Weekly Vulnerabilities Reports > August 4 to 10, 2008
Overview
105 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 39 high severity vulnerabilities. This weekly summary report vulnerabilities in 121 products from 85 vendors including SUN, Linux, Apple, HP, and PHP Nuke. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Resource Management Errors".
- 93 reported vulnerabilities are remotely exploitables.
- 36 reported vulnerabilities have public exploit available.
- 47 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 101 reported vulnerabilities are exploitable by an anonymous user.
- SUN has the most reported vulnerabilities, with 7 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
15 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-08-10 | CVE-2008-3576 | Openttd | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openttd Buffer overflow in the TruncateString function in src/gfx.cpp in OpenTTD before 0.6.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string. | 10.0 |
2008-08-08 | CVE-2008-3553 | SUN Nokia | Permissions, Privileges, and Access Controls vulnerability in SUN J2Me Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. | 10.0 |
2008-08-08 | CVE-2008-3552 | Nokia | Security-Bypass vulnerability in Sun Java Micro Edition (ME) Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11-15." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. | 10.0 |
2008-08-08 | CVE-2008-3551 | SUN | Security-Bypass vulnerability in SUN Java Platform Micro Edition and Wireless Toolkit Multiple unspecified vulnerabilities in Sun Java Platform Micro Edition (aka Java ME, J2ME, or mobile Java), as distributed in Sun Wireless Toolkit 2.5.2, allow remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2008-08-06 | CVE-2008-3499 | Ektron | Remote Security vulnerability in Cms4000.Net Unspecified vulnerability in "a page in the workarea folder" in Ektron CMS400.NET 7.00 through 7.04 and 7.50 through 7.52 has unknown impact and attack vectors. | 10.0 |
2008-08-06 | CVE-2008-3496 | Linux | Classic Buffer Overflow vulnerability in Linux Kernel Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors. | 10.0 |
2008-08-04 | CVE-2008-3455 | Jnshosts | Code Injection vulnerability in Jnshosts PHP Hosting Directory 2.0 PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter. | 10.0 |
2008-08-04 | CVE-2008-3453 | Impresscms | Remote Security vulnerability in Impresscms 1.0 Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files." | 10.0 |
2008-08-08 | CVE-2008-3558 | Cisco | Buffer Errors vulnerability in Cisco Webex Meeting Manager 20.2008.2601.4928 Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method. | 9.3 |
2008-08-08 | CVE-2008-0965 | SUN | USE of Externally-Controlled Format String vulnerability in SUN Opensolaris, Solaris and Sunos Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet. | 9.3 |
2008-08-08 | CVE-2008-0964 | SUN | Buffer Errors vulnerability in SUN Opensolaris, Solaris and Sunos Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet. | 9.3 |
2008-08-04 | CVE-2008-2325 | Apple | Resource Management Errors vulnerability in Apple Quicklook QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking." | 9.3 |
2008-08-04 | CVE-2008-2322 | Apple | Numeric Errors vulnerability in Apple Coregraphics Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow. | 9.3 |
2008-08-04 | CVE-2008-2321 | Apple | Resource Management Errors vulnerability in Apple Coregraphics Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments." | 9.3 |
2008-08-04 | CVE-2008-2320 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Carboncore Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API. | 9.3 |
39 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-08-05 | CVE-2008-3431 | Oracle | Unspecified vulnerability in Oracle Virtualbox 1.6.0/1.6.2 The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address. | 8.8 |
2008-08-10 | CVE-2008-3579 | Linux Calacode | Improper Authentication vulnerability in Calacode Atmail 5.41 Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. | 7.8 |
2008-08-10 | CVE-2008-3571 | Xerox | Improper Input Validation vulnerability in Xerox Phaser 8400 The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900. | 7.8 |
