Weekly Vulnerabilities Reports > September 1 to 7, 2008

Overview

102 new vulnerabilities reported during this period, including 19 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 86 products from 65 vendors including Vmware, HP, Cisco, Linux, and Wireshark. Vulnerabilities are notably categorized as "Improper Input Validation", "Information Exposure", "Cross-site Scripting", "SQL Injection", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 71 reported vulnerabilities are remotely exploitables.
  • 14 reported vulnerabilities have public exploit available.
  • 24 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 96 reported vulnerabilities are exploitable by an anonymous user.
  • Vmware has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Vmware has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

19 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-09-04 CVE-2008-3910 HSC Numeric Errors vulnerability in HSC Dns2Tcp

dns2tcp before 0.4.1 does not properly handle negative values in a certain length field in the input argument to the (1) dns_simple_decode or (2) dns_decode function, which allows remote attackers to overwrite a buffer and have unspecified other impact.

10.0
2008-09-04 CVE-2008-3908 Princeton University Buffer Errors vulnerability in Princeton University Wordnet 3.0

Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context-dependent attackers to execute arbitrary code via (1) a long argument on the command line; a long (2) WNSEARCHDIR, (3) WNHOME, or (4) WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka data file).

10.0
2008-09-03 CVE-2008-3892 Vmware Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products

Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call.

10.0
2008-09-03 CVE-2008-3696 Vmware ActiveX Controls Multiple Unspecified Security vulnerability in VMware

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695.

10.0
2008-09-03 CVE-2008-3695 Vmware ActiveX Controls Multiple Unspecified Security vulnerability in VMware

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696.

10.0
2008-09-03 CVE-2008-3694 Vmware ActiveX Controls Multiple Unspecified Security vulnerability in VMware

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, and CVE-2008-3696.

10.0
2008-09-03 CVE-2008-3693 Vmware ActiveX Controls Multiple Unspecified Security vulnerability in VMware

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.

10.0
2008-09-03 CVE-2008-3692 Vmware ActiveX Controls Multiple Unspecified Security vulnerability in VMware

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.

10.0
2008-09-03 CVE-2008-3691 Vmware ActiveX Controls Multiple Unspecified Security vulnerability in VMware

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.

10.0
2008-09-02 CVE-2008-3882 Zoneminder Code Injection vulnerability in Zoneminder

Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.

10.0
2008-09-02 CVE-2008-3146 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.

10.0
2008-09-05 CVE-2008-2436 Novell Code Injection vulnerability in Novell Iprint Client

Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx.

9.3
2008-09-04 CVE-2008-3922 Telartis BV Code Injection vulnerability in Telartis BV Awstats Totals

awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.

9.3
2008-09-04 CVE-2008-3919 Justsystems Code Injection vulnerability in Justsystems Ichitaro

Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008.

9.3
2008-09-04 CVE-2008-3916 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU ED

Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename.

9.3
2008-09-02 CVE-2008-3879 Ultrashareware Improper Input Validation vulnerability in Ultrashareware Ultra Office Control

The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument (SaveAsDocument argument) to the Save method.

9.3
2008-09-02 CVE-2008-3878 Ultrashareware Buffer Errors vulnerability in Ultrashareware Ultra Office Control 2.0.2008.801

Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 in Ultra Shareware Ultra Office Control allows remote attackers to execute arbitrary code via long strUrl, strFile, and strPostData parameters to the HttpUpload method.

9.3
2008-09-02 CVE-2008-3877 Acoustica Buffer Errors vulnerability in Acoustica Mixcraft 3.0/4.1/4.2

Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96 and 4.2 Build 98 allows user-assisted attackers to execute arbitrary code via a crafted .mx4 file.

9.3
2008-09-02 CVE-2008-3538 HP
Microsoft
Remote Privilege Escalation vulnerability in HP Enterprise Discovery

Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors.

9.0

31 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-09-05 CVE-2008-3936 Dreambox Improper Input Validation vulnerability in Dreambox Dm500C

The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI.

7.8
2008-09-04 CVE-2008-2732 Cisco Denial of Service and Information Disclosure vulnerability in Cisco PIX and Cisco ASA

Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a denial of service (device reload) via unknown vectors, aka Bug IDs CSCsq07867, CSCsq57091, CSCsk60581, and CSCsq39315.

7.8
2008-09-03 CVE-2008-3537 HP Denial of Service vulnerability in HP OpenView Network Node Manager 7.01/7.51/7.53

Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3536.

