Weekly Vulnerabilities Reports > September 1 to 7, 2008
Overview
95 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 84 products from 63 vendors including Vmware, HP, Cisco, Hans Oesterholt, and Microsoft. Vulnerabilities are notably categorized as "Information Exposure", "Improper Input Validation", "Cross-site Scripting", "SQL Injection", and "Link Following".
- 66 reported vulnerabilities are remotely exploitables.
- 12 reported vulnerabilities have public exploit available.
- 23 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 88 reported vulnerabilities are exploitable by an anonymous user.
- Vmware has the most reported vulnerabilities, with 10 reported vulnerabilities.
- Vmware has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
17 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-09-04 | CVE-2008-3910 | HSC | Numeric Errors vulnerability in HSC Dns2Tcp dns2tcp before 0.4.1 does not properly handle negative values in a certain length field in the input argument to the (1) dns_simple_decode or (2) dns_decode function, which allows remote attackers to overwrite a buffer and have unspecified other impact. | 10.0 |
2008-09-04 | CVE-2008-3908 | Princeton University | Buffer Errors vulnerability in Princeton University Wordnet 3.0 Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context-dependent attackers to execute arbitrary code via (1) a long argument on the command line; a long (2) WNSEARCHDIR, (3) WNHOME, or (4) WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka data file). | 10.0 |
2008-09-03 | CVE-2008-3892 | Vmware | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. | 10.0 |
2008-09-03 | CVE-2008-3696 | Vmware | ActiveX Controls Multiple Unspecified Security vulnerability in VMware Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695. | 10.0 |
2008-09-03 | CVE-2008-3695 | Vmware | ActiveX Controls Multiple Unspecified Security vulnerability in VMware Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696. | 10.0 |
2008-09-03 | CVE-2008-3694 | Vmware | ActiveX Controls Multiple Unspecified Security vulnerability in VMware Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, and CVE-2008-3696. | 10.0 |
2008-09-03 | CVE-2008-3693 | Vmware | ActiveX Controls Multiple Unspecified Security vulnerability in VMware Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696. | 10.0 |
2008-09-03 | CVE-2008-3692 | Vmware | ActiveX Controls Multiple Unspecified Security vulnerability in VMware Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696. | 10.0 |
2008-09-03 | CVE-2008-3691 | Vmware | ActiveX Controls Multiple Unspecified Security vulnerability in VMware Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696. | 10.0 |
2008-09-02 | CVE-2008-3882 | Zoneminder | Code Injection vulnerability in Zoneminder Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php. | 10.0 |
2008-09-02 | CVE-2008-3146 | Wireshark | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used. | 10.0 |
2008-09-05 | CVE-2008-2436 | Novell | Code Injection vulnerability in Novell Iprint Client Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx. | 9.3 |
2008-09-04 | CVE-2008-3922 | Telartis BV | Code Injection vulnerability in Telartis BV Awstats Totals awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function. | 9.3 |
2008-09-04 | CVE-2008-3919 | Justsystems | Code Injection vulnerability in Justsystems Ichitaro Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008. | 9.3 |
2008-09-04 | CVE-2008-3916 | GNU | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU ED Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. | 9.3 |
2008-09-02 | CVE-2008-3877 | Acoustica | Buffer Errors vulnerability in Acoustica Mixcraft 3.0/4.1/4.2 Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96 and 4.2 Build 98 allows user-assisted attackers to execute arbitrary code via a crafted .mx4 file. | 9.3 |
2008-09-02 | CVE-2008-3538 | HP Microsoft | Remote Privilege Escalation vulnerability in HP Enterprise Discovery Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. | 9.0 |
28 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-09-05 | CVE-2008-3936 | Dreambox | Improper Input Validation vulnerability in Dreambox Dm500C The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI. | 7.8 |
2008-09-04 | CVE-2008-2732 | Cisco | Denial of Service and Information Disclosure vulnerability in Cisco PIX and Cisco ASA Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a denial of service (device reload) via unknown vectors, aka Bug IDs CSCsq07867, CSCsq57091, CSCsk60581, and CSCsq39315. | 7.8 |
2008-09-03 | CVE-2008-3537 | HP | Denial of Service vulnerability in HP OpenView Network Node Manager 7.01/7.51/7.53 Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3536. | 7.8 |