2008-08-08 | CVE-2008-1664 | HP | Remote Denial Of Service vulnerability in HP-UX 'libc' Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors. | 7.8 |
2008-08-06 | CVE-2008-3494 | 8E6 | Permissions, Privileges, and Access Controls vulnerability in 8E6 R3000 Internet Filter 2.0.12.10 8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header. | 7.8 |
2008-08-08 | CVE-2008-2377 | GNU | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Gnutls Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle. | 7.6 |
2008-08-04 | CVE-2008-3459 | Openvpn | Configuration vulnerability in Openvpn 2.1 Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters. | 7.6 |
2008-08-10 | CVE-2008-3583 | Intellitamper | Buffer Errors vulnerability in Intellitamper 2.0.7 Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. | 7.5 |
2008-08-10 | CVE-2008-3580 | Qsoft | SQL Injection vulnerability in Qsoft K-Links Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to visit.php, or the PATH_INFO to the default URI under (2) report/, (3) addreview/, or (4) refer/. | 7.5 |
2008-08-10 | CVE-2008-3575 | Ezcontents | Code Injection vulnerability in Ezcontents CMS PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[gsLanguage] parameter, a different vector than CVE-2006-4477 and CVE-2004-0132. | 7.5 |
2008-08-10 | CVE-2008-3570 | Africabegone | Code Injection vulnerability in Africabegone Africa BE Gone 1.0A PHP remote file inclusion vulnerability in index.php in Africa Be Gone (ABG) 1.0a allows remote attackers to execute arbitrary PHP code via a URL in the abg_path parameter. | 7.5 |
2008-08-10 | CVE-2008-3568 | Unak | Path Traversal vulnerability in Unak Unak-Cms 1.5.5 Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote attackers to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a different vulnerability than CVE-2006-4890.1. | 7.5 |
2008-08-10 | CVE-2008-3564 | Dayfox Designs | Path Traversal vulnerability in Dayfox Designs Dayfox Blog 4 Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-08-10 | CVE-2008-3563 | Plogger | SQL Injection vulnerability in Plogger Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings. | 7.5 |
2008-08-08 | CVE-2008-3557 | FHM Script | Permissions, Privileges, and Access Controls vulnerability in Fhm-Script Free Hosting Manager 1.2/2.0 Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies. | 7.5 |
2008-08-08 | CVE-2008-3556 | Haudenschilt | SQL Injection vulnerability in Haudenschilt Battlenet Clan Script 1.5.2 Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. | 7.5 |
2008-08-08 | CVE-2008-3554 | Comsenz | SQL Injection vulnerability in Comsenz Discuz 6.0.1 SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action. | 7.5 |
2008-08-07 | CVE-2008-3546 | Linux GIT | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GIT Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep. | 7.5 |
2008-08-07 | CVE-2008-3513 | PHP Nuke | SQL Injection vulnerability in PHP Nuke Basis Consultant Book Catalog 1.0 SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php. | 7.5 |
2008-08-07 | CVE-2008-3512 | PHP Nuke | SQL Injection vulnerability in PHP Nuke Kleinanzeigen Module SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php. | 7.5 |
2008-08-07 | CVE-2008-3509 | Lovecms | Code Injection vulnerability in Lovecms 1.6.2 LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors. | 7.5 |
2008-08-07 | CVE-2008-3507 | Wogan MAY | SQL Injection vulnerability in Wogan MAY Litenews 0.1/1.1/1.2 SQL injection vulnerability in index.php in LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action. | 7.5 |
2008-08-06 | CVE-2008-3506 | Polypager | SQL Injection vulnerability in Polypager SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to execute arbitrary SQL commands via the nr parameter to the default URI. | 7.5 |
2008-08-06 | CVE-2008-3504 | Mpfm | Improper Authentication vulnerability in Mpfm Mask PHP File Manager Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 has unknown impact and remote attack vectors related to "manipulation of cookies." | 7.5 |
2008-08-06 | CVE-2008-3495 | Aspindir | SQL Injection vulnerability in Aspindir Pcshey Portal SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter. | 7.5 |
