Weekly Vulnerabilities Reports > September 8 to 14, 2008

Overview

78 new vulnerabilities reported during this period, including 23 critical vulnerabilities and 24 high severity vulnerabilities. This weekly summary report vulnerabilities in 96 products from 48 vendors including Microsoft, Apple, IBM, Clamav, and Debian. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Improper Input Validation", "Resource Management Errors", and "Cross-site Scripting".

  • 70 reported vulnerabilities are remotely exploitables.
  • 17 reported vulnerabilities have public exploit available.
  • 21 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 76 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 19 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 13 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

23 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-09-12 CVE-2008-3529 Xmlsoft
Debian
Canonical
Apple
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

10.0
2008-09-11 CVE-2008-4057 Objective Development Security vulnerability in Sharity

Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a "serious security problem."

10.0
2008-09-11 CVE-2008-3914 Clamav Information Exposure vulnerability in Clamav

Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c.

10.0
2008-09-11 CVE-2008-4050 Friendly Technologies Improper Input Validation vulnerability in Friendly Technologies Friendly Pppoe Client 3.0.0.57

A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method.

9.3
2008-09-11 CVE-2008-3584 Netbsd Improper Input Validation vulnerability in Netbsd 3.0/3.1/4.0

NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a crafted PPPoE packet.

9.3
2008-09-11 CVE-2008-3971 Gmanedit2 Buffer Errors vulnerability in Gmanedit2 Gmanedit 0.4.1

Heap-based buffer overflow in the open_man_file function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion.

9.3
2008-09-11 CVE-2008-3957 Microsoft Improper Input Validation vulnerability in Microsoft Windows Image Acquisition Logger

The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method.

9.3
2008-09-11 CVE-2008-3956 Microsoft Code Injection vulnerability in Microsoft Organization Chart 2.00

orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.

9.3
2008-09-11 CVE-2008-3915 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl.

9.3
2008-09-11 CVE-2008-3635 Apple
Intel
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

9.3
2008-09-11 CVE-2008-3632 Apple Resource Management Errors vulnerability in Apple Iphone and Ipod Touch

Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements.

9.3
2008-09-11 CVE-2008-3628 Apple
Microsoft
Resource Management Errors vulnerability in Apple Quicktime

Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue."

9.3
2008-09-11 CVE-2008-3627 Apple Resource Management Errors vulnerability in Apple Quicktime

Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file.

9.3
2008-09-11 CVE-2008-3625 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms.

9.3
2008-09-11 CVE-2008-3615 Apple
Microsoft
Resource Management Errors vulnerability in Apple Quicktime

ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

9.3
2008-09-11 CVE-2008-3015 Microsoft Numeric Errors vulnerability in Microsoft products

Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."

9.3
2008-09-11 CVE-2008-3014 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."

9.3
2008-09-11 CVE-2008-3013 Microsoft Resource Management Errors vulnerability in Microsoft products

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."

9.3
2008-09-11 CVE-2008-3012 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."

9.3
2008-09-11 CVE-2008-3008 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."

9.3
2008-09-11 CVE-2008-3007 Microsoft Improper Input Validation vulnerability in Microsoft Office and Office Onenote

Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."

9.3
2008-09-11 CVE-2008-2253 Microsoft Code Injection vulnerability in Microsoft Windows Media Player 11

Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability." http://www.microsoft.com/technet/security/Bulletin/MS08-054.mspx Security updates are available from Microsoft Update, Windows Update, and Office Update.

9.3
2008-09-11 CVE-2007-5348 Microsoft Numeric Errors vulnerability in Microsoft products

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."

9.3

24 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-09-11 CVE-2008-4040 Kyocera Mita Path Traversal vulnerability in Kyocera Mita FS 118Mfp

Directory traversal vulnerability in the Kyocera Command Center in Kyocera FS-118MFP allows remote attackers to read arbitrary files via a ..

7.8
2008-09-12 CVE-2008-2932 Redhat Buffer Errors vulnerability in Redhat Adminutil 1.1.6

Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via % (percent) encoded HTTP input to unspecified CGI scripts in Fedora Directory Server.

7.5
2008-09-11 CVE-2008-4055 Texmedia SQL Injection vulnerability in Texmedia Million Pixel Script

SQL injection vulnerability in tops_top.php in Million Pixel Ad Script (Million Pixel Script) allows remote attackers to execute arbitrary SQL commands via the id_cat parameter.

