Weekly Vulnerabilities Reports > September 22 to 28, 2008
Overview
123 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 52 high severity vulnerabilities. This weekly summary report vulnerabilities in 93 products from 76 vendors including Cisco, Mozilla, Canonical, Opera, and Debian. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Information Exposure", and "Path Traversal".
- 118 reported vulnerabilities are remotely exploitables.
- 45 reported vulnerabilities have public exploit available.
- 50 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 119 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 18 reported vulnerabilities.
- Mozilla has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
17 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-09-27 | CVE-2008-4296 | Cisco | Credentials Management vulnerability in Cisco Linksys Wrt350N The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. | 10.0 |
| 2008-09-27 | CVE-2008-4293 | Opera Microsoft | Multiple Security vulnerability in Opera Web Browser 9.51 Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications. | 10.0 |
| 2008-09-27 | CVE-2008-4292 | Opera | Credentials Management vulnerability in Opera Browser Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. | 10.0 |
| 2008-09-27 | CVE-2008-4070 | Mozilla | Buffer Errors vulnerability in Mozilla Seamonkey and Thunderbird Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages." | 10.0 |
| 2008-09-24 | CVE-2008-4064 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp. | 10.0 |
| 2008-09-24 | CVE-2008-4062 | Mozilla Debian Canonical | Resource Management Errors vulnerability in multiple products Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp. | 10.0 |
| 2008-09-24 | CVE-2008-4061 | Mozilla Debian Canonical | Numeric Errors vulnerability in multiple products Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine. | 10.0 |
| 2008-09-24 | CVE-2008-0016 | Mozilla | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox and Seamonkey Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link. | 10.0 |
| 2008-09-24 | CVE-2008-4208 | Osads Alliance Database | Unspecified vulnerability in OSADS Alliance Database 'includes/functions.php' Unspecified vulnerability in OSADS Alliance Database before 2.1 has unknown impact and attack vectors, possibly related to includes/functions.php, a different issue than CVE-2006-2874. | 10.0 |
| 2008-09-24 | CVE-2008-4193 | ALT N | Buffer Errors vulnerability in Alt-N Securitygateway 1.0.1 Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter. | 10.0 |
| 2008-09-24 | CVE-2008-4138 | Technote | Code Injection vulnerability in Technote 7 PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in TECHNOTE 7 allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter. | 10.0 |
| 2008-09-23 | CVE-2008-4188 | Typo3 | Code Injection vulnerability in Typo3 Secure Directory 0.1.3/1.0.0 Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) extension before 1.0.2 allows remote attackers to execute arbitrary code via unknown vectors related to "injection of control characters." | 10.0 |
| 2008-09-26 | CVE-2008-3807 | Cisco | Unspecified vulnerability in Cisco IOS Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this community and sending SNMP requests. | 9.3 |
| 2008-09-26 | CVE-2008-3638 | Apple | Code Injection vulnerability in Apple mac OS X and mac OS X Server Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs. | 9.3 |
| 2008-09-24 | CVE-2008-4063 | Canonical Mozilla | Remote vulnerability in Mozilla Firefox/SeaMonkey/Thunderbird Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames. | 9.3 |
| 2008-09-24 | CVE-2008-3837 | Mozilla Debian Canonical | Remote vulnerability in Mozilla Firefox/SeaMonkey/Thunderbird Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823. | 9.3 |
| 2008-09-24 | CVE-2008-4201 | Audiocoding | Buffer Errors vulnerability in Audiocoding Faad2 1.1/2.0/2.5 Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file. | 9.3 |
52 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-09-27 | CVE-2008-4197 | Opera | Use of Uninitialized Resource vulnerability in Opera Browser Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut. | 8.8 |
| 2008-09-26 | CVE-2008-3637 | Apple | Improper Initialization vulnerability in Apple mac OS X and mac OS X Server The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." | 8.8 |
| 2008-09-26 | CVE-2008-3806 | Cisco | Unspecified vulnerability in Cisco IOS Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3805. | 8.5 |
| 2008-09-26 | CVE-2008-3805 | Cisco | Unspecified vulnerability in Cisco IOS Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3806. | 8.5 |
| 2008-09-26 | CVE-2008-3813 | Cisco | Unspecified vulnerability in Cisco IOS Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet. | 7.8 |
| 2008-09-26 | CVE-2008-3811 | Cisco | Improper Input Validation vulnerability in Cisco IOS Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different vulnerability than CVE-2008-3810. | 7.8 |
| 2008-09-26 | CVE-2008-3810 | Cisco | Improper Input Validation vulnerability in Cisco IOS Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than CVE-2008-3811. | 7.8 |
| 2008-09-26 | CVE-2008-3808 | Cisco | Unspecified vulnerability in Cisco IOS Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet. | 7.8 |
| 2008-09-26 | CVE-2008-3799 | Cisco | Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS 12.2/12.3/12.4 Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages. | 7.8 |
| 2008-09-26 | CVE-2008-3798 | Cisco | Unspecified vulnerability in Cisco IOS 12.4/12.4Mr Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session. | 7.8 |
| 2008-09-26 | CVE-2008-2739 | Cisco | Unspecified vulnerability in Cisco IOS The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a different vulnerability than CVE-2008-1447. | 7.8 |
| 2008-09-25 | CVE-2008-4243 | Epic Games | Path Traversal vulnerability in Epic Games Unreal Tournament 3 1.3 Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 (UT3) 1.3 allows remote attackers to read arbitrary files via a .. | 7.8 |
| 2008-09-24 | CVE-2008-4068 | Mozilla Debian Canonical | Path Traversal vulnerability in multiple products Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI. | 7.8 |
| 2008-09-22 | CVE-2008-4163 | ISC | Improper Input Validation vulnerability in ISC Bind 9.3.5/9.4.2/9.5.0 Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors. | 7.8 |
| 2008-09-25 | CVE-2008-4247 | Freebsd Netbsd Openbsd | Cross-Site Request Forgery (CSRF) vulnerability in multiple products ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. | 7.5 |
| 2008-09-25 | CVE-2008-4244 | Rianxosencabos CMS | Improper Authentication vulnerability in Rianxosencabos CMS Rianxosencabos CMS 0.9 Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1. | 7.5 |
| 2008-09-25 | CVE-2008-4241 | CJ | SQL Injection vulnerability in CJ Ultra Plus 1.0.3 SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie. | 7.5 |
| 2008-09-24 | CVE-2008-4060 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT. | 7.5 |
| 2008-09-24 | CVE-2008-4059 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element. | 7.5 |
| 2008-09-24 | CVE-2008-4058 | Mozilla Debian Canonical | Permissions, Privileges, and Access Controls vulnerability in multiple products The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS. | 7.5 |
| 2008-09-24 | CVE-2008-3835 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. | 7.5 |
| 2008-09-24 | CVE-2008-4206 | Attachmax | Code Injection vulnerability in Attachmax Dolphin 2.1.0 PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter. | 7.5 |
| 2008-09-24 | CVE-2008-4205 | Attachmax | SQL Injection vulnerability in Attachmax Dolphin 2.1.0 SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a Search action to index.php. | 7.5 |
| 2008-09-24 | CVE-2008-4204 | Softacid | SQL Injection vulnerability in Softacid Hotel Reservation System SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation System (HRS) allows remote attackers to execute arbitrary SQL commands via the city parameter. | 7.5 |
| 2008-09-24 | CVE-2008-4203 | Czaries | SQL Injection vulnerability in Czaries Czarnews 1.12/1.13/1.14 SQL injection vulnerability in cn_users.php in CzarNews 1.20 and earlier allows remote attackers to execute arbitrary SQL commands via a recook cookie. | 7.5 |
| 2008-09-24 | CVE-2008-4202 | Gonafish | SQL Injection vulnerability in Gonafish Linkscaffepro 4.5 SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 allows remote attackers to execute arbitrary SQL commands via the idd parameter in a deadlink action. | 7.5 |
| 2008-09-24 | CVE-2008-4150 | Dieselscripts | SQL Injection vulnerability in Dieselscripts Diesel Joke Site SQL injection vulnerability in picture_category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3763. | 7.5 |
| 2008-09-24 | CVE-2008-4148 | Drupal | SQL Injection vulnerability in Drupal Mailhandler SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API. | 7.5 |
| 2008-09-24 | CVE-2008-4144 | Discountedscripts | SQL Injection vulnerability in Discountedscripts E-Gold Script Shop SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Script Shop allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action. | 7.5 |
| 2008-09-24 | CVE-2008-4143 | Razorecommerce | SQL Injection vulnerability in Razorecommerce Shopping Cart SQL injection vulnerability in category_search.php in RazorCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-09-24 | CVE-2008-4142 | Ephpscripts | SQL Injection vulnerability in Ephpscripts E-PHP CMS SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter. | 7.5 |
| 2008-09-24 | CVE-2008-4141 | X10Media | Code Injection vulnerability in X10Media .X10 Automatic MP3 Script 1.5.5 Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.php. | 7.5 |
| 2008-09-24 | CVE-2008-4137 | PHP Crawler | Improper Input Validation vulnerability in PHP Crawler PHP Crawler PHP remote file inclusion vulnerability in footer.php in PHP-Crawler 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the footer_file parameter. | 7.5 |
| 2008-09-23 | CVE-2008-4186 | Webcms | SQL Injection vulnerability in Webcms Portal Edition SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id_doc parameter. | 7.5 |
| 2008-09-23 | CVE-2008-4185 | Webcms | SQL Injection vulnerability in Webcms Portal Edition SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213. | 7.5 |
| 2008-09-23 | CVE-2008-4178 | Downline Goldmine | SQL Injection vulnerability in Downline Goldmine Builder and NEW Addon SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-09-23 | CVE-2008-4177 | Preprojects | SQL Injection vulnerability in Preprojects PRE Real Estate Listings SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter. | 7.5 |
| 2008-09-23 | CVE-2008-4176 | ASP Indir | SQL Injection vulnerability in ASP Indir FOT Video Scripti 1.1 SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta allows remote attackers to execute arbitrary SQL commands via the oyun parameter. | 7.5 |
| 2008-09-22 | CVE-2008-4173 | Proarcadescript | SQL Injection vulnerability in Proarcadescript 1.3 SQL injection vulnerability in ProArcadeScript 1.3 allows remote attackers to execute arbitrary SQL commands via the random parameter to the default URI. | 7.5 |
| 2008-09-22 | CVE-2008-4172 | Rfaah | SQL Injection vulnerability in Rfaah Cars-Vehicles Script SQL injection vulnerability in page.php in Cars & Vehicle (aka Cars-Vehicle Script) allows remote attackers to execute arbitrary SQL commands via the lnkid parameter. | 7.5 |
| 2008-09-22 | CVE-2008-4171 | Invision Power Services | SQL Injection vulnerability in Invision Power Services Invision Power Board 2.2/2.3 SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter. | 7.5 |
| 2008-09-22 | CVE-2008-4169 | Iscripts | SQL Injection vulnerability in Iscripts Easyindex SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter. | 7.5 |
| 2008-09-22 | CVE-2008-4159 | Zanfi Solutions | SQL Injection vulnerability in Zanfi Solutions JAW Portal and Zanfi CMS Lite SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter. | 7.5 |
| 2008-09-22 | CVE-2008-4157 | Vastal | SQL Injection vulnerability in Vastal PHPvid 1.1 SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. | 7.5 |
| 2008-09-27 | CVE-2008-4294 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Netcool Webtop 2.1.0 IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user privileges after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation, as demonstrated by a root session that is still valid after a subsequent read-only session has begun. | 7.2 |
| 2008-09-22 | CVE-2008-3949 | Suse | Code Injection vulnerability in Suse Linux emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file. | 7.2 |
| 2008-09-26 | CVE-2008-3812 | Cisco | Unspecified vulnerability in Cisco IOS Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet. | 7.1 |
| 2008-09-26 | CVE-2008-3809 | Cisco | Unspecified vulnerability in Cisco IOS Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet. | 7.1 |
| 2008-09-26 | CVE-2008-3804 | Cisco | Unspecified vulnerability in Cisco IOS 12.2/12.4 Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software path is used. | 7.1 |
| 2008-09-26 | CVE-2008-3802 | Cisco | Unspecified vulnerability in Cisco IOS Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka Cisco bug ID CSCsk42759, a different vulnerability than CVE-2008-3800 and CVE-2008-3801. | 7.1 |
| 2008-09-26 | CVE-2008-3801 | Cisco | Unspecified vulnerability in Cisco products Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802. | 7.1 |
| 2008-09-26 | CVE-2008-3800 | Cisco | Unspecified vulnerability in Cisco products Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802. | 7.1 |
51 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-09-25 | CVE-2008-4242 | Proftpd Project | Cross-Site Request Forgery (CSRF) vulnerability in Proftpd Project Proftpd 1.3.1 ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. | 6.8 |
| 2008-09-24 | CVE-2008-4145 | Addalink | SQL Injection vulnerability in Addalink SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | 6.8 |
| 2008-09-23 | CVE-2008-4181 | Netenberg | Path Traversal vulnerability in Netenberg Fantastico DE Luxe Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. | 6.8 |
| 2008-09-22 | CVE-2008-4161 | Assetman | SQL Injection vulnerability in Assetman 2.5B SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action. | 6.8 |
| 2008-09-22 | CVE-2008-4158 | Zanfi Solutions | Path Traversal vulnerability in Zanfi Solutions Zanfi CMS Lite 1.2 Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2008-09-24 | CVE-2008-4191 | Emacspeak INC | Link Following vulnerability in Emacspeak INC Emacspeak 26.0/28.0 extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file. | 6.6 |
| 2008-09-25 | CVE-2008-4245 | Rianxosencabos CMS | Permissions, Privileges, and Access Controls vulnerability in Rianxosencabos CMS Rianxosencabos CMS 0.9 The Admin Control Panel in Rianxosencabos CMS 0.9 does not require administrator privileges, which allows remote authenticated users to (1) change a user's privileges, (2) delete a user account, or perform unspecified other administrative actions via vectors involving an admin lista action to the default URI, possibly related to useradmin.php. | 6.5 |
| 2008-09-23 | CVE-2008-4175 | Linkbidscript | SQL Injection vulnerability in Linkbidscript 1.5 Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) ucat parameter to upgrade.php and the (2) id parameter to linkadmin/edit.php. | 6.5 |
| 2008-09-27 | CVE-2008-4200 | Opera | Improper Input Validation vulnerability in Opera Browser Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker. | 6.4 |
| 2008-09-22 | CVE-2008-4167 | Ezphotogallery | Improper Authentication vulnerability in Ezphotogallery 2.1 useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account. | 6.4 |
| 2008-09-27 | CVE-2008-4295 | Microsoft HTC | Improper Input Validation vulnerability in Microsoft Windows Mobile 6.0 Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. | 5.4 |
| 2008-09-26 | CVE-2008-3803 | Cisco | Unspecified vulnerability in Cisco IOS 12.0S/12.0Sx/12.0Sz A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances. | 5.1 |
| 2008-09-27 | CVE-2008-4298 | Lighttpd | Resource Management Errors vulnerability in Lighttpd Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers. | 5.0 |
| 2008-09-27 | CVE-2008-4297 | Mercurial | Permissions, Privileges, and Access Controls vulnerability in Mercurial Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request. | 5.0 |
| 2008-09-27 | CVE-2008-4199 | Opera | Information Exposure vulnerability in Opera Browser Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation." | 5.0 |
| 2008-09-27 | CVE-2008-4198 | Opera | Multiple Security vulnerability in Opera Web Browser 9.51 Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the http page. | 5.0 |
| 2008-09-27 | CVE-2008-4195 | Opera | Permissions, Privileges, and Access Controls vulnerability in Opera Browser Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script. | 5.0 |
| 2008-09-24 | CVE-2008-4069 | Mozilla | Information Exposure vulnerability in Mozilla Firefox and Seamonkey The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file. | 5.0 |
| 2008-09-24 | CVE-2008-4207 | Attachmax | Information Exposure vulnerability in Attachmax Dolphin 2.1.0 Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php in the main folder, which allows remote attackers to obtain sensitive information via a direct request, which invokes the phpinfo function. | 5.0 |
| 2008-09-24 | CVE-2008-3663 | Squirrelmail | Cryptographic Issues vulnerability in Squirrelmail 1.4.15 Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | 5.0 |
| 2008-09-24 | CVE-2008-4194 | Pdnsd | Resource Management Errors vulnerability in Pdnsd The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug." | 5.0 |
| 2008-09-24 | CVE-2008-3102 | Mantisbt | Cryptographic Issues vulnerability in Mantisbt Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | 5.0 |
| 2008-09-24 | CVE-2008-4153 | Drupal | Permissions, Privileges, and Access Controls vulnerability in Drupal Talk The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, does not perform access checks for a node before displaying comments, which allows remote attackers to obtain sensitive information. | 5.0 |
| 2008-09-24 | CVE-2008-4151 | Cyask | Path Traversal vulnerability in Cyask 3 Directory traversal vulnerability in collect.php in CYASK 3.x allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2008-09-24 | CVE-2008-4146 | Addalink | Improper Authentication vulnerability in Addalink Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field. | 5.0 |
| 2008-09-24 | CVE-2008-4136 | Michael Roth Software | Improper Input Validation vulnerability in Michael Roth Software Pftp 6.0F Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote attackers to cause a denial of service (service crash) via multiple RETR commands, possibly involving long filenames. | 5.0 |
| 2008-09-23 | CVE-2008-4183 | Integramod | Information Exposure vulnerability in Integramod 1.4 IntