Weekly Vulnerabilities Reports > August 4 to 10, 2008

Overview

111 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 40 high severity vulnerabilities. This weekly summary report vulnerabilities in 126 products from 88 vendors including Linux, SUN, Apple, Canonical, and Debian. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Path Traversal".

  • 97 reported vulnerabilities are remotely exploitables.
  • 37 reported vulnerabilities have public exploit available.
  • 51 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 108 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

15 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-08-10 CVE-2008-3576 Openttd Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openttd

Buffer overflow in the TruncateString function in src/gfx.cpp in OpenTTD before 0.6.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string.

10.0
2008-08-08 CVE-2008-3553 SUN
Nokia
Permissions, Privileges, and Access Controls vulnerability in SUN J2Me

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information.

10.0
2008-08-08 CVE-2008-3552 Nokia Security-Bypass vulnerability in Sun Java Micro Edition (ME)

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11-15." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information.

10.0
2008-08-08 CVE-2008-3551 SUN Security-Bypass vulnerability in SUN Java Platform Micro Edition and Wireless Toolkit

Multiple unspecified vulnerabilities in Sun Java Platform Micro Edition (aka Java ME, J2ME, or mobile Java), as distributed in Sun Wireless Toolkit 2.5.2, allow remote attackers to execute arbitrary code via unknown vectors.

10.0
2008-08-06 CVE-2008-3499 Ektron Remote Security vulnerability in Cms4000.Net

Unspecified vulnerability in "a page in the workarea folder" in Ektron CMS400.NET 7.00 through 7.04 and 7.50 through 7.52 has unknown impact and attack vectors.

10.0
2008-08-06 CVE-2008-3496 Linux Classic Buffer Overflow vulnerability in Linux Kernel

Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors.

10.0
2008-08-04 CVE-2008-3455 Jnshosts Code Injection vulnerability in Jnshosts PHP Hosting Directory 2.0

PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter.

10.0
2008-08-04 CVE-2008-3453 Impresscms Remote Security vulnerability in Impresscms 1.0

Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files."

10.0
2008-08-08 CVE-2008-3558 Cisco Buffer Errors vulnerability in Cisco Webex Meeting Manager 20.2008.2601.4928

Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.

9.3
2008-08-08 CVE-2008-0965 SUN USE of Externally-Controlled Format String vulnerability in SUN Opensolaris, Solaris and Sunos

Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.

9.3
2008-08-08 CVE-2008-0964 SUN Buffer Errors vulnerability in SUN Opensolaris, Solaris and Sunos

Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.

9.3
2008-08-04 CVE-2008-2325 Apple Resource Management Errors vulnerability in Apple Quicklook

QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking."

9.3
2008-08-04 CVE-2008-2322 Apple Numeric Errors vulnerability in Apple Coregraphics

Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow.

9.3
2008-08-04 CVE-2008-2321 Apple Resource Management Errors vulnerability in Apple Coregraphics

Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments."

9.3
2008-08-04 CVE-2008-2320 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Carboncore

Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API.

9.3

40 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-08-10 CVE-2008-3579 Linux
Calacode
Improper Authentication vulnerability in Calacode Atmail 5.41

Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree.

7.8
2008-08-10 CVE-2008-3571 Xerox Improper Input Validation vulnerability in Xerox Phaser 8400

The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900.

7.8
2008-08-08 CVE-2008-1664 HP Remote Denial Of Service vulnerability in HP-UX 'libc'

Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.

7.8
2008-08-06 CVE-2008-3494 8E6 Permissions, Privileges, and Access Controls vulnerability in 8E6 R3000 Internet Filter 2.0.12.10

8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header.

7.8
2008-08-08 CVE-2008-2377 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Gnutls

Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.

7.6
2008-08-04 CVE-2008-3459 Openvpn Configuration vulnerability in Openvpn 2.1

Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.

