Weekly Vulnerabilities Reports > August 11 to 17, 2008

Overview

98 new vulnerabilities reported during this period, including 27 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 98 products from 60 vendors including Microsoft, Linux, Ruby Lang, Pozscripts, and PHP. Vulnerabilities are notably categorized as "SQL Injection", "Resource Management Errors", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Cross-site Scripting".

  • 91 reported vulnerabilities are remotely exploitables.
  • 28 reported vulnerabilities have public exploit available.
  • 34 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 91 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 25 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 21 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

27 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-08-13 CVE-2008-3338 Tibco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco products

Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message.

10.0
2008-08-13 CVE-2008-1668 HP Permissions, Privileges, and Access Controls vulnerability in HP Hp-Ux 11.11

ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.

10.0
2008-08-13 CVE-2008-3653 Tiki Remote Security vulnerability in TikiWiki

Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.

10.0
2008-08-13 CVE-2008-0082 Microsoft Information Exposure vulnerability in Microsoft Windows Messenger 4.7/5.1

An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.

10.0
2008-08-15 CVE-2008-3702 Jcomsoft
Speedbit
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in the Animation GIF ActiveX control in JComSoft AniGIF.ocx 1.12 and 2.47, as used in products such as SpeedBit Download Accelerator Plus (DAP) 8.6, allow remote attackers to execute arbitrary code via a long argument to the (1) ReadGIF or (2) ReadGIF2 method.

9.3
2008-08-13 CVE-2008-2259 Microsoft Improper Input Validation vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability."

9.3
2008-08-13 CVE-2008-2258 Microsoft Resource Management Errors vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ...

9.3
2008-08-13 CVE-2008-2257 Microsoft Resource Management Errors vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258.

9.3
2008-08-13 CVE-2008-2256 Microsoft Improper Input Validation vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability."

9.3
2008-08-13 CVE-2008-2255 Microsoft Resource Management Errors vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability."

9.3
2008-08-13 CVE-2008-2254 Microsoft Resource Management Errors vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability."

9.3
2008-08-13 CVE-2008-2245 Microsoft Buffer Errors vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.

9.3
2008-08-13 CVE-2008-0121 Microsoft Resource Management Errors vulnerability in Microsoft Office Powerpoint Viewer 2003

A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."

9.3
2008-08-13 CVE-2008-0120 Microsoft Resource Management Errors vulnerability in Microsoft Office Powerpoint Viewer 2003

Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."

9.3
2008-08-12 CVE-2008-3648 Microsoft Code Injection vulnerability in Microsoft Windows XP

nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.

9.3
2008-08-12 CVE-2008-3460 Microsoft Resource Management Errors vulnerability in Microsoft Office, Office Converter Pack and Works

WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability."

9.3
2008-08-12 CVE-2008-3021 Microsoft Resource Management Errors vulnerability in Microsoft Office, Office Converter Pack and Works

Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018.

9.3
2008-08-12 CVE-2008-3020 Microsoft Resource Management Errors vulnerability in Microsoft Office, Office Converter Pack and Works

Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability."

9.3
2008-08-12 CVE-2008-3019 Microsoft Resource Management Errors vulnerability in Microsoft Office, Office Converter Pack and Works

Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability."

9.3
2008-08-12 CVE-2008-3018 Microsoft Code Injection vulnerability in Microsoft Office, Office Converter Pack and Works

Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021.

9.3
2008-08-12 CVE-2008-3006 Microsoft Resource Management Errors vulnerability in Microsoft products

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability." This vulnerability has multiple attack vectors and CIA impact.

9.3
2008-08-12 CVE-2008-3005 Microsoft Improper Input Validation vulnerability in Microsoft Office

Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."

9.3
2008-08-12 CVE-2008-3004 Microsoft Improper Input Validation vulnerability in Microsoft Office and Office Excel Viewer

Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability."

9.3
2008-08-12 CVE-2008-3595 Txtsql Code Injection vulnerability in Txtsql 2.2

PHP remote file inclusion vulnerability in examples/txtSQLAdmin/startup.php in txtSQL 2.2 Final allows remote attackers to execute arbitrary PHP code via a URL in the CFG[txtsql][class] parameter.

