Weekly Vulnerabilities Reports > August 11 to 17, 2008
Overview
94 new vulnerabilities reported during this period, including 28 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 92 products from 57 vendors including Microsoft, Ruby Lang, Pozscripts, HP, and PHP. Vulnerabilities are notably categorized as "SQL Injection", "Resource Management Errors", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Cross-site Scripting".
- 88 reported vulnerabilities are remotely exploitables.
- 27 reported vulnerabilities have public exploit available.
- 32 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 87 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 25 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 21 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
28 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-08-13 | CVE-2008-3338 | Tibco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco products Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message. | 10.0 |
2008-08-13 | CVE-2008-1668 | HP | Permissions, Privileges, and Access Controls vulnerability in HP Hp-Ux 11.11 ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information. | 10.0 |
2008-08-13 | CVE-2008-3653 | Tiki | Remote Security vulnerability in TikiWiki Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors. | 10.0 |
2008-08-13 | CVE-2008-0082 | Microsoft | Information Exposure vulnerability in Microsoft Windows Messenger 4.7/5.1 An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors. | 10.0 |
2008-08-15 | CVE-2008-3702 | Jcomsoft Speedbit | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in the Animation GIF ActiveX control in JComSoft AniGIF.ocx 1.12 and 2.47, as used in products such as SpeedBit Download Accelerator Plus (DAP) 8.6, allow remote attackers to execute arbitrary code via a long argument to the (1) ReadGIF or (2) ReadGIF2 method. | 9.3 |
2008-08-13 | CVE-2008-2259 | Microsoft | Improper Input Validation vulnerability in Microsoft Internet Explorer 6/7 Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability." | 9.3 |
2008-08-13 | CVE-2008-2258 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 5.01/6/7 Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... | 9.3 |
2008-08-13 | CVE-2008-2257 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 5.01/6/7 Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258. | 9.3 |
2008-08-13 | CVE-2008-2256 | Microsoft | Improper Input Validation vulnerability in Microsoft Internet Explorer 5.01/6/7 Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability." | 9.3 |
2008-08-13 | CVE-2008-2255 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 5.01/6/7 Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability." | 9.3 |
2008-08-13 | CVE-2008-2254 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 6/7 Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability." | 9.3 |
2008-08-13 | CVE-2008-2245 | Microsoft | Buffer Errors vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file. | 9.3 |
2008-08-13 | CVE-2008-0121 | Microsoft | Resource Management Errors vulnerability in Microsoft Office Powerpoint Viewer 2003 A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability." | 9.3 |
2008-08-13 | CVE-2008-0120 | Microsoft | Resource Management Errors vulnerability in Microsoft Office Powerpoint Viewer 2003 Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability." | 9.3 |
2008-08-12 | CVE-2008-3648 | Microsoft | Code Injection vulnerability in Microsoft Windows XP nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008. | 9.3 |
2008-08-12 | CVE-2008-3460 | Microsoft | Resource Management Errors vulnerability in Microsoft Office, Office Converter Pack and Works WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability." | 9.3 |
2008-08-12 | CVE-2008-3021 | Microsoft | Resource Management Errors vulnerability in Microsoft Office, Office Converter Pack and Works Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018. | 9.3 |
2008-08-12 | CVE-2008-3020 | Microsoft | Resource Management Errors vulnerability in Microsoft Office, Office Converter Pack and Works Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability." | 9.3 |
2008-08-12 | CVE-2008-3019 | Microsoft | Resource Management Errors vulnerability in Microsoft Office, Office Converter Pack and Works Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability." | 9.3 |
2008-08-12 | CVE-2008-3018 | Microsoft | Code Injection vulnerability in Microsoft Office, Office Converter Pack and Works Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021. | 9.3 |
2008-08-12 | CVE-2008-3006 | Microsoft | Resource Management Errors vulnerability in Microsoft products Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability." This vulnerability has multiple attack vectors and CIA impact. | 9.3 |
2008-08-12 | CVE-2008-3005 | Microsoft | Improper Input Validation vulnerability in Microsoft Office Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability." | 9.3 |
2008-08-12 | CVE-2008-3004 | Microsoft | Improper Input Validation vulnerability in Microsoft Office and Office Excel Viewer Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability." | 9.3 |
2008-08-12 | CVE-2008-3595 | Txtsql | Code Injection vulnerability in Txtsql 2.2 PHP remote file inclusion vulnerability in examples/txtSQLAdmin/startup.php in txtSQL 2.2 Final allows remote attackers to execute arbitrary PHP code via a URL in the CFG[txtsql][class] parameter. | 9.3 |
2008-08-14 | CVE-2008-2369 | Redhat | Use of Hard-coded Credentials vulnerability in Redhat Satellite manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements. | 9.1 |
2008-08-13 | CVE-2008-1457 | Microsoft | Improper Input Validation vulnerability in Microsoft products The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. | 9.0 |
2008-08-13 | CVE-2008-1456 | Microsoft | Improper Input Validation vulnerability in Microsoft products Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. | 9.0 |
2008-08-13 | CVE-2008-3650 | Horde | Cross-Site Scripting vulnerability in Groupware Webmail Edition Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view. | 9.0 |
30 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-08-11 | CVE-2008-3592 | 21Degrees | Code Injection vulnerability in 21Degrees Symphony Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/. | 8.5 |
2008-08-13 | CVE-2008-3656 | Ruby Lang | Resource Management Errors vulnerability in Ruby-Lang Ruby Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression. | 7.8 |
2008-08-13 | CVE-2008-2246 | Microsoft | Information Exposure vulnerability in Microsoft Windows-Nt and Windows Vista Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. | 7.8 |
2008-08-15 | CVE-2008-3658 | PHP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. | 7.5 |
2008-08-14 | CVE-2008-3688 | Havp | Use of Uninitialized Resource vulnerability in Havp Http Antivirus Proxy 0.88 sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable. | 7.5 |
2008-08-14 | CVE-2008-3681 | Joomla | Permissions, Privileges, and Access Controls vulnerability in Joomla COM User components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator. | 7.5 |
2008-08-13 | CVE-2008-3674 | Pozscripts | SQL Injection vulnerability in Pozscripts Tubeguru Video Sharing Script SQL injection vulnerability in ugroups.php in PozScripts TubeGuru Video Sharing Script allows remote attackers to execute arbitrary SQL commands via the UID parameter. | 7.5 |
2008-08-13 | CVE-2008-3673 | Pozscripts | SQL Injection vulnerability in Pozscripts Classified ADS SQL injection vulnerability in browsecats.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3672. | 7.5 |
2008-08-13 | CVE-2008-3672 | Pozscripts | SQL Injection vulnerability in Pozscripts Classified ADS SQL injection vulnerability in showcategory.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3673. | 7.5 |
2008-08-13 | CVE-2008-3669 | Zeescripts | SQL Injection vulnerability in Zeescripts Zeereviews SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | 7.5 |
2008-08-13 | CVE-2008-3657 | Ruby Lang | Improper Input Validation vulnerability in Ruby-Lang Ruby The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen. | 7.5 |
2008-08-13 | CVE-2008-3655 | Ruby Lang | Permissions, Privileges, and Access Controls vulnerability in Ruby-Lang Ruby Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3. | 7.5 |
2008-08-12 | CVE-2008-3604 | Zeescripts | SQL Injection vulnerability in Zeescripts Zeebuddy 2.1 SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter. | 7.5 |
2008-08-12 | CVE-2008-3603 | Vacation Rentals | SQL Injection vulnerability in Vacation Rentals Vacation Rental Script 3.0 SQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections action. | 7.5 |
2008-08-12 | CVE-2008-3602 | Psychdaily | Permissions, Privileges, and Access Controls vulnerability in Psychdaily PHP Ring Webring System 0.9.1 admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | 7.5 |
2008-08-12 | CVE-2008-3601 | Quicksilver Forums | SQL Injection vulnerability in Quicksilver Forums Quicksilver Forums 1.4.1 SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action. | 7.5 |
2008-08-12 | CVE-2008-3599 | Openimpro | SQL Injection vulnerability in Openimpro 1.1 SQL injection vulnerability in image.php in OpenImpro 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-08-12 | CVE-2008-3598 | PSI Labs | SQL Injection vulnerability in Psi-Labs Psipuss 1.0 Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php. | 7.5 |
2008-08-12 | CVE-2008-3597 | Skulltag | NULL Pointer Dereference vulnerability in Skulltag 0.97D2 Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game. | 7.5 |
2008-08-11 | CVE-2008-3594 | Magicscripts | SQL Injection vulnerability in Magicscripts E-Store Kit-1 and E-Store Kit-2 SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter. | 7.5 |
2008-08-11 | CVE-2008-3593 | Syzygycms | Path Traversal vulnerability in Syzygycms 0.3 Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-08-11 | CVE-2008-3591 | 21Degrees | SQL Injection vulnerability in 21Degrees Symphony SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php. | 7.5 |
2008-08-11 | CVE-2008-3590 | EGI Zaberl | SQL Injection vulnerability in EGI Zaberl E.Z. Poll 2 Multiple SQL injection vulnerabilities in admin/login.asp in E. | 7.5 |
2008-08-11 | CVE-2008-3588 | Phsblog | SQL Injection vulnerability in Phsblog 0.1.1 Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to comments.php, (2) cid parameter to index.php, and the (3) urltitle parameter to entries.php. | 7.5 |
2008-08-11 | CVE-2008-3586 | Joomla | SQL Injection vulnerability in Joomla COM Ezstore SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | 7.5 |
2008-08-11 | CVE-2008-3585 | Pozscripts | SQL Injection vulnerability in Pozscripts Greencart PHP Shopping Cart Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) product_desc.php and (2) store_info.php. | 7.5 |
2008-08-14 | CVE-2008-2940 | HP | Permissions, Privileges, and Access Controls vulnerability in HP Linux Imaging and Printing Project 1.6.7 The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message. | 7.2 |
2008-08-12 | CVE-2008-2926 | Broadcom CA | Improper Input Validation vulnerability in multiple products The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request. | 7.2 |
2008-08-13 | CVE-2008-3666 | SUN | Local Denial of Service vulnerability in SUN Opensolaris, Solaris and Sunos Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured; and (2) local users to cause a denial of service (panic) via a call to the sendfile system call, as reachable through the sendfilev library. | 7.1 |
2008-08-13 | CVE-2008-1448 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Outlook Express and Windows Mail The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." | 7.1 |
35 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-08-14 | CVE-2008-3687 | XEN | Buffer Errors vulnerability in XEN and XEN Flask Module Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall. | 6.8 |
2008-08-14 | CVE-2008-3682 | Ypninc | SQL Injection vulnerability in Ypninc PHP Realty SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter. | 6.8 |
2008-08-14 | CVE-2008-3677 | Openfreeway | Path Traversal vulnerability in Openfreeway Freeway Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors. | 6.8 |
2008-08-13 | CVE-2008-3670 | Articlefriendly | SQL Injection vulnerability in Articlefriendly Article Friendly SQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter. | 6.8 |
2008-08-13 | CVE-2008-3667 | Maxthon | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Maxthon Browser Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows remote attackers to execute arbitrary code via a long Content-type HTTP header. | 6.8 |
2008-08-13 | CVE-2008-3649 | Articlefriendly | SQL Injection vulnerability in Articlefriendly Article Friendly SQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter. | 6.8 |
2008-08-13 | CVE-2008-1455 | Microsoft | Resource Management Errors vulnerability in Microsoft products A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka "Parsing Overflow Vulnerability." | 6.8 |
2008-08-12 | CVE-2008-3605 | Mcafee | Permissions, Privileges, and Access Controls vulnerability in Mcafee Encrypted USB Manager 3.1.0.0 Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, when the Re-use Threshold for passwords is nonzero, allows remote attackers to conduct offline brute force attacks via unknown vectors. | 6.8 |
2008-08-12 | CVE-2008-3600 | Menalto | Path Traversal vulnerability in Menalto Gallery 1.5.7/1.6 Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2008-08-12 | CVE-2008-3003 | Microsoft | Improper Input Validation vulnerability in Microsoft Office 2007 Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability." | 6.6 |
2008-08-15 | CVE-2008-3701 | Kayako | SQL Injection vulnerability in Kayako Supportsuite SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action. | 6.5 |
2008-08-12 | CVE-2008-3606 | Qbik | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qbik Wingate Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. | 6.5 |
2008-08-15 | CVE-2008-3659 | PHP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. | 6.4 |
2008-08-12 | CVE-2008-3275 | Linux Debian Canonical Suse | Classic Buffer Overflow vulnerability in multiple products The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories. | 5.5 |
2008-08-15 | CVE-2008-3660 | PHP | Improper Input Validation vulnerability in PHP PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php. | 5.0 |
2008-08-14 | CVE-2008-3443 | Ruby Lang | Resource Management Errors vulnerability in Ruby-Lang Ruby The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick. | 5.0 |
2008-08-14 | CVE-2008-3683 | SUN | Denial of Service vulnerability in Sun Java System Web Proxy Server FTP Subsystem Unspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service (failure to accept connections) via unknown vectors, probably related to exhaustion of file descriptors. | 5.0 |
2008-08-14 | CVE-2008-3680 | Flagship Industries | Improper Input Validation vulnerability in Flagship Industries Ventrilo The decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet to TCP port 3784. | 5.0 |
2008-08-14 | CVE-2008-3675 | Gelatocms | Path Traversal vulnerability in Gelatocms 0.95 Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. | 5.0 |
2008-08-13 | CVE-2008-3671 | Linux Acronis | Cryptographic Issues vulnerability in Acronis True Image Echo Server 9.5.8072 Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. | 5.0 |
2008-08-13 | CVE-2008-3514 | Vmware | Information Exposure vulnerability in VMWare Virtualcenter 2.0.2/2.5 VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users." Patch information with appropriate login and password: http://www.vmware.com/security/advisories/VMSA-2008-0012.html 4. | 5.0 |
2008-08-13 | CVE-2008-3654 | Tiki | Remote Security vulnerability in TikiWiki Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors. | 5.0 |
2008-08-12 | CVE-2008-3174 | Computer Associates | Remote Denial of Service vulnerability in Computer Associates products Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related to "insufficient validation." | 5.0 |
2008-08-12 | CVE-2008-3607 | Noticeware | Improper Input Validation vulnerability in Noticeware Email Server The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via multiple long LOGIN commands. | 5.0 |
2008-08-14 | CVE-2008-2941 | HP | Improper Input Validation vulnerability in HP Linux Imaging and Printing Project 1.6.7 The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207. | 4.9 |
2008-08-15 | CVE-2008-3700 | Kayako | Cross-Site Scripting vulnerability in Kayako Supportsuite Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation. | 4.3 |
2008-08-14 | CVE-2008-3679 | Idevspot | Cross-Site Scripting vulnerability in Idevspot PHPlinkexchange 1.01 Multiple cross-site scripting (XSS) vulnerabilities in index.php in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a (1) user_add, (2) recip, (3) tellafriend, or (4) contact action, or (5) in a request without an action; or (6) the id parameter in a tellafriend action. | 4.3 |
2008-08-14 | CVE-2008-3678 | Damian Hickey | Cross-Site Scripting vulnerability in Damian Hickey Freeway Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway before 1.4.2.197 allows remote attackers to inject arbitrary web script or HTML via the URL. | 4.3 |
2008-08-14 | CVE-2008-3676 | Hmailserver | Improper Input Validation vulnerability in Hmailserver 4.4.1 Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands. | 4.3 |
2008-08-13 | CVE-2008-3668 | Marcello Brandao | Cross-Site Scripting vulnerability in Marcello Brandao Yogurt Social Network Module 3.2 Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap. | 4.3 |
2008-08-13 | CVE-2008-3516 | Adobe | Cross-Site Scripting vulnerability in Adobe Presenter 6/7 Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3515. | 4.3 |
2008-08-13 | CVE-2008-3515 | Adobe | Cross-Site Scripting vulnerability in Adobe Presenter 6/7 Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516. | 4.3 |
2008-08-12 | CVE-2008-3596 | Harmoni | Cross-Site Scripting vulnerability in Harmoni Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allows remote attackers to inject arbitrary web script or HTML via the Username field, which is inserted into logs that could be rendered when viewed by an administrator. | 4.3 |
2008-08-11 | CVE-2008-3589 | Mozilo | Path Traversal vulnerability in Mozilo Mozilocms 1.10.1 Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. | 4.3 |
2008-08-11 | CVE-2008-3587 | Needscripts | Cross-Site Scripting vulnerability in Needscripts Homes 4 Sale Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter. | 4.3 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-08-14 | CVE-2008-3699 | Amarok | Link Following vulnerability in Amarok 1.4.9.1 The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file. | 3.3 |