7.6
2008-08-10 CVE-2008-3583 Intellitamper Buffer Errors vulnerability in Intellitamper 2.0.7

Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element.

7.5
2008-08-10 CVE-2008-3580 Qsoft SQL Injection vulnerability in Qsoft K-Links

Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to visit.php, or the PATH_INFO to the default URI under (2) report/, (3) addreview/, or (4) refer/.

7.5
2008-08-10 CVE-2008-3575 Ezcontents Code Injection vulnerability in Ezcontents CMS

PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[gsLanguage] parameter, a different vector than CVE-2006-4477 and CVE-2004-0132.

7.5
2008-08-10 CVE-2008-3570 Africabegone Code Injection vulnerability in Africabegone Africa BE Gone 1.0A

PHP remote file inclusion vulnerability in index.php in Africa Be Gone (ABG) 1.0a allows remote attackers to execute arbitrary PHP code via a URL in the abg_path parameter.

7.5
2008-08-10 CVE-2008-3568 Unak Path Traversal vulnerability in Unak Unak-Cms 1.5.5

Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote attackers to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a different vulnerability than CVE-2006-4890.1.

7.5
2008-08-10 CVE-2008-3564 Dayfox Designs Path Traversal vulnerability in Dayfox Designs Dayfox Blog 4

Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2008-08-10 CVE-2008-3563 Plogger SQL Injection vulnerability in Plogger

Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings.

7.5
2008-08-08 CVE-2008-3557 FHM Script Permissions, Privileges, and Access Controls vulnerability in Fhm-Script Free Hosting Manager 1.2/2.0

Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies.

7.5
2008-08-08 CVE-2008-3556 Haudenschilt SQL Injection vulnerability in Haudenschilt Battlenet Clan Script 1.5.2

Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action.

7.5
2008-08-08 CVE-2008-3554 Comsenz SQL Injection vulnerability in Comsenz Discuz 6.0.1

SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action.

7.5
2008-08-07 CVE-2008-3546 Linux
GIT
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GIT

Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.

7.5
2008-08-07 CVE-2008-3513 PHP Nuke SQL Injection vulnerability in PHP Nuke Basis Consultant Book Catalog 1.0

SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php.

7.5
2008-08-07 CVE-2008-3512 PHP Nuke SQL Injection vulnerability in PHP Nuke Kleinanzeigen Module

SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php.

7.5
2008-08-07 CVE-2008-3509 Lovecms Code Injection vulnerability in Lovecms 1.6.2

LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors.

7.5
2008-08-07 CVE-2008-3507 Wogan MAY SQL Injection vulnerability in Wogan MAY Litenews 0.1/1.1/1.2

SQL injection vulnerability in index.php in LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.

7.5
2008-08-06 CVE-2008-3506 Polypager SQL Injection vulnerability in Polypager

SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to execute arbitrary SQL commands via the nr parameter to the default URI.

7.5
2008-08-06 CVE-2008-3504 Mpfm Improper Authentication vulnerability in Mpfm Mask PHP File Manager

Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 has unknown impact and remote attack vectors related to "manipulation of cookies."

7.5
2008-08-06 CVE-2008-3498 Netshinesoftware
Joomla
SQL Injection vulnerability in Netshinesoftware COM Netinvoice 1.2.0

SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php.

7.5
2008-08-06 CVE-2008-3495 Aspindir SQL Injection vulnerability in Aspindir Pcshey Portal

SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter.

7.5
2008-08-06 CVE-2008-3491 Scripts24 SQL Injection vulnerability in Scripts24 Ipost and Itgp

SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action.

7.5
2008-08-06 CVE-2008-3489 Phpx SQL Injection vulnerability in PHPx 3.5.16

SQL injection vulnerability in checkCookie function in includes/functions.inc.php in PHPX 3.5.16 allows remote attackers to execute arbitrary SQL commands via a PXL cookie.

7.5
2008-08-06 CVE-2008-3488 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Imanager

Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors.

