Weekly Vulnerabilities Reports > September 8 to 14, 2008
Overview
72 new vulnerabilities reported during this period, including 22 critical vulnerabilities and 21 high severity vulnerabilities. This weekly summary report vulnerabilities in 87 products from 42 vendors including Microsoft, Apple, IBM, Mybb, and Clamav. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Cross-site Scripting", and "Resource Management Errors".
- 65 reported vulnerabilities are remotely exploitables.
- 16 reported vulnerabilities have public exploit available.
- 21 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 70 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 19 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 13 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
22 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-09-11 | CVE-2008-4057 | Objective Development | Security vulnerability in Sharity Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a "serious security problem." | 10.0 |
2008-09-11 | CVE-2008-3914 | Clamav | Information Exposure vulnerability in Clamav Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c. | 10.0 |
2008-09-11 | CVE-2008-3612 | Apple | Use of Insufficiently Random Values vulnerability in Apple Iphone OS 2.0.0/2.0.1/2.0.2 The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection. | 9.8 |
2008-09-11 | CVE-2008-4050 | Friendly Technologies | Improper Input Validation vulnerability in Friendly Technologies Friendly Pppoe Client 3.0.0.57 A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method. | 9.3 |
2008-09-11 | CVE-2008-3584 | Netbsd | Improper Input Validation vulnerability in Netbsd 3.0/3.1/4.0 NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a crafted PPPoE packet. | 9.3 |
2008-09-11 | CVE-2008-3971 | Gmanedit2 | Buffer Errors vulnerability in Gmanedit2 Gmanedit 0.4.1 Heap-based buffer overflow in the open_man_file function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. | 9.3 |
2008-09-11 | CVE-2008-3957 | Microsoft | Improper Input Validation vulnerability in Microsoft Windows Image Acquisition Logger The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. | 9.3 |
2008-09-11 | CVE-2008-3956 | Microsoft | Code Injection vulnerability in Microsoft Organization Chart 2.00 orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file. | 9.3 |
2008-09-11 | CVE-2008-3635 | Apple Intel Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | 9.3 |
2008-09-11 | CVE-2008-3632 | Apple | Resource Management Errors vulnerability in Apple Iphone, Iphone OS and Ipod Touch Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements. | 9.3 |
2008-09-11 | CVE-2008-3628 | Apple Microsoft | Resource Management Errors vulnerability in Apple Quicktime Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue." | 9.3 |
2008-09-11 | CVE-2008-3627 | Apple | Resource Management Errors vulnerability in Apple Quicktime Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file. | 9.3 |
2008-09-11 | CVE-2008-3625 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms. | 9.3 |
2008-09-11 | CVE-2008-3615 | Apple Microsoft | Resource Management Errors vulnerability in Apple Quicktime ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | 9.3 |
2008-09-11 | CVE-2008-3015 | Microsoft | Numeric Errors vulnerability in Microsoft products Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability." | 9.3 |
2008-09-11 | CVE-2008-3014 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." | 9.3 |
2008-09-11 | CVE-2008-3013 | Microsoft | Resource Management Errors vulnerability in Microsoft products gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability." | 9.3 |
2008-09-11 | CVE-2008-3012 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability." | 9.3 |
2008-09-11 | CVE-2008-3008 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability." | 9.3 |
2008-09-11 | CVE-2008-3007 | Microsoft | Improper Input Validation vulnerability in Microsoft Office and Office Onenote Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability." | 9.3 |
2008-09-11 | CVE-2008-2253 | Microsoft | Code Injection vulnerability in Microsoft Windows Media Player 11 Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability." http://www.microsoft.com/technet/security/Bulletin/MS08-054.mspx Security updates are available from Microsoft Update, Windows Update, and Office Update. | 9.3 |
2008-09-11 | CVE-2007-5348 | Microsoft | Numeric Errors vulnerability in Microsoft products Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability." | 9.3 |
21 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-09-11 | CVE-2008-4040 | Kyocera Mita | Path Traversal vulnerability in Kyocera Mita FS 118Mfp Directory traversal vulnerability in the Kyocera Command Center in Kyocera FS-118MFP allows remote attackers to read arbitrary files via a .. | 7.8 |
2008-09-11 | CVE-2008-4055 | Texmedia | SQL Injection vulnerability in Texmedia Million Pixel Script SQL injection vulnerability in tops_top.php in Million Pixel Ad Script (Million Pixel Script) allows remote attackers to execute arbitrary SQL commands via the id_cat parameter. | 7.5 |
2008-09-11 | CVE-2008-4054 | Kolifa | SQL Injection vulnerability in Kolifa Download Script 1.2 SQL injection vulnerability in indir.php in Kolifa.net Download Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-09-11 | CVE-2008-4047 | Novell | Code Injection vulnerability in Novell Forum Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7.0, 7.1, 7.2, 7.3, and 8.0 allows remote attackers to execute arbitrary TCL code via a modified URL. | 7.5 |
2008-09-11 | CVE-2008-4046 | Elitecms | SQL Injection vulnerability in Elitecms 1.0 SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
2008-09-11 | CVE-2008-4044 | AJ Square | SQL Injection vulnerability in AJ Square AJ Hyip Acme SQL injection vulnerability in article/readarticle.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the artid parameter. | 7.5 |
2008-09-11 | CVE-2008-4043 | AJ Square | SQL Injection vulnerability in AJ Square AJ Hyip Acme Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute arbitrary SQL commands via the artid parameter to (1) acme/article/comment.php and (2) prime/article/comment.php. | 7.5 |
2008-09-11 | CVE-2008-4039 | Spice Classifieds | SQL Injection vulnerability in Spice Classifieds Spice Classifieds SQL injection vulnerability in index.php in Spice Classifieds allows remote attackers to execute arbitrary SQL commands via the cat_path parameter. | 7.5 |
2008-09-11 | CVE-2008-3967 | Mybb | Permissions, Privileges, and Access Controls vulnerability in Mybb moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors. | 7.5 |
2008-09-11 | CVE-2008-3965 | Mybb | SQL Injection vulnerability in Mybb SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field. | 7.5 |
2008-09-11 | CVE-2008-3958 | IBM | Multiple vulnerability in IBM DB2 8.0 IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. | 7.5 |
2008-09-11 | CVE-2008-3955 | Masir Camp | SQL Injection vulnerability in Masir Camp E-Shop Module SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ordercode parameter in a veiworderstatus page. | 7.5 |
2008-09-11 | CVE-2008-3954 | Alstrasoft | SQL Injection vulnerability in Alstrasoft Forum PAY PER Post Exchange SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showcat action. | 7.5 |
2008-09-11 | CVE-2008-3953 | Vastal | SQL Injection vulnerability in Vastal Shaadi Zone 1.0.9 SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter. | 7.5 |
2008-09-11 | CVE-2008-3952 | Editeurscripts Esfaq | SQL Injection vulnerability in Editeurscripts Esfaq 2.0 SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the idcat parameter. | 7.5 |
2008-09-11 | CVE-2008-3951 | Vastal | SQL Injection vulnerability in Vastal Agent Zone SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the ann_id parameter. | 7.5 |
2008-09-11 | CVE-2008-4052 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openvms Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors. | 7.2 |
2008-09-11 | CVE-2008-4018 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3/6.1 swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. | 7.2 |
2008-09-11 | CVE-2008-3636 | Apple | Numeric Errors vulnerability in Apple Itunes Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. | 7.2 |
2008-09-11 | CVE-2007-6717 | IBM | Buffer Errors vulnerability in IBM AIX 5.2.0/5.3.0 Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors. | 7.2 |
2008-09-11 | CVE-2008-3631 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Ipod Touch 2.0/2.0.1/2.0.2 Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application. | 7.1 |
25 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-09-11 | CVE-2008-4049 | Friendly Technologies | Improper Input Validation vulnerability in Friendly Technologies Friendly Pppoe Client 3.0.0.57 A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method. | 6.8 |
2008-09-11 | CVE-2008-4048 | Friendly Technologies | Buffer Errors vulnerability in Friendly Technologies Friendly Pppoe Client 3.0.0.57 Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary code via a long third argument to the CreateURLShortcut method. | 6.8 |
2008-09-11 | CVE-2008-3626 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. | 6.8 |
2008-09-11 | CVE-2008-3624 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms. | 6.8 |
2008-09-11 | CVE-2008-3614 | Apple Microsoft | Numeric Errors vulnerability in Apple Quicktime Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption. | 6.8 |
2008-09-11 | CVE-2008-3972 | Opensc Project Siemens | Permissions, Privileges, and Access Controls vulnerability in Opensc-Project Opensc pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235. | 6.6 |
2008-09-11 | CVE-2008-3630 | Apple Microsoft | Remote Forged DNS Response vulnerability in Apple Bonjour 1.0.4 mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | 6.4 |
2008-09-11 | CVE-2008-3969 | Bitlbee Fedoraproject | Permissions, Privileges, and Access Controls vulnerability in Bitlbee Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920. | 5.0 |
2008-09-11 | CVE-2008-3960 | IBM | Improper Input Validation vulnerability in IBM DB2 Universal Database 8.2 Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets." | 5.0 |
2008-09-11 | CVE-2008-3959 | IBM | Denial-Of-Service vulnerability in DB2 8.1/8.2 IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. | 5.0 |
2008-09-11 | CVE-2008-3913 | Clamav Debian | Memory Leak vulnerability in multiple products Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic". | 5.0 |
2008-09-11 | CVE-2008-3912 | Clamav Debian | Resource Management Errors vulnerability in multiple products libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition. | 5.0 |
2008-09-11 | CVE-2008-2326 | Apple Microsoft | Improper Input Validation vulnerability in Apple Bonjour 1.0.4 mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label. | 5.0 |
2008-09-12 | CVE-2008-3824 | Horde Popoon | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message. | 4.3 |
2008-09-12 | CVE-2008-3823 | Horde | Cross-Site Scripting vulnerability in Horde 3.2/3.2.1 Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message. | 4.3 |
2008-09-11 | CVE-2008-4056 | Matterdaddy | Cross-Site Scripting vulnerability in Matterdaddy Market 1.1 Cross-site scripting (XSS) vulnerability in admin/login.php in Matterdaddy Market 1.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
2008-09-11 | CVE-2008-4053 | Bluemoon Xoops | Cross-Site Scripting vulnerability in Bluemoon Popnupblog 3.20/3.30 Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) cat_id, and (3) view parameters. | 4.3 |
2008-09-11 | CVE-2008-4051 | Jandus Technologies | Cross-Site Scripting vulnerability in Jandus Technologies Smart Survey 1.0 Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart Survey 1.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | 4.3 |
2008-09-11 | CVE-2008-4045 | Cross-Site Scripting vulnerability in @Mail 5.42 Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML via the (1) file and (2) HelpFile parameters to parse.php, the (3) Folder and (4) start parameters to showmail.php, and the (5) abookview parameter to abook.php. | 4.3 | |
2008-09-11 | CVE-2008-3968 | Punbb | Cross-Site Scripting vulnerability in Punbb Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | 4.3 |
2008-09-11 | CVE-2008-3966 | Mybb | Cross-Site Scripting vulnerability in Mybb Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php. | 4.3 |
2008-09-11 | CVE-2008-3964 | Libpng | Off-by-one Error vulnerability in Libpng Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c. | 4.3 |
2008-09-11 | CVE-2008-3629 | Apple Microsoft | Resource Management Errors vulnerability in Apple Quicktime Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read. | 4.3 |
2008-09-11 | CVE-2008-4041 | Softalk Mail Server | Improper Input Validation vulnerability in Softalk Mail Server Softalk Mail Server 8.5.1.431 The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1.431 allows remote authenticated users to cause a denial of service (resource consumption and daemon crash) via a long IMAP APPEND command with certain repeated parameters. | 4.0 |
2008-09-11 | CVE-2008-3963 | Mysql Oracle | USE of Externally-Controlled Format String vulnerability in multiple products MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement. | 4.0 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-09-11 | CVE-2008-3962 | Ssmtp | Information Exposure vulnerability in Ssmtp 2.61/2.62 The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunistic circumstances by reading a message. | 2.6 |
2008-09-11 | CVE-2008-3634 | Apple | Information Exposure vulnerability in Apple Itunes Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. | 2.6 |
2008-09-12 | CVE-2008-3889 | Linux Postfix | Improper Input Validation vulnerability in Postfix Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file. | 2.1 |
2008-09-11 | CVE-2008-3539 | HP Microsoft | Information Exposure vulnerability in HP products Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors. | 2.1 |