9.3
2008-08-13 CVE-2008-1457 Microsoft Improper Input Validation vulnerability in Microsoft products

The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.

9.0
2008-08-13 CVE-2008-1456 Microsoft Improper Input Validation vulnerability in Microsoft products

Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.

9.0
2008-08-13 CVE-2008-3650 Horde Cross-Site Scripting vulnerability in Groupware Webmail Edition

Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.

9.0

29 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-08-11 CVE-2008-3592 21Degrees Code Injection vulnerability in 21Degrees Symphony

Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/.

8.5
2008-08-13 CVE-2008-3656 Ruby Lang Resource Management Errors vulnerability in Ruby-Lang Ruby

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.

7.8
2008-08-13 CVE-2008-3652 Ipsec Tools Resource Management Errors vulnerability in Ipsec-Tools

src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).

7.8
2008-08-13 CVE-2008-2246 Microsoft Information Exposure vulnerability in Microsoft Windows-Nt and Windows Vista

Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.

7.8
2008-08-15 CVE-2008-3658 PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP

Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

7.5
2008-08-14 CVE-2008-3681 Joomla Permissions, Privileges, and Access Controls vulnerability in Joomla COM User

components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.

7.5
2008-08-13 CVE-2008-3674 Pozscripts SQL Injection vulnerability in Pozscripts Tubeguru Video Sharing Script

SQL injection vulnerability in ugroups.php in PozScripts TubeGuru Video Sharing Script allows remote attackers to execute arbitrary SQL commands via the UID parameter.

7.5
2008-08-13 CVE-2008-3673 Pozscripts SQL Injection vulnerability in Pozscripts Classified ADS

SQL injection vulnerability in browsecats.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3672.

7.5
2008-08-13 CVE-2008-3672 Pozscripts SQL Injection vulnerability in Pozscripts Classified ADS

SQL injection vulnerability in showcategory.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3673.

7.5
2008-08-13 CVE-2008-3669 Zeescripts SQL Injection vulnerability in Zeescripts Zeereviews

SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.

7.5
2008-08-13 CVE-2008-3657 Ruby Lang Improper Input Validation vulnerability in Ruby-Lang Ruby

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.

7.5
2008-08-13 CVE-2008-3655 Ruby Lang Permissions, Privileges, and Access Controls vulnerability in Ruby-Lang Ruby

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.

7.5
2008-08-12 CVE-2008-3604 Zeescripts SQL Injection vulnerability in Zeescripts Zeebuddy 2.1

SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter.

7.5
2008-08-12 CVE-2008-3603 Vacation Rentals SQL Injection vulnerability in Vacation Rentals Vacation Rental Script 3.0

SQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections action.

7.5
2008-08-12 CVE-2008-3602 Psychdaily Permissions, Privileges, and Access Controls vulnerability in Psychdaily PHP Ring Webring System 0.9.1

admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.

7.5
2008-08-12 CVE-2008-3601 Quicksilver Forums SQL Injection vulnerability in Quicksilver Forums Quicksilver Forums 1.4.1

SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action.

7.5
2008-08-12 CVE-2008-3599 Openimpro SQL Injection vulnerability in Openimpro 1.1

SQL injection vulnerability in image.php in OpenImpro 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-08-12 CVE-2008-3598 PSI Labs SQL Injection vulnerability in Psi-Labs Psipuss 1.0

Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php.

7.5
2008-08-11 CVE-2008-3594 Magicscripts SQL Injection vulnerability in Magicscripts E-Store Kit-1 and E-Store Kit-2

SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter.

7.5
2008-08-11 CVE-2008-3593 Syzygycms Path Traversal vulnerability in Syzygycms 0.3

Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-08-11 CVE-2008-3591 21Degrees SQL Injection vulnerability in 21Degrees Symphony

SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.

7.5
2008-08-11 CVE-2008-3590 EGI Zaberl SQL Injection vulnerability in EGI Zaberl E.Z. Poll 2

Multiple SQL injection vulnerabilities in admin/login.asp in E.

7.5
2008-08-11 CVE-2008-3588 Phsblog SQL Injection vulnerability in Phsblog 0.1.1

Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to comments.php, (2) cid parameter to index.php, and the (3) urltitle parameter to entries.php.

7.5
2008-08-11 CVE-2008-3586 Joomla SQL Injection vulnerability in Joomla COM Ezstore

SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

7.5
2008-08-11 CVE-2008-3585 Pozscripts SQL Injection vulnerability in Pozscripts Greencart PHP Shopping Cart

Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) product_desc.php and (2) store_info.php.

7.5
2008-08-14 CVE-2008-2940 HP Permissions, Privileges, and Access Controls vulnerability in HP Linux Imaging and Printing Project 1.6.7

The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.

7.2
2008-08-12 CVE-2008-2926 Broadcom
CA
Improper Input Validation vulnerability in multiple products

The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request.

7.2
2008-08-13 CVE-2008-3666 SUN Local Denial of Service vulnerability in SUN Opensolaris, Solaris and Sunos

Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured; and (2) local users to cause a denial of service (panic) via a call to the sendfile system call, as reachable through the sendfilev library.

7.1
2008-08-13 CVE-2008-1448 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Outlook Express and Windows Mail

The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."

7.1

41 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-08-14 CVE-2008-3687 XEN Buffer Errors vulnerability in XEN and XEN Flask Module

Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall.

6.8
2008-08-14 CVE-2008-3682 Ypninc SQL Injection vulnerability in Ypninc PHP Realty

SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter.

6.8
2008-08-14 CVE-2008-3677 Openfreeway Path Traversal vulnerability in Openfreeway Freeway

Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors.

6.8
2008-08-13 CVE-2008-3670 Articlefriendly SQL Injection vulnerability in Articlefriendly Article Friendly

SQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter.

6.8
2008-08-13 CVE-2008-3667 Maxthon Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Maxthon Browser

Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows remote attackers to execute arbitrary code via a long Content-type HTTP header.

6.8
2008-08-13 CVE-2008-3649 Articlefriendly SQL Injection vulnerability in Articlefriendly Article Friendly

SQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter.

6.8
2008-08-13 CVE-2008-1455 Microsoft Resource Management Errors vulnerability in Microsoft products

A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka "Parsing Overflow Vulnerability."

6.8
2008-08-12 CVE-2008-3605 Mcafee Permissions, Privileges, and Access Controls vulnerability in Mcafee Encrypted USB Manager 3.1.0.0

Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, when the Re-use Threshold for passwords is nonzero, allows remote attackers to conduct offline brute force attacks via unknown vectors.

6.8
2008-08-12 CVE-2008-3600 Menalto Path Traversal vulnerability in Menalto Gallery 1.5.7/1.6

Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-08-12 CVE-2008-3003 Microsoft Improper Input Validation vulnerability in Microsoft Office 2007

Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."

6.6
2008-08-15 CVE-2008-3701 Kayako SQL Injection vulnerability in Kayako Supportsuite

SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action.

6.5
2008-08-12 CVE-2008-3606 Qbik Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qbik Wingate

Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command.

6.5
2008-08-15 CVE-2008-3659 PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP

Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function.

6.4
2008-08-14 CVE-2008-2369 RED HAT Improper Authentication vulnerability in RED HAT Network Satellite Server

manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.

6.4
2008-08-15 CVE-2008-3660 PHP Improper Input Validation vulnerability in PHP

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

5.0
2008-08-14 CVE-2008-3443 Ruby Lang Resource Management Errors vulnerability in Ruby-Lang Ruby

The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.

5.0
2008-08-14 CVE-2008-3683 SUN Denial of Service vulnerability in Sun Java System Web Proxy Server FTP Subsystem

Unspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service (failure to accept connections) via unknown vectors, probably related to exhaustion of file descriptors.

5.0
2008-08-14 CVE-2008-3680 Flagship Industries Improper Input Validation vulnerability in Flagship Industries Ventrilo

The decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet to TCP port 3784.