2008-09-03 | CVE-2008-3536 | HP | Denial of Service vulnerability in HP OpenView Network Node Manager 7.01/7.51/7.53 Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3537. | 7.8 |
2008-09-05 | CVE-2008-3948 | Xrms | SQL Injection vulnerability in Xrms CRM 1.99.2 SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors. | 7.5 |
2008-09-05 | CVE-2008-3945 | Source Workshop | SQL Injection vulnerability in Source Workshop Words TAG Script 1.2 SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action. | 7.5 |
2008-09-05 | CVE-2008-3944 | Discountedscripts | SQL Injection vulnerability in Discountedscripts ACG PTP 1.0.6 SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action. | 7.5 |
2008-09-05 | CVE-2008-3943 | Ezonescripts | SQL Injection vulnerability in Ezonescripts Living Local 1.1 SQL injection vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to execute arbitrary SQL commands via the r parameter. | 7.5 |
2008-09-05 | CVE-2008-3942 | Ozsari | SQL Injection vulnerability in Ozsari Full PHP Emlak Script SQL injection vulnerability in landsee.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-09-04 | CVE-2008-3920 | Bitlbee | Permissions, Privileges, and Access Controls vulnerability in Bitlbee Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors. | 7.5 |
2008-09-04 | CVE-2008-3918 | Ovidentia | SQL Injection vulnerability in Ovidentia 6.6.5 SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action. | 7.5 |
2008-09-04 | CVE-2008-3904 | Lxde | Improper Input Validation vulnerability in Lxde Gpicview and Lightweight X11 Desktop Environment src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. | 7.5 |
2008-09-04 | CVE-2008-2441 | Cisco | Resource Management Errors vulnerability in Cisco Secure Access Control Server and Secure ACS Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet. | 7.5 |
2008-09-03 | CVE-2008-3891 | Improper Authentication vulnerability in Google Apps The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field. | 7.5 | |
2008-09-02 | CVE-2008-3888 | Aspindir | SQL Injection vulnerability in Aspindir Mini Nuke Freehost 2.3 SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a member_details action. | 7.5 |
2008-09-02 | CVE-2008-3880 | Zoneminder | SQL Injection vulnerability in Zoneminder SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter. | 7.5 |
2008-09-05 | CVE-2008-3947 | HP | Improper Input Validation vulnerability in HP Openvms 8.3 DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line. | 7.2 |
2008-09-05 | CVE-2008-3890 | Freebsd AMD | Permissions, Privileges, and Access Controls vulnerability in Freebsd 6.3/7.0 The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during the kernel's return from (1) an interrupt, (2) a trap, or (3) a system call. | 7.2 |
2008-09-04 | CVE-2008-3929 | Ampache | Link Following vulnerability in Ampache 3.4.1 gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file. | 7.2 |
2008-09-04 | CVE-2008-3927 | Tiger | Link Following vulnerability in Tiger 3.2.2 genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arbitrary files via a symlink attack on temporary files. | 7.2 |
2008-09-03 | CVE-2008-3698 | Vmware | Permissions, Privileges, and Access Controls vulnerability in VMWare products Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors. | 7.2 |
2008-09-02 | CVE-2008-3883 | Caudium | Link Following vulnerability in Caudium 1.4.12 configvar in Caudium 1.4.12 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/roken#####.pike temporary file. | 7.2 |
2008-09-02 | CVE-2008-3875 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Opensolaris and Solaris The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls. | 7.2 |
2008-09-05 | CVE-2008-3530 | Freebsd | Improper Input Validation vulnerability in Freebsd 6.3/7.0/7.1 sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message. | 7.1 |
2008-09-04 | CVE-2008-2736 | Cisco | Information Exposure vulnerability in Cisco Adaptive Security Appliance 5500 8.0/8.1 Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636. | 7.1 |
2008-09-04 | CVE-2008-2735 | Cisco | Improper Input Validation vulnerability in Cisco Adaptive Security Appliance 5500 8.0/8.1 The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of service (device reload) via a URI in a crafted SSL or HTTP packet, aka Bug ID CSCsq19369. | 7.1 |
2008-09-04 | CVE-2008-2734 | Cisco | Resource Management Errors vulnerability in Cisco Adaptive Security Appliance 5500 8.0/8.1 Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a denial of service (memory consumption and VPN hang) via a crafted SSL or HTTP packet, aka Bug ID CSCso66472. | 7.1 |
2008-09-04 | CVE-2008-2733 | Cisco | Denial of Service and Information Disclosure vulnerability in Cisco PIX and Cisco ASA Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942. | 7.1 |