7.5
2008-08-06 CVE-2008-3487 Phpauctions SQL Injection vulnerability in PHPauctions PHPauction GPL Enhanced 2.51

SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-08-06 CVE-2008-3486 Coppermine Gallery Path Traversal vulnerability in Coppermine-Gallery Coppermine Photo Gallery

Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-08-05 CVE-2008-3484 Estoreaff SQL Injection vulnerability in Estoreaff 0.1

SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php.

7.5
2008-08-05 CVE-2008-3481 Coppermine Gallery Code Injection vulnerability in Coppermine-Gallery Coppermine Photo Gallery

themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

7.5
2008-08-04 CVE-2008-3454 Jnshosts Permissions, Privileges, and Access Controls vulnerability in Jnshosts PHP Hosting Directory 2.0

JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1.

7.5
2008-08-04 CVE-2008-3445 Phpmyrealty SQL Injection vulnerability in PHPmyrealty 2.0.0

SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter.

7.5
2008-08-04 CVE-2008-3423 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal

IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors.

7.5
2008-08-06 CVE-2008-3485 Citrix Permissions, Privileges, and Access Controls vulnerability in Citrix Metaframe Presentation Server and XP

Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path.

7.2
2008-08-05 CVE-2008-3431 SUN Permissions, Privileges, and Access Controls vulnerability in SUN XVM Virtualbox

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.

7.2
2008-08-05 CVE-2008-3357 Ingres
HP
Linux
Permissions, Privileges, and Access Controls vulnerability in multiple products

Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability." Fixes are available for the current release of Ingres 2006 release 2 (9.1.0), for Ingres 2006 release 1 (9.0.4), and for Ingres 2.6 versions on their respective platforms.

7.2
2008-08-04 CVE-2008-3450 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Sunos 5.10/5.8/5.9

Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors.

7.2
2008-08-04 CVE-2008-2323 Apple Resource Management Errors vulnerability in Apple Data Detectors Engine

Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages.

7.1

52 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-08-10 CVE-2008-3582 Keld SQL Injection vulnerability in Keld PHP-Mysql News Script 0.7.1

SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.

6.8
2008-08-10 CVE-2008-3561 Powergap SQL Injection vulnerability in Powergap Shopsystem

SQL injection vulnerability in s03.php in Powergap Shopsystem, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the ag parameter.

6.8
2008-08-08 CVE-2008-3555 WSN Path Traversal vulnerability in WSN products

Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-08-08 CVE-2008-3532 Pidgin Cryptographic Issues vulnerability in Pidgin 2.4.3

The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.

6.8
2008-08-06 CVE-2008-3497 Myphp CMS SQL Injection vulnerability in Myphp CMS Myphp CMS 0.3.1

SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter.

6.8
2008-08-04 CVE-2008-3452 Endonesia SQL Injection vulnerability in Endonesia Calendar Module and Endonesia

SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php.

6.8
2008-08-04 CVE-2008-3446 Letterit Path Traversal vulnerability in Letterit 2

Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-08-06 CVE-2008-3490 E Topbiz SQL Injection vulnerability in E-Topbiz Online Dating 3.1.0

SQL injection vulnerability in members/mail.php in E-topbiz Online Dating 3 1.0 allows remote authenticated users to execute arbitrary SQL commands via the mail_id parameter in a veiw action.

6.5
2008-08-08 CVE-2008-3337 Powerdns Improper Input Validation vulnerability in Powerdns Authoritative Server and Powerdns

PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.

6.4
2008-08-04 CVE-2008-3456 Phpmyadmin Link Following vulnerability in PHPmyadmin

phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.

6.4
2008-08-10 CVE-2008-3562 Chupix Path Traversal vulnerability in Chupix CMS and CMS Contact Module

Directory traversal vulnerability in index.php in the Contact module in Chupix CMS 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

5.1
2008-08-10 CVE-2008-3578 Hydrairc Improper Input Validation vulnerability in Hydrairc

HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long irc:// URI.

5.0
2008-08-10 CVE-2008-3573 PHP Nuke
Pligg
Permissions, Privileges, and Access Controls vulnerability in multiple products

The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string.

5.0
2008-08-10 CVE-2008-3273 Jboss Permissions, Privileges, and Access Controls vulnerability in Jboss Enterprise Application Platform 4.2.0.Cp01/4.2.0.Cp02

JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.

5.0
2008-08-08 CVE-2008-3550 IBM Information Exposure vulnerability in IBM Rational Clearquest 7.0.1

The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability.

5.0
2008-08-07 CVE-2008-3508 Wogan MAY Permissions, Privileges, and Access Controls vulnerability in Wogan MAY Litenews 0.1/1.1/1.2

LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie.

5.0
2008-08-06 CVE-2008-3503 Webgui Improper Authentication vulnerability in Webgui Plain Black Webgui

RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data).

5.0
2008-08-06 CVE-2008-3493 Realvnc Improper Input Validation vulnerability in Realvnc Windows Client 4.1.2.0

vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC servers to cause a denial of service (application crash) via a crafted frame buffer update packet.

5.0
2008-08-06 CVE-2008-3492 Americasarmy Improper Input Validation vulnerability in Americasarmy America'S Army

America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted UDP packet, probably involving a VoiceIndex value that is outside of the range specified by VOICE_MAX_CHATTERS.

5.0
2008-08-04 CVE-2008-3458 Vtiger Information Exposure vulnerability in Vtiger CRM

Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory.

5.0
2008-08-04 CVE-2008-3449 Mailenable Resource Management Errors vulnerability in Mailenable 3.52

MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder.

5.0
2008-08-04 CVE-2008-3447 F Prot Resource Management Errors vulnerability in F-Prot Antivirus and Scanning Engine

The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attackers to cause a denial of service (infinite loop) via a malformed ZIP archive, probably related to invalid offsets.

5.0
2008-08-04 CVE-2008-2370 Apache Path Traversal vulnerability in Apache Tomcat

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..

5.0
2008-08-08 CVE-2008-3535 Linux
Debian
Canonical
Off-By-One Error vulnerability in Linux Kernel

Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the Linux Test Project.

4.9
2008-08-08 CVE-2008-3534 Linux
Debian
Canonical
Resource Exhaustion vulnerability in Linux Kernel

The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count.

4.9
2008-08-07 CVE-2008-3548 SUN Local Denial of Service vulnerability in SUN Netra T5220 Server 7.1.3

Unspecified vulnerability in the Sun Netra T5220 Server with firmware 7.1.3 allows local users to cause a denial of service (panic) via unknown vectors.

4.9
2008-08-07 CVE-2008-3549 SUN Resource Management Errors vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in Sun Solaris 10 and OpenSolaris before snv_90 allows local users to cause a denial of service (system hang or panic) via unknown vectors.

4.7
2008-08-10 CVE-2008-3577 Openttd Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openttd

Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttd_main function.

4.6
2008-08-05 CVE-2008-3389 HP
Linux
Ingres
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ingres 2.6/2006

Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport.

4.6
2008-08-05 CVE-2008-3356 Ingres Permissions, Privileges, and Access Controls vulnerability in Ingres 2.6/2006

verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.

4.6
2008-08-04 CVE-2008-2324 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs.

4.6
2008-08-10 CVE-2008-3581 Qsoft Cross-Site Scripting vulnerability in Qsoft K-Links

Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the login_message parameter in a login action.

4.3
2008-08-10 CVE-2008-3572 Pligg Cross-Site Scripting vulnerability in Pligg CMS 9.9.5

Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 allows remote attackers to inject arbitrary web script or HTML via the category parameter.

4.3
2008-08-10 CVE-2008-3569 Apache Friends Cross-Site Scripting vulnerability in Apache Friends Xampp 1.6.7

Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php.

4.3
2008-08-10 CVE-2008-3567 Nullsoft Cross-Site Scripting vulnerability in Nullsoft Winamp

Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.

4.3
2008-08-10 CVE-2008-3566 Zoneo Soft Cross-Site Scripting vulnerability in Zoneo-Soft Freeforum 1.7

Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter to (1) the default URI or (2) index.php, or (3) the PATH_INFO to index.php.

4.3
2008-08-10 CVE-2008-3565 Mrbs Cross-Site Scripting vulnerability in Mrbs 1.2.6

Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php.

4.3
2008-08-08 CVE-2008-3560 Xoops Cross-Site Scripting vulnerability in Xoops Kshop Module 2.22

Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2008-08-08 CVE-2008-3559 Kaphotoservice Cross-Site Scripting vulnerability in Kaphotoservice

Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice allow remote attackers to inject arbitrary web script or HTML via the (1) filename parameter to search.asp and the (2) page parameter to order.asp.

4.3
2008-08-07 CVE-2008-3511 Softbiz Cross-Site Scripting vulnerability in Softbiz Image Gallery

Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/.

4.3
2008-08-07 CVE-2008-3510 Crafty Syntax Live Help Cross-Site Scripting vulnerability in Crafty Syntax Live Help Crafty Syntax Live Help 2.4.16

Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty Syntax Live Help (CSLH) 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter.

4.3
2008-08-06 CVE-2008-3505 Polypager Cross-Site Scripting vulnerability in Polypager

Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via the nr parameter to the default URI.

4.3
2008-08-06 CVE-2008-3501 Novell Cross-Site Scripting vulnerability in Novell Groupwise 7.0/7.0.2/7.0.3

Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-08-06 CVE-2008-3500 Drupal Cross-Site Scripting vulnerability in Drupal Suggested Terms Module 5

Cross-site scripting (XSS) vulnerability in the Suggested Terms module 5.x before 5.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via crafted Taxonomy terms.

4.3
2008-08-06 CVE-2008-2939 Apache
Canonical
Opensuse
Apple
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

4.3
2008-08-05 CVE-2008-3483 Screwturn Cross-Site Scripting vulnerability in Screwturn Wiki 2.0.29/2.0.30

Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and 2.0.30 allows remote attackers to inject arbitrary web script or HTML via error messages in the "/admin.aspx - System Log" page.

4.3
2008-08-05 CVE-2008-3482 Panasonic Cross-Site Scripting vulnerability in Panasonic products

Cross-site scripting (XSS) vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-08-04 CVE-2008-3448 Common Solutions Cross-Site Scripting vulnerability in Common-Solutions Csphonebook 1.02

Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.

4.3
2008-08-04 CVE-2008-3444 Mozilla Improper Input Validation vulnerability in Mozilla Firefox 3.0/3.0.1

The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted but well-formed web page that contains "a simple set of legitimate HTML tags."

4.3
2008-08-04 CVE-2008-1232 Apache
Apache Software Foundation
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

4.3
2008-08-06 CVE-2008-3502 Bestpractical Remote Denial of Service vulnerability in RT 'Devel::StackTrace' Perl Module

Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl.

4.0
2008-08-04 CVE-2008-3451 Phpwebgallery Information Exposure vulnerability in PHPwebgallery 1.7.0/1.7.1

PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-08-10 CVE-2008-3574 Pluck Cross-Site Scripting vulnerability in Pluck 4.5.2

Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php.

2.6
2008-08-04 CVE-2008-3457 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments.

2.6
2008-08-08 CVE-2008-1945 Qemu
Opensuse
Suse
Debian
Canonical
Redhat
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
2.1
2008-08-08 CVE-2008-3272 Linux
Debian
Canonical
Redhat
Information Exposure vulnerability in Linux Kernel

The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.

2.1