7.8
2008-09-03 CVE-2008-3536 HP Denial of Service vulnerability in HP OpenView Network Node Manager 7.01/7.51/7.53

Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3537.

7.8
2008-09-05 CVE-2008-3948 Xrms SQL Injection vulnerability in Xrms CRM 1.99.2

SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors.

7.5
2008-09-05 CVE-2008-3945 Source Workshop SQL Injection vulnerability in Source Workshop Words TAG Script 1.2

SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action.

7.5
2008-09-05 CVE-2008-3944 Discountedscripts SQL Injection vulnerability in Discountedscripts ACG PTP 1.0.6

SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action.

7.5
2008-09-05 CVE-2008-3943 Ezonescripts SQL Injection vulnerability in Ezonescripts Living Local 1.1

SQL injection vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to execute arbitrary SQL commands via the r parameter.

7.5
2008-09-05 CVE-2008-3942 Ozsari SQL Injection vulnerability in Ozsari Full PHP Emlak Script

SQL injection vulnerability in landsee.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-09-04 CVE-2008-3920 Bitlbee Permissions, Privileges, and Access Controls vulnerability in Bitlbee

Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors.

7.5
2008-09-04 CVE-2008-3918 Ovidentia SQL Injection vulnerability in Ovidentia 6.6.5

SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action.

7.5
2008-09-04 CVE-2008-3904 Lxde Improper Input Validation vulnerability in Lxde Gpicview and Lightweight X11 Desktop Environment

src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.

7.5
2008-09-04 CVE-2008-2441 Cisco Resource Management Errors vulnerability in Cisco Secure Access Control Server and Secure ACS

Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet.

7.5
2008-09-03 CVE-2008-3891 Google Improper Authentication vulnerability in Google Apps

The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field.

7.5
2008-09-02 CVE-2008-3888 Aspindir SQL Injection vulnerability in Aspindir Mini Nuke Freehost 2.3

SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a member_details action.

7.5
2008-09-02 CVE-2008-3880 Zoneminder SQL Injection vulnerability in Zoneminder

SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter.

7.5
2008-09-05 CVE-2008-3947 HP Improper Input Validation vulnerability in HP Openvms 8.3

DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line.

7.2
2008-09-05 CVE-2008-3890 Freebsd
AMD
Permissions, Privileges, and Access Controls vulnerability in Freebsd 6.3/7.0

The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during the kernel's return from (1) an interrupt, (2) a trap, or (3) a system call.

7.2
2008-09-04 CVE-2008-3929 Ampache Link Following vulnerability in Ampache 3.4.1

gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file.

7.2
2008-09-04 CVE-2008-3927 Tiger Link Following vulnerability in Tiger 3.2.2

genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arbitrary files via a symlink attack on temporary files.

7.2
2008-09-04 CVE-2008-3911 Linux Buffer Errors vulnerability in Linux Kernel 2.6.26.3

The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file.

7.2
2008-09-03 CVE-2008-3698 Vmware Permissions, Privileges, and Access Controls vulnerability in VMWare products

Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors.

7.2
2008-09-03 CVE-2008-3525 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 2.6.26.3

The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.

7.2
2008-09-02 CVE-2008-3883 Caudium Link Following vulnerability in Caudium 1.4.12

configvar in Caudium 1.4.12 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/roken#####.pike temporary file.

7.2
2008-09-02 CVE-2008-3875 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Opensolaris and Solaris

The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls.

7.2
2008-09-05 CVE-2008-3530 Freebsd Improper Input Validation vulnerability in Freebsd 6.3/7.0/7.1

sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message.

7.1
2008-09-04 CVE-2008-2736 Cisco Information Exposure vulnerability in Cisco Adaptive Security Appliance 5500 8.0/8.1

Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636.

7.1
2008-09-04 CVE-2008-2735 Cisco Improper Input Validation vulnerability in Cisco Adaptive Security Appliance 5500 8.0/8.1

The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of service (device reload) via a URI in a crafted SSL or HTTP packet, aka Bug ID CSCsq19369.

7.1
2008-09-04 CVE-2008-2734 Cisco Resource Management Errors vulnerability in Cisco Adaptive Security Appliance 5500 8.0/8.1

Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a denial of service (memory consumption and VPN hang) via a crafted SSL or HTTP packet, aka Bug ID CSCso66472.

7.1
2008-09-04 CVE-2008-2733 Cisco Denial of Service and Information Disclosure vulnerability in Cisco PIX and Cisco ASA

Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942.