5.0
2008-08-14 CVE-2008-3675 Gelatocms Path Traversal vulnerability in Gelatocms 0.95

Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a ..

5.0
2008-08-13 CVE-2008-3671 Linux
Acronis
Cryptographic Issues vulnerability in Acronis True Image Echo Server 9.5.8072

Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information.

5.0
2008-08-13 CVE-2008-3514 Vmware Information Exposure vulnerability in VMWare Virtualcenter 2.0.2/2.5

VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users." Patch information with appropriate login and password: http://www.vmware.com/security/advisories/VMSA-2008-0012.html 4.

5.0
2008-08-13 CVE-2008-3654 Tiki Remote Security vulnerability in TikiWiki

Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.

5.0
2008-08-12 CVE-2008-3174 Computer Associates Remote Denial of Service vulnerability in Computer Associates products

Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related to "insufficient validation."

5.0
2008-08-12 CVE-2008-3607 Noticeware Improper Input Validation vulnerability in Noticeware Email Server

The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via multiple long LOGIN commands.

5.0
2008-08-12 CVE-2008-3597 Skulltag Team Improper Input Validation vulnerability in Skulltag Team Skulltag

Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game.

5.0
2008-08-14 CVE-2008-3686 Linux Resource Management Errors vulnerability in Linux Kernel 2.6.26/2.6.26.2

The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference.

4.9
2008-08-14 CVE-2008-2941 HP Improper Input Validation vulnerability in HP Linux Imaging and Printing Project 1.6.7

The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207.

4.9
2008-08-12 CVE-2008-3275 Linux
Debian
Canonical
Suse
Classic Buffer Overflow vulnerability in multiple products

The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.

4.9
2008-08-15 CVE-2008-3700 Kayako Cross-Site Scripting vulnerability in Kayako Supportsuite

Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.

4.3
2008-08-14 CVE-2008-3688 Havp Resource Management Errors vulnerability in Havp and Http Antivirus Proxy

sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable.

4.3
2008-08-14 CVE-2008-3679 Idevspot Cross-Site Scripting vulnerability in Idevspot PHPlinkexchange 1.01

Multiple cross-site scripting (XSS) vulnerabilities in index.php in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a (1) user_add, (2) recip, (3) tellafriend, or (4) contact action, or (5) in a request without an action; or (6) the id parameter in a tellafriend action.

4.3
2008-08-14 CVE-2008-3678 Damian Hickey Cross-Site Scripting vulnerability in Damian Hickey Freeway

Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway before 1.4.2.197 allows remote attackers to inject arbitrary web script or HTML via the URL.

4.3
2008-08-14 CVE-2008-3676 Hmailserver Improper Input Validation vulnerability in Hmailserver 4.4.1

Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands.

4.3
2008-08-13 CVE-2008-3668 Marcello Brandao Cross-Site Scripting vulnerability in Marcello Brandao Yogurt Social Network Module 3.2

Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap.

4.3
2008-08-13 CVE-2008-3516 Adobe Cross-Site Scripting vulnerability in Adobe Presenter 6/7

Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3515.

4.3
2008-08-13 CVE-2008-3515 Adobe Cross-Site Scripting vulnerability in Adobe Presenter 6/7

Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516.

4.3
2008-08-13 CVE-2008-2938 Apache
Apache Software Foundation
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370.

4.3
2008-08-12 CVE-2008-3596 Harmoni Cross-Site Scripting vulnerability in Harmoni

Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allows remote attackers to inject arbitrary web script or HTML via the Username field, which is inserted into logs that could be rendered when viewed by an administrator.

4.3
2008-08-11 CVE-2008-3589 Mozilo Path Traversal vulnerability in Mozilo Mozilocms 1.10.1

Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..

4.3
2008-08-11 CVE-2008-3587 Needscripts Cross-Site Scripting vulnerability in Needscripts Homes 4 Sale

Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter.

4.3
2008-08-13 CVE-2008-3651 Linux Information Exposure vulnerability in Linux Ipsec Tools Racoon Daemon

Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.

4.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-08-14 CVE-2008-3699 Amarok Link Following vulnerability in Amarok 1.4.9.1

The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.

3.3