35 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-09-05 | CVE-2008-3531 | Freebsd | Buffer Errors vulnerability in Freebsd 7.0/7.1 Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted (1) mount or (2) nmount system call, related to copying of "user defined data" in "certain error conditions." | 6.9 |
2008-09-04 | CVE-2008-3931 | R Foundation | Link Following vulnerability in R Foundation R 2.7.2 javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 6.9 |
2008-09-04 | CVE-2008-3930 | Debian | Link Following vulnerability in Debian Citadel Server 7.37 migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | 6.9 |
2008-09-04 | CVE-2008-3928 | Debian | Link Following vulnerability in Debian Honeyd Common 1.5 test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file. | 6.9 |
2008-09-04 | CVE-2008-3907 | Newsbeuter | Improper Input Validation vulnerability in Newsbeuter The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL. | 6.8 |
2008-09-03 | CVE-2008-1739 | Apple | Resource Management Errors vulnerability in Apple Quicktime Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption. | 6.8 |
2008-09-02 | CVE-2008-3885 | Blogn | Cross-Site Request Forgery (CSRF) vulnerability in Blogn 1.9.3 Cross-site request forgery (CSRF) vulnerability in Blogn (BURO GUN) 1.9.7 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make content modifications. | 6.8 |
2008-09-05 | CVE-2008-1197 | Marvell Netgear | Improper Input Validation vulnerability in multiple products The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a "Null SSID." | 6.3 |
2008-09-05 | CVE-2008-1144 | Marvell Netgear | Improper Input Validation vulnerability in multiple products The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a malformed EAPoL-Key packet with a crafted "advertised length." | 6.3 |
2008-09-05 | CVE-2007-5474 | Atheros Linksys | Improper Input Validation vulnerability in multiple products The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long. | 6.3 |
2008-09-02 | CVE-2008-3887 | Dotproject | SQL Injection vulnerability in Dotproject 2.1.2 Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in a viewuser action. | 6.0 |
2008-09-05 | CVE-2008-3938 | Opendb | Cross-Site Request Forgery (CSRF) vulnerability in Opendb 1.0.6 Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action. | 5.8 |
2008-09-04 | CVE-2008-3926 | Hans Oesterholt | Path Traversal vulnerability in Hans Oesterholt Cmme 1.12 Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. | 5.8 |
2008-09-04 | CVE-2008-3909 | Django Project | Cross-Site Request Forgery (CSRF) vulnerability in Django Project Django 0.91/0.95/0.96 The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests. | 5.8 |
2008-09-04 | CVE-2008-3905 | Ruby Lang | Improper Authentication vulnerability in Ruby-Lang Ruby resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | 5.8 |
2008-09-04 | CVE-2007-6716 | Linux Canonical Debian Novell Opensuse Suse | fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. | 5.5 |
2008-09-05 | CVE-2008-3939 | Avtech | Path Traversal vulnerability in Avtech Pager Enterprise 4.3.7 Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. | 5.0 |
2008-09-04 | CVE-2008-1389 | Clam Anti Virus | Resource Management Errors vulnerability in Clam Anti-Virus Clamav libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access." | 5.0 |
2008-09-03 | CVE-2008-3697 | Vmware | Improper Input Validation vulnerability in VMWare Server and VMWare Server An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request. | 5.0 |
2008-09-05 | CVE-2008-3946 | HP | Local Security vulnerability in HP Openvms 5 The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file. | 4.9 |
2008-09-03 | CVE-2008-3791 | Lxde | Link Following vulnerability in Lxde Lightweight X11 Desktop Environment 0.1.9 src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rot.jpg temporary file. | 4.6 |
2008-09-05 | CVE-2008-3940 | HP | USE of Externally-Controlled Format String vulnerability in HP Openvms 5 Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file. | 4.4 |
2008-09-05 | CVE-2008-3664 | Xrms | Cross-Site Scripting vulnerability in Xrms CRM Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field, related to the user list; (2) the target parameter to login.php, (3) the title parameter to activities/some.php, (4) the company_name parameter to companies/some.php, (5) the last_name parameter to contacts/some.php, (6) the campaign_title parameter to campaigns/some.php, (7) the opportunity_title parameter to opportunities/some.php, (8) the case_title parameter to cases/some.php, (9) the file_id parameter to files/some.php, or (10) the starting parameter to reports/custom/mileage.php, a related issue to CVE-2008-1129. | 4.3 |
2008-09-05 | CVE-2008-3941 | Bizdirectory | Cross-Site Scripting vulnerability in Bizdirectory 1.9/2.0 Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI. | 4.3 |