7.5
2008-09-11 CVE-2008-4054 Kolifa SQL Injection vulnerability in Kolifa Download Script 1.2

SQL injection vulnerability in indir.php in Kolifa.net Download Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-09-11 CVE-2008-4047 Novell Code Injection vulnerability in Novell Forum

Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7.0, 7.1, 7.2, 7.3, and 8.0 allows remote attackers to execute arbitrary TCL code via a modified URL.

7.5
2008-09-11 CVE-2008-4046 Elitecms SQL Injection vulnerability in Elitecms 1.0

SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2008-09-11 CVE-2008-4044 AJ Square SQL Injection vulnerability in AJ Square AJ Hyip Acme

SQL injection vulnerability in article/readarticle.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the artid parameter.

7.5
2008-09-11 CVE-2008-4043 AJ Square SQL Injection vulnerability in AJ Square AJ Hyip Acme

Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute arbitrary SQL commands via the artid parameter to (1) acme/article/comment.php and (2) prime/article/comment.php.

7.5
2008-09-11 CVE-2008-4039 Spice Classifieds SQL Injection vulnerability in Spice Classifieds Spice Classifieds

SQL injection vulnerability in index.php in Spice Classifieds allows remote attackers to execute arbitrary SQL commands via the cat_path parameter.

7.5
2008-09-11 CVE-2008-3967 Mybb Permissions, Privileges, and Access Controls vulnerability in Mybb

moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors.

7.5
2008-09-11 CVE-2008-3965 Mybb SQL Injection vulnerability in Mybb

SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field.

7.5
2008-09-11 CVE-2008-3958 IBM Multiple vulnerability in IBM DB2 8.0

IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.

7.5
2008-09-11 CVE-2008-3955 Masir Camp SQL Injection vulnerability in Masir Camp E-Shop Module

SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ordercode parameter in a veiworderstatus page.

7.5
2008-09-11 CVE-2008-3954 Alstrasoft SQL Injection vulnerability in Alstrasoft Forum PAY PER Post Exchange

SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showcat action.

7.5
2008-09-11 CVE-2008-3953 Vastal SQL Injection vulnerability in Vastal Shaadi Zone 1.0.9

SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter.

7.5
2008-09-11 CVE-2008-3952 Editeurscripts Esfaq SQL Injection vulnerability in Editeurscripts Esfaq 2.0

SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the idcat parameter.

7.5
2008-09-11 CVE-2008-3951 Vastal SQL Injection vulnerability in Vastal Agent Zone

SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the ann_id parameter.

7.5
2008-09-11 CVE-2008-3612 Apple Numeric Errors vulnerability in Apple Iphone and Ipod Touch

The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.

7.5
2008-09-11 CVE-2008-4052 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openvms

Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors.

7.2
2008-09-11 CVE-2008-4018 IBM Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3/6.1

swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors.

7.2
2008-09-11 CVE-2008-3636 Apple Numeric Errors vulnerability in Apple Itunes

Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges.

7.2
2008-09-11 CVE-2007-6717 IBM Buffer Errors vulnerability in IBM AIX 5.2.0/5.3.0

Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors.

7.2
2008-09-11 CVE-2008-3631 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Ipod Touch 2.0/2.0.1/2.0.2

Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application.

7.1
2008-09-11 CVE-2008-2464 Kame
Freebsd
Netbsd
Numeric Errors vulnerability in multiple products

The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ICMPv6 Multicast Listener Discovery (MLD) query with a certain Maximum Response Delay value.

7.1

27 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-09-11 CVE-2008-3970 PAM Mount Permissions, Privileges, and Access Controls vulnerability in PAM Mount PAM Mount

pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount.

6.9
2008-09-11 CVE-2008-4049 Friendly Technologies Improper Input Validation vulnerability in Friendly Technologies Friendly Pppoe Client 3.0.0.57

A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method.

6.8
2008-09-11 CVE-2008-4048 Friendly Technologies Buffer Errors vulnerability in Friendly Technologies Friendly Pppoe Client 3.0.0.57

Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary code via a long third argument to the CreateURLShortcut method.

6.8
2008-09-11 CVE-2008-3626 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.

