Weekly Vulnerabilities Reports > August 25 to 31, 2008

Overview

67 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 16 high severity vulnerabilities. This weekly summary report vulnerabilities in 63 products from 46 vendors including IBM, Drupal, Redhat, Microsoft, and Spacetag. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Input Validation".

  • 61 reported vulnerabilities are remotely exploitables.
  • 15 reported vulnerabilities have public exploit available.
  • 30 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 60 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Redhat has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-08-29 CVE-2008-2928 Redhat Buffer Errors vulnerability in Redhat Directory Server 7.1

Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header.

10.0
2008-08-27 CVE-2008-3737 Spacetag
System Consultants
Code Injection vulnerability in multiple products

Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to execute arbitrary PHP scripts, and delete files, read files, and possibly have unknown other impact.

10.0
2008-08-27 CVE-2008-3795 Ipswitch Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ipswitch WS FTP Home

Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response."

10.0
2008-08-29 CVE-2008-3282 Openoffice Numeric Errors vulnerability in Openoffice Openoffice.Org 2.4.1

Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152.

9.3
2008-08-29 CVE-2008-3480 Anzio Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Anzio Print Wizard and web Print Object

Stack-based buffer overflow in the Anzio Web Print Object (WePO) ActiveX control 3.2.19 and 3.2.24, as used in Anzio Print Wizard, allows remote attackers to execute arbitrary code via a long mainurl parameter.

9.3
2008-08-28 CVE-2008-3853 IBM Buffer Errors vulnerability in IBM DB2 Universal Database 9.1

Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors.

9.3
2008-08-27 CVE-2008-3844 Redhat
Openbsd
Improper Input Validation vulnerability in Openbsd Openssh

Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact.

9.3
2008-08-27 CVE-2007-1682 Softartisans Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Softartisans Xfile

Multiple stack-based buffer overflows in the FileManager ActiveX control in SAFmgPws.dll in SoftArtisans XFile before 2.4.0 allow remote attackers to execute arbitrary code via unspecified calls to the (1) BuildPath, (2) GetDriveName, (3) DriveExists, or (4) DeleteFile method.

9.3

16 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-08-29 CVE-2008-3283 Fedora
Redhat
Resource Management Errors vulnerability in multiple products

Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests.

7.8
2008-08-28 CVE-2008-3854 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database 9.1/9.5

Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function.

7.8
2008-08-27 CVE-2008-3526 Linux Numeric Errors vulnerability in Linux Kernel

Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option.

7.8
2008-08-29 CVE-2008-3861 Phpmyrealty SQL Injection vulnerability in PHPmyrealty

Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php.

7.5
2008-08-28 CVE-2008-3856 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 8/8.0/9.1

The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors.

7.5
2008-08-27 CVE-2008-3848 Pdesigner SQL Injection vulnerability in Pdesigner Z-Breaknews 2.0

SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-08-27 CVE-2008-3845 Craftysyntax SQL Injection vulnerability in Craftysyntax Crafty Syntax Live Help

Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.

7.5
2008-08-27 CVE-2008-2433 Trend Micro Improper Authentication vulnerability in Trend Micro products

The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks.

7.5
2008-08-27 CVE-2008-3747 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.

7.5
2008-08-26 CVE-2008-3787 Nullscripts SQL Injection vulnerability in Nullscripts web Directory Script

SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.

7.5
2008-08-26 CVE-2008-3785 Miacms SQL Injection vulnerability in Miacms 4.6.5

Multiple SQL injection vulnerabilities in the com_content component in MiaCMS 4.6.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) view, (2) category, or (3) blogsection action to index.php.

7.5
2008-08-26 CVE-2008-3784 Btitracker Project
Xbtitracker Project
SQL Injection vulnerability in multiple products

SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earlier and xBtiTracker 2.0.542 and earlier allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.

7.5
2008-08-26 CVE-2008-3780 Review Script SQL Injection vulnerability in Review-Script Five Star Review Script

SQL injection vulnerability in recommend.php in Five Star Review Script allows remote attackers to execute arbitrary SQL commands via the item_id parameter.

7.5
2008-08-25 CVE-2008-3778 Avaya Permissions, Privileges, and Access Controls vulnerability in Avaya Communication Manager and SIP Enablement Services

The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.

7.5
2008-08-27 CVE-2008-3838 SUN Improper Input Validation vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global zones, possibly leading to file modifications or a denial of service.

7.2
2008-08-29 CVE-2008-2930 Fedora
Redhat
Resource Management Errors vulnerability in multiple products

Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem.

7.1

38 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-08-27 CVE-2008-3738 Spacetag Improper Authentication vulnerability in Spacetag Lacoodast

Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

6.8
2008-08-27 CVE-2008-2327 Libtiff Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libtiff

Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.

6.8
2008-08-26 CVE-2008-3794 Videolan Numeric Errors vulnerability in Videolan VLC Media Player 0.8.6I

Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.

6.8
2008-08-26 CVE-2008-3788 Picturespro SQL Injection vulnerability in Picturespro Photo Cart 3.9

Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php.

6.8
2008-08-26 CVE-2008-3783 Matterdaddy SQL Injection vulnerability in Matterdaddy Market 1.1

Multiple SQL injection vulnerabilities in index.php in Matterdaddy Market 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters.

6.8
2008-08-28 CVE-2008-3852 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.1/9.5

Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors.

6.5
2008-08-27 CVE-2008-3742 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal

Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.

6.5
2008-08-27 CVE-2008-3736 Spacetag
System Consultants
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (a) change passwords or (b) change configurations.

6.0
2008-08-27 CVE-2008-3744 Drupal Cross-Site Request Forgery (CSRF) vulnerability in Drupal

Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules.

5.8
2008-08-27 CVE-2008-3743 Drupal Cross-Site Request Forgery (CSRF) vulnerability in Drupal

Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements.

5.8
2008-08-27 CVE-2008-3745 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal and Upload Module

The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.

5.5
2008-08-29 CVE-2008-3859 Davlin Credentials Management vulnerability in Davlin Thickbox Gallery 2

Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php.

5.0
2008-08-27 CVE-2008-3851 Microsoft
Pluck
Path Traversal vulnerability in Pluck 4.5.2

Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php.

5.0
2008-08-27 CVE-2008-3840 Craftysyntax Credentials Management vulnerability in Craftysyntax Crafty Syntax Live Help

Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.

5.0
2008-08-27 CVE-2008-3790 Ruby Lang Improper Input Validation vulnerability in Ruby-Lang Ruby 1.8.6/1.8.7/1.9

The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."

5.0
2008-08-27 CVE-2008-3796 Swfdec Improper Input Validation vulnerability in Swfdec

Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial of service (application crash) via a 1x1 JPEG image.

5.0
2008-08-25 CVE-2008-3776 Fujitsu Path Traversal vulnerability in Fujitsu web Based Admin View 2.1.2

Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a ..

5.0
2008-08-27 CVE-2008-3839 SUN Local Denial of Service vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in the NFS module in the kernel in Sun Solaris 10 and OpenSolaris snv_59 through snv_87, when configured as an NFS server without the nodevices option, allows local users to cause a denial of service (panic) via unspecified vectors.

4.7
2008-08-28 CVE-2008-3857 IBM Information Exposure vulnerability in IBM DB2 Universal Database 9.1

The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump.

4.6
2008-08-28 CVE-2008-3855 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.1

Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664.

4.6
2008-08-29 CVE-2008-2929 Fedora
Redhat
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.

4.3
2008-08-29 CVE-2008-3873 Adobe Unspecified vulnerability in Adobe Flash Player

The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.

4.3
2008-08-29 CVE-2008-3860 IBM
Microsoft
Cross-Site Scripting vulnerability in IBM Lotus Quickr 8.1

Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page.

4.3
2008-08-28 CVE-2008-3858 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.1

The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT data stream that simulates a V7 client connect request.

4.3
2008-08-27 CVE-2008-3850 Accellion Cross-Site Scripting vulnerability in Accellion Secure File Transfer Appliance 70135

Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.

4.3
2008-08-27 CVE-2008-3849 Civic CMS Cross-Site Scripting vulnerability in Civic-Cms

Cross-site scripting (XSS) vulnerability in the calendar controller in Civic Website Manager before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving (1) month, (2) day, and (3) year fields.

4.3
2008-08-27 CVE-2008-3847 Aguestbook Cross-Site Scripting vulnerability in Aguestbook AN Guestbook

Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook (ANG) before 0.7.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-08-27 CVE-2008-3846 Aquagardensoft Cross-Site Scripting vulnerability in Aquagardensoft Mysql-Lists

Cross-site scripting (XSS) vulnerability in mysql-lists 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-08-27 CVE-2008-3843 Microsoft Cross-Site Scripting vulnerability in Microsoft .Net Framework 1.0/1.1/2.0

Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element.

4.3
2008-08-27 CVE-2008-3842 Microsoft Cross-Site Scripting vulnerability in Microsoft .Net Framework 1.0/1.1/2.0

Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence.

4.3
2008-08-27 CVE-2008-3841 Openfreeway Cross-Site Scripting vulnerability in Openfreeway Freeway 1.4.1.171

Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway eCommerce 1.4.1.171 allows remote attackers to inject arbitrary web script or HTML via the search_link parameter.

4.3
2008-08-27 CVE-2008-3739 Spacetag
System Consultants
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences.

4.3
2008-08-27 CVE-2008-3281 Xmlsoft Resource Management Errors vulnerability in Xmlsoft Libxml2

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

4.3
2008-08-27 CVE-2008-3746 Webdav Denial Of Service vulnerability in Webdav Neon 0.28.0/0.28.1/0.28.2

neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.

4.3
2008-08-27 CVE-2008-3740 Drupal Cross-Site Scripting vulnerability in Drupal

Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-08-26 CVE-2008-3786 Picturespro Cross-Site Scripting vulnerability in Picturespro Photo Cart 3.9

Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action.

4.3
2008-08-26 CVE-2008-3781 Gmod Cross-Site Scripting vulnerability in Gmod Gbrowse

Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-08-26 CVE-2008-3779 Review Script Cross-Site Scripting vulnerability in Review-Script Five Star Review Script

Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action.

4.3

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-08-29 CVE-2008-3874 Lussumo Cross-Site Scripting vulnerability in Lussumo Vanilla

Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs).

3.5
2008-08-27 CVE-2008-3741 Drupal Cross-Site Scripting vulnerability in Drupal

The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML.

3.5
2008-08-26 CVE-2008-3782 Discountedscripts Cross-Site Scripting vulnerability in Discountedscripts ACG PTP 1.0.6

Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in ACG-PTP 1.0.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Category name field under Advertisement Packages, the (2) Reason field under Credit/Debit Users, and the (3) FAQ question and (4) FAQ answer fields under Add New FAQ Entry.

3.5
2008-08-27 CVE-2008-3789 Samba Permissions, Privileges, and Access Controls vulnerability in Samba 3.2.0

Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.

2.1
2008-08-25 CVE-2008-3777 Avaya Information Exposure vulnerability in Avaya Communication Manager and SIP Enablement Services

The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.

2.1