2008-09-05 | CVE-2008-3937 | Opendb | Cross-Site Scripting vulnerability in Opendb 1.0.6 Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php. | 4.3 |
2008-09-05 | CVE-2008-3935 | D IC | Cross-Site Scripting vulnerability in D-Ic Shop V50 and Shop V52 Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-09-04 | CVE-2008-3925 | Hans Oesterholt | Cross-Site Request Forgery (CSRF) vulnerability in Hans Oesterholt Cmme 1.12 Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action. | 4.3 |
2008-09-04 | CVE-2008-3924 | Hans Oesterholt | Permissions, Privileges, and Access Controls vulnerability in Hans Oesterholt Cmme 1.12 The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip. | 4.3 |
2008-09-04 | CVE-2008-3923 | Hans Oesterholt | Cross-Site Scripting vulnerability in Hans Oesterholt Cmme 1.12 Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action. | 4.3 |
2008-09-04 | CVE-2008-3921 | Telartis BV | Cross-Site Scripting vulnerability in Telartis BV Awstats Totals Multiple cross-site scripting (XSS) vulnerabilities in AWStats Totals 1.0 through 1.14 allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameter. | 4.3 |
2008-09-04 | CVE-2008-3917 | Ovidentia | Cross-Site Scripting vulnerability in Ovidentia 6.6.5 Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action. | 4.3 |
2008-09-04 | CVE-2008-3906 | Mono Mono Project | Improper Input Validation vulnerability in multiple products CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. | 4.3 |
2008-09-02 | CVE-2008-3886 | Dotproject | Cross-Site Scripting vulnerability in Dotproject 2.1.2 Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, (2) the date parameter in a calendar day_view action, (3) the callback parameter in a public calendar action, or (4) the type parameter in a ticketsmith action. | 4.3 |
2008-09-02 | CVE-2008-3884 | Blogn | Cross-Site Scripting vulnerability in Blogn Cross-site scripting (XSS) vulnerability in Blogn (BURO GUN) 1.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2006-6176. | 4.3 |
2008-09-02 | CVE-2008-3881 | Zoneminder | Cross-Site Scripting vulnerability in Zoneminder Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files. | 4.3 |
15 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-09-04 | CVE-2008-3903 | Asterisk Trixbox | Information Exposure vulnerability in multiple products Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames. | 3.5 |
2008-09-04 | CVE-2008-3934 | Wireshark | Improper Input Validation vulnerability in Wireshark Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. | 3.3 |
2008-09-04 | CVE-2008-3933 | Wireshark | Improper Input Validation vulnerability in Wireshark Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function. | 3.3 |
2008-09-03 | CVE-2008-3902 | HP | Information Exposure vulnerability in HP 68Dtt F.0D HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer, aka SSRT080104. | 2.1 |
2008-09-03 | CVE-2008-3901 | Linux Suspend2 | Information Exposure vulnerability in Suspend2 Software Suspend 2 22.2.1 Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | 2.1 |
2008-09-03 | CVE-2008-3900 | Intel | Information Exposure vulnerability in Intel Bios Pe94510M.86A.0050.2007.0710.1559 Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | 2.1 |
2008-09-03 | CVE-2008-3899 | Truecrypt Foundation | Information Exposure vulnerability in Truecrypt Foundation Truecrypt 5.0 TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | 2.1 |
2008-09-03 | CVE-2008-3898 | Secustar | Information Exposure vulnerability in Secustar Drivecrypt Plus Pack 3.9 Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | 2.1 |
2008-09-03 | CVE-2008-3897 | Microsoft Freed0M | Information Exposure vulnerability in Freed0M Disckcryptor 0.2.6 DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | 2.1 |
2008-09-03 | CVE-2008-3896 | GNU | Information Exposure vulnerability in GNU Grub Legacy Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | 2.1 |
2008-09-03 | CVE-2008-3895 | Lilo | Information Exposure vulnerability in Lilo LILO 22.6.1 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | 2.1 |
2008-09-03 | CVE-2008-3894 | IBM | Information Exposure vulnerability in IBM Lenovo 7Cetb5Ww 2.05 IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | 2.1 |
2008-09-03 | CVE-2008-2101 | Vmware | Information Exposure vulnerability in VMWare ESX The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process. | 2.1 |
2008-09-03 | CVE-2008-3893 | Microsoft | Information Exposure vulnerability in Microsoft Windows Vista Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | 1.9 |
2008-09-02 | CVE-2008-3876 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone 2.0.2 Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow. | 1.9 |