2008-08-06 | CVE-2008-3491 | Scripts24 | SQL Injection vulnerability in Scripts24 Ipost and Itgp SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action. | 7.5 |
2008-08-06 | CVE-2008-3489 | Phpx | SQL Injection vulnerability in PHPx 3.5.16 SQL injection vulnerability in checkCookie function in includes/functions.inc.php in PHPX 3.5.16 allows remote attackers to execute arbitrary SQL commands via a PXL cookie. | 7.5 |
2008-08-06 | CVE-2008-3488 | Novell | Permissions, Privileges, and Access Controls vulnerability in Novell Imanager Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors. | 7.5 |
2008-08-06 | CVE-2008-3487 | Phpauctions | SQL Injection vulnerability in PHPauctions PHPauction GPL Enhanced 2.51 SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-08-06 | CVE-2008-3486 | Coppermine Gallery | Path Traversal vulnerability in Coppermine-Gallery Coppermine Photo Gallery Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-08-05 | CVE-2008-3484 | Estoreaff | SQL Injection vulnerability in Estoreaff 0.1 SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php. | 7.5 |
2008-08-05 | CVE-2008-3481 | Coppermine Gallery | Code Injection vulnerability in Coppermine-Gallery Coppermine Photo Gallery themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | 7.5 |
2008-08-04 | CVE-2008-3454 | Jnshosts | Permissions, Privileges, and Access Controls vulnerability in Jnshosts PHP Hosting Directory 2.0 JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1. | 7.5 |
2008-08-04 | CVE-2008-3445 | Phpmyrealty | SQL Injection vulnerability in PHPmyrealty 2.0.0 SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter. | 7.5 |
2008-08-04 | CVE-2008-3423 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | 7.5 |
2008-08-06 | CVE-2008-3485 | Citrix | Permissions, Privileges, and Access Controls vulnerability in Citrix Metaframe Presentation Server and XP Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path. | 7.2 |
2008-08-05 | CVE-2008-3357 | Ingres HP Linux | Permissions, Privileges, and Access Controls vulnerability in multiple products Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability." Fixes are available for the current release of Ingres 2006 release 2 (9.1.0), for Ingres 2006 release 1 (9.0.4), and for Ingres 2.6 versions on their respective platforms. | 7.2 |
2008-08-04 | CVE-2008-3450 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Sunos 5.10/5.8/5.9 Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors. | 7.2 |
2008-08-04 | CVE-2008-2323 | Apple | Resource Management Errors vulnerability in Apple Data Detectors Engine Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages. | 7.1 |
48 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-08-10 | CVE-2008-3582 | Keld | SQL Injection vulnerability in Keld PHP-Mysql News Script 0.7.1 SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 6.8 |
2008-08-10 | CVE-2008-3561 | Powergap | SQL Injection vulnerability in Powergap Shopsystem SQL injection vulnerability in s03.php in Powergap Shopsystem, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the ag parameter. | 6.8 |
2008-08-08 | CVE-2008-3555 | WSN | Path Traversal vulnerability in WSN products Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2008-08-08 | CVE-2008-3532 | Pidgin | Cryptographic Issues vulnerability in Pidgin 2.4.3 The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. | 6.8 |
2008-08-06 | CVE-2008-3497 | Myphp CMS | SQL Injection vulnerability in Myphp CMS Myphp CMS 0.3.1 SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | 6.8 |
2008-08-04 | CVE-2008-3452 | Endonesia | SQL Injection vulnerability in Endonesia Calendar Module and Endonesia SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php. | 6.8 |
2008-08-04 | CVE-2008-3446 | Letterit | Path Traversal vulnerability in Letterit 2 Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2008-08-06 | CVE-2008-3490 | E Topbiz | SQL Injection vulnerability in E-Topbiz Online Dating 3.1.0 SQL injection vulnerability in members/mail.php in E-topbiz Online Dating 3 1.0 allows remote authenticated users to execute arbitrary SQL commands via the mail_id parameter in a veiw action. | 6.5 |
2008-08-08 | CVE-2008-3337 | Powerdns | Improper Input Validation vulnerability in Powerdns Authoritative Server and Powerdns PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217. | 6.4 |