6.8
2008-09-11 CVE-2008-3624 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms.

6.8
2008-09-11 CVE-2008-3614 Apple
Microsoft
Numeric Errors vulnerability in Apple Quicktime

Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.

6.8
2008-09-11 CVE-2008-3972 Opensc Project
Siemens
Permissions, Privileges, and Access Controls vulnerability in Opensc-Project Opensc

pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.

6.6
2008-09-11 CVE-2008-3630 Apple
Microsoft
Remote Forged DNS Response vulnerability in Apple Bonjour 1.0.4

mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

6.4
2008-09-12 CVE-2008-3274 Redhat Information Exposure vulnerability in Redhat Enterprise IPA and Freeipa

The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.

5.0
2008-09-11 CVE-2008-3969 Bitlbee
Fedoraproject
Permissions, Privileges, and Access Controls vulnerability in Bitlbee

Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.

5.0
2008-09-11 CVE-2008-3960 IBM Improper Input Validation vulnerability in IBM DB2 Universal Database 8.2

Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets."

5.0
2008-09-11 CVE-2008-3959 IBM Denial-Of-Service vulnerability in DB2 8.1/8.2

IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.

5.0
2008-09-11 CVE-2008-3913 Clamav
Debian
Memory Leak vulnerability in multiple products

Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".

5.0
2008-09-11 CVE-2008-3912 Clamav
Debian
Resource Management Errors vulnerability in multiple products

libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.

5.0
2008-09-11 CVE-2008-2326 Apple
Microsoft
Improper Input Validation vulnerability in Apple Bonjour 1.0.4

mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label.

5.0
2008-09-12 CVE-2008-3824 Horde
Popoon
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.

4.3
2008-09-12 CVE-2008-3823 Horde Cross-Site Scripting vulnerability in Horde 3.2/3.2.1

Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.

4.3
2008-09-11 CVE-2008-4056 Matterdaddy Cross-Site Scripting vulnerability in Matterdaddy Market 1.1

Cross-site scripting (XSS) vulnerability in admin/login.php in Matterdaddy Market 1.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2008-09-11 CVE-2008-4053 Bluemoon
Xoops
Cross-Site Scripting vulnerability in Bluemoon Popnupblog 3.20/3.30

Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) cat_id, and (3) view parameters.

4.3
2008-09-11 CVE-2008-4051 Jandus Technologies Cross-Site Scripting vulnerability in Jandus Technologies Smart Survey 1.0

Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart Survey 1.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.

4.3
2008-09-11 CVE-2008-4045 Mail Cross-Site Scripting vulnerability in @Mail 5.42

Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML via the (1) file and (2) HelpFile parameters to parse.php, the (3) Folder and (4) start parameters to showmail.php, and the (5) abookview parameter to abook.php.

4.3
2008-09-11 CVE-2008-3968 Punbb Cross-Site Scripting vulnerability in Punbb

Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter.

4.3
2008-09-11 CVE-2008-3966 Mybb Cross-Site Scripting vulnerability in Mybb

Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php.

4.3
2008-09-11 CVE-2008-3964 Libpng Resource Management Errors vulnerability in Libpng

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.

4.3
2008-09-11 CVE-2008-3629 Apple
Microsoft
Resource Management Errors vulnerability in Apple Quicktime

Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.

4.3
2008-09-11 CVE-2008-4041 Softalk Mail Server Improper Input Validation vulnerability in Softalk Mail Server Softalk Mail Server 8.5.1.431

The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1.431 allows remote authenticated users to cause a denial of service (resource consumption and daemon crash) via a long IMAP APPEND command with certain repeated parameters.

4.0
2008-09-11 CVE-2008-3963 Mysql
Oracle
USE of Externally-Controlled Format String vulnerability in multiple products

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-09-11 CVE-2008-3962 Ssmtp Information Exposure vulnerability in Ssmtp 2.61/2.62

The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunistic circumstances by reading a message.

2.6
2008-09-11 CVE-2008-3634 Apple Information Exposure vulnerability in Apple Itunes

Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information.

2.6
2008-09-12 CVE-2008-3889 Linux
Postfix
Improper Input Validation vulnerability in Postfix

Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.

2.1
2008-09-11 CVE-2008-3539 HP
Microsoft
Information Exposure vulnerability in HP products

Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors.

2.1