 3.0

Cross-site scripting (XSS) vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the year parameter.

4.3
2008-07-28 CVE-2008-3344 Myiosoft Cross-Site Scripting vulnerability in Myiosoft Easye-Cards 3.10/3.5

Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a allow remote attackers to inject arbitrary web script or HTML via the (1) ResultHtml, (2) dir, (3) SenderName, (4) RecipientName, (5) SenderMail, and (6) RecipientMail parameters.

4.3
2008-07-28 CVE-2008-3342 Myiosoft Cross-Site Scripting vulnerability in Myiosoft Easypublish 3.0

Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_News action.

4.3
2008-07-28 CVE-2008-3340 Jobbex Cross-Site Scripting vulnerability in Jobbex Jobsite

Cross-site scripting (XSS) vulnerability in search_result.cfm in Jobbex JobSite allows remote attackers to inject arbitrary web script or HTML via the searchFor variable (possibly the opt parameter.)

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-07-31 CVE-2008-3398 Xrms Cross-Site Scripting vulnerability in Xrms CRM 1.99.2

Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php.

2.6
2008-07-31 CVE-2008-3426 SUN Local Denial of Service vulnerability in SUN Opensolaris, Solaris and Sunos

Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpicl, and prtfru.

2.1