2008-08-04 | CVE-2008-3456 | Phpmyadmin | Link Following vulnerability in PHPmyadmin phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack. | 6.4 |
2008-08-10 | CVE-2008-3562 | Chupix | Path Traversal vulnerability in Chupix CMS and CMS Contact Module Directory traversal vulnerability in index.php in the Contact module in Chupix CMS 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 5.1 |
2008-08-10 | CVE-2008-3578 | Hydrairc | Improper Input Validation vulnerability in Hydrairc HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long irc:// URI. | 5.0 |
2008-08-10 | CVE-2008-3573 | PHP Nuke Pligg | Permissions, Privileges, and Access Controls vulnerability in multiple products The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string. | 5.0 |
2008-08-10 | CVE-2008-3273 | Jboss | Permissions, Privileges, and Access Controls vulnerability in Jboss Enterprise Application Platform 4.2.0.Cp01/4.2.0.Cp02 JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. | 5.0 |
2008-08-08 | CVE-2008-3550 | IBM | Information Exposure vulnerability in IBM Rational Clearquest 7.0.1 The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability. | 5.0 |
2008-08-07 | CVE-2008-3508 | Wogan MAY | Permissions, Privileges, and Access Controls vulnerability in Wogan MAY Litenews 0.1/1.1/1.2 LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie. | 5.0 |
2008-08-06 | CVE-2008-3503 | Webgui | Improper Authentication vulnerability in Webgui Plain Black Webgui RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data). | 5.0 |
2008-08-06 | CVE-2008-3493 | Realvnc | Improper Input Validation vulnerability in Realvnc Windows Client 4.1.2.0 vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC servers to cause a denial of service (application crash) via a crafted frame buffer update packet. | 5.0 |
2008-08-06 | CVE-2008-3492 | Americasarmy | Improper Input Validation vulnerability in Americasarmy America'S Army America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted UDP packet, probably involving a VoiceIndex value that is outside of the range specified by VOICE_MAX_CHATTERS. | 5.0 |
2008-08-04 | CVE-2008-3458 | Vtiger | Information Exposure vulnerability in Vtiger CRM Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory. | 5.0 |
2008-08-04 | CVE-2008-3449 | Mailenable | Resource Management Errors vulnerability in Mailenable 3.52 MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder. | 5.0 |
2008-08-04 | CVE-2008-3447 | F Prot | Resource Management Errors vulnerability in F-Prot Antivirus and Scanning Engine The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attackers to cause a denial of service (infinite loop) via a malformed ZIP archive, probably related to invalid offsets. | 5.0 |
2008-08-08 | CVE-2008-3535 | Linux Debian Canonical | Off-By-One Error vulnerability in Linux Kernel Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the Linux Test Project. | 4.9 |
2008-08-07 | CVE-2008-3548 | SUN | Local Denial of Service vulnerability in SUN Netra T5220 Server 7.1.3 Unspecified vulnerability in the Sun Netra T5220 Server with firmware 7.1.3 allows local users to cause a denial of service (panic) via unknown vectors. | 4.9 |
2008-08-07 | CVE-2008-3549 | SUN | Resource Management Errors vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in Sun Solaris 10 and OpenSolaris before snv_90 allows local users to cause a denial of service (system hang or panic) via unknown vectors. | 4.7 |
2008-08-10 | CVE-2008-3577 | Openttd | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openttd Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttd_main function. | 4.6 |
2008-08-05 | CVE-2008-3389 | HP Linux Ingres | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ingres 2.6/2006 Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport. | 4.6 |
2008-08-05 | CVE-2008-3356 | Ingres | Permissions, Privileges, and Access Controls vulnerability in Ingres 2.6/2006 verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename. | 4.6 |
2008-08-04 | CVE-2008-2324 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs. | 4.6 |
2008-08-10 | CVE-2008-3581 | Qsoft | Cross-Site Scripting vulnerability in Qsoft K-Links Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the login_message parameter in a login action. | 4.3 |
2008-08-10 | CVE-2008-3572 | Pligg | Cross-Site Scripting vulnerability in Pligg CMS 9.9.5 Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 allows remote attackers to inject arbitrary web script or HTML via the category parameter. | 4.3 |
2008-08-10 | CVE-2008-3569 | Apache Friends | Cross-Site Scripting vulnerability in Apache Friends Xampp 1.6.7 Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php. | 4.3 |
2008-08-10 | CVE-2008-3567 | Nullsoft | Cross-Site Scripting vulnerability in Nullsoft Winamp Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags. | 4.3 |
2008-08-10 | CVE-2008-3566 | Zoneo Soft | Cross-Site Scripting vulnerability in Zoneo-Soft Freeforum 1.7 Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter to (1) the default URI or (2) index.php, or (3) the PATH_INFO to index.php. | 4.3 |
2008-08-10 | CVE-2008-3565 | Mrbs | Cross-Site Scripting vulnerability in Mrbs 1.2.6 Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. | 4.3 |
2008-08-08 | CVE-2008-3560 | Xoops | Cross-Site Scripting vulnerability in Xoops Kshop Module 2.22 Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
2008-08-08 | CVE-2008-3559 | Kaphotoservice | Cross-Site Scripting vulnerability in Kaphotoservice Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice allow remote attackers to inject arbitrary web script or HTML via the (1) filename parameter to search.asp and the (2) page parameter to order.asp. | 4.3 |
2008-08-07 | CVE-2008-3511 | Softbiz | Cross-Site Scripting vulnerability in Softbiz Image Gallery Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. | 4.3 |
2008-08-07 | CVE-2008-3510 | Crafty Syntax Live Help | Cross-Site Scripting vulnerability in Crafty Syntax Live Help Crafty Syntax Live Help 2.4.16 Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty Syntax Live Help (CSLH) 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter. | 4.3 |
2008-08-06 | CVE-2008-3505 | Polypager | Cross-Site Scripting vulnerability in Polypager Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via the nr parameter to the default URI. | 4.3 |
2008-08-06 | CVE-2008-3501 | Novell | Cross-Site Scripting vulnerability in Novell Groupwise 7.0/7.0.2/7.0.3 Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-08-06 | CVE-2008-3500 | Drupal | Cross-Site Scripting vulnerability in Drupal Suggested Terms Module 5 Cross-site scripting (XSS) vulnerability in the Suggested Terms module 5.x before 5.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via crafted Taxonomy terms. | 4.3 |
2008-08-05 | CVE-2008-3483 | Screwturn | Cross-Site Scripting vulnerability in Screwturn Wiki 2.0.29/2.0.30 Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and 2.0.30 allows remote attackers to inject arbitrary web script or HTML via error messages in the "/admin.aspx - System Log" page. | 4.3 |
2008-08-05 | CVE-2008-3482 | Panasonic | Cross-Site Scripting vulnerability in Panasonic products Cross-site scripting (XSS) vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-08-04 | CVE-2008-3448 | Common Solutions | Cross-Site Scripting vulnerability in Common-Solutions Csphonebook 1.02 Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. | 4.3 |
2008-08-04 | CVE-2008-3444 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox 3.0/3.0.1 The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted but well-formed web page that contains "a simple set of legitimate HTML tags." | 4.3 |
2008-08-06 | CVE-2008-3502 | Bestpractical | Remote Denial of Service vulnerability in RT 'Devel::StackTrace' Perl Module Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl. | 4.0 |
2008-08-04 | CVE-2008-3451 | Phpwebgallery | Information Exposure vulnerability in PHPwebgallery 1.7.0/1.7.1 PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile. | 4.0 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-08-10 | CVE-2008-3574 | Pluck | Cross-Site Scripting vulnerability in Pluck 4.5.2 Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php. | 2.6 |
2008-08-04 | CVE-2008-3457 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. | 2.6 |
2008-08-08 | CVE-2008-1945 | Qemu Opensuse Suse Debian Canonical Redhat | QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. | 2.1 |