7.1
2008-09-03 CVE-2008-3792 Linux Multiple vulnerability in Linux Kernel 2.6.26.3

net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks.

7.1

37 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-09-05 CVE-2008-3531 Freebsd Buffer Errors vulnerability in Freebsd 7.0/7.1

Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted (1) mount or (2) nmount system call, related to copying of "user defined data" in "certain error conditions."

6.9
2008-09-04 CVE-2008-3931 R Foundation Link Following vulnerability in R Foundation R 2.7.2

javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

6.9
2008-09-04 CVE-2008-3930 Debian Link Following vulnerability in Debian Citadel Server 7.37

migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

6.9
2008-09-04 CVE-2008-3928 Debian Link Following vulnerability in Debian Honeyd Common 1.5

test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file.

6.9
2008-09-04 CVE-2008-3907 Newsbeuter Improper Input Validation vulnerability in Newsbeuter

The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL.

6.8
2008-09-03 CVE-2008-1739 Apple Resource Management Errors vulnerability in Apple Quicktime

Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption.

6.8
2008-09-02 CVE-2008-3885 Blogn Cross-Site Request Forgery (CSRF) vulnerability in Blogn 1.9.3

Cross-site request forgery (CSRF) vulnerability in Blogn (BURO GUN) 1.9.7 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make content modifications.

6.8
2008-09-05 CVE-2008-1197 Marvell
Netgear
Improper Input Validation vulnerability in multiple products

The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a "Null SSID."

6.3
2008-09-05 CVE-2008-1144 Marvell
Netgear
Improper Input Validation vulnerability in multiple products

The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a malformed EAPoL-Key packet with a crafted "advertised length."

6.3
2008-09-05 CVE-2007-5474 Atheros
Linksys
Improper Input Validation vulnerability in multiple products

The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long.

6.3
2008-09-02 CVE-2008-3887 Dotproject SQL Injection vulnerability in Dotproject 2.1.2

Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in a viewuser action.

6.0
2008-09-05 CVE-2008-3938 Opendb Cross-Site Request Forgery (CSRF) vulnerability in Opendb 1.0.6

Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action.

5.8
2008-09-04 CVE-2008-3926 Hans Oesterholt Path Traversal vulnerability in Hans Oesterholt Cmme 1.12

Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a ..

5.8
2008-09-04 CVE-2008-3909 Django Project Cross-Site Request Forgery (CSRF) vulnerability in Django Project Django 0.91/0.95/0.96

The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.

5.8
2008-09-04 CVE-2008-3905 Ruby Lang Improper Authentication vulnerability in Ruby-Lang Ruby

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

5.8
2008-09-05 CVE-2008-3939 Avtech Path Traversal vulnerability in Avtech Pager Enterprise 4.3.7

Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

5.0
2008-09-04 CVE-2008-3932 Wireshark Improper Input Validation vulnerability in Wireshark

Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop.

5.0
2008-09-04 CVE-2008-1389 Clam Anti Virus Resource Management Errors vulnerability in Clam Anti-Virus Clamav

libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."

5.0
2008-09-03 CVE-2008-3697 Vmware Improper Input Validation vulnerability in VMWare Server and VMWare Server

An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request.

5.0
2008-09-05 CVE-2008-3946 HP Local Security vulnerability in HP Openvms 5

The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file.

4.9
2008-09-04 CVE-2007-6716 Linux
Canonical
Debian
Novell
Opensuse
Suse
fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.
4.9
2008-09-03 CVE-2008-3791 Lxde Link Following vulnerability in Lxde Lightweight X11 Desktop Environment 0.1.9

src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rot.jpg temporary file.

4.6
2008-09-05 CVE-2008-3940 HP USE of Externally-Controlled Format String vulnerability in HP Openvms 5

Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file.

4.4
2008-09-05 CVE-2008-3664 Xrms Cross-Site Scripting vulnerability in Xrms CRM

Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field, related to the user list; (2) the target parameter to login.php, (3) the title parameter to activities/some.php, (4) the company_name parameter to companies/some.php, (5) the last_name parameter to contacts/some.php, (6) the campaign_title parameter to campaigns/some.php, (7) the opportunity_title parameter to opportunities/some.php, (8) the case_title parameter to cases/some.php, (9) the file_id parameter to files/some.php, or (10) the starting parameter to reports/custom/mileage.php, a related issue to CVE-2008-1129.

4.3
2008-09-05 CVE-2008-3941 Bizdirectory Cross-Site Scripting vulnerability in Bizdirectory 1.9/2.0

Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI.

4.3
2008-09-05 CVE-2008-3937 Opendb Cross-Site Scripting vulnerability in Opendb 1.0.6

Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php.

4.3
2008-09-05 CVE-2008-3935 D IC Cross-Site Scripting vulnerability in D-Ic Shop V50 and Shop V52

Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-09-04 CVE-2008-3925 Hans Oesterholt Cross-Site Request Forgery (CSRF) vulnerability in Hans Oesterholt Cmme 1.12

Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action.

4.3
2008-09-04 CVE-2008-3924 Hans Oesterholt Permissions, Privileges, and Access Controls vulnerability in Hans Oesterholt Cmme 1.12

The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip.

4.3
2008-09-04 CVE-2008-3923 Hans Oesterholt Cross-Site Scripting vulnerability in Hans Oesterholt Cmme 1.12

Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action.

4.3
2008-09-04 CVE-2008-3921 Telartis BV Cross-Site Scripting vulnerability in Telartis BV Awstats Totals

Multiple cross-site scripting (XSS) vulnerabilities in AWStats Totals 1.0 through 1.14 allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameter.

4.3
2008-09-04 CVE-2008-3917 Ovidentia Cross-Site Scripting vulnerability in Ovidentia 6.6.5

Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action.

4.3
2008-09-04 CVE-2008-3906 Mono
Mono Project
Improper Input Validation vulnerability in multiple products

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.

4.3
2008-09-03 CVE-2008-3101 Vtiger Cross-Site Scripting vulnerability in Vtiger CRM 5.0.4

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php.

4.3
2008-09-02 CVE-2008-3886 Dotproject Cross-Site Scripting vulnerability in Dotproject 2.1.2

Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, (2) the date parameter in a calendar day_view action, (3) the callback parameter in a public calendar action, or (4) the type parameter in a ticketsmith action.

4.3
2008-09-02 CVE-2008-3884 Blogn Cross-Site Scripting vulnerability in Blogn

Cross-site scripting (XSS) vulnerability in Blogn (BURO GUN) 1.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2006-6176.

4.3
2008-09-02 CVE-2008-3881 Zoneminder Cross-Site Scripting vulnerability in Zoneminder

Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files.

4.3

15 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-09-04 CVE-2008-3903 Asterisk
Trixbox
Information Exposure vulnerability in multiple products

Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames.

3.5
2008-09-04 CVE-2008-3934 Wireshark Improper Input Validation vulnerability in Wireshark

Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.

3.3
2008-09-04 CVE-2008-3933 Wireshark Improper Input Validation vulnerability in Wireshark

Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function.

3.3
2008-09-03 CVE-2008-3902 HP Information Exposure vulnerability in HP 68Dtt F.0D

HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer, aka SSRT080104.

2.1
2008-09-03 CVE-2008-3901 Linux
Suspend2
Information Exposure vulnerability in Suspend2 Software Suspend 2 22.2.1

Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

2.1
2008-09-03 CVE-2008-3900 Intel Information Exposure vulnerability in Intel Bios Pe94510M.86A.0050.2007.0710.1559

Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

2.1
2008-09-03 CVE-2008-3899 Truecrypt Foundation Information Exposure vulnerability in Truecrypt Foundation Truecrypt 5.0

TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

2.1
2008-09-03 CVE-2008-3898 Secustar Information Exposure vulnerability in Secustar Drivecrypt Plus Pack 3.9

Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

2.1
2008-09-03 CVE-2008-3897 Microsoft
Freed0M
Information Exposure vulnerability in Freed0M Disckcryptor 0.2.6

DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

2.1
2008-09-03 CVE-2008-3896 GNU Information Exposure vulnerability in GNU Grub Legacy

Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

2.1
2008-09-03 CVE-2008-3895 Lilo Information Exposure vulnerability in Lilo

LILO 22.6.1 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

2.1
2008-09-03 CVE-2008-3894 IBM Information Exposure vulnerability in IBM Lenovo 7Cetb5Ww 2.05

IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

2.1
2008-09-03 CVE-2008-2101 Vmware Information Exposure vulnerability in VMWare ESX

The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process.

2.1
2008-09-03 CVE-2008-3893 Microsoft Information Exposure vulnerability in Microsoft Windows Vista

Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

1.9
2008-09-02 CVE-2008-3876 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone 2.0.2

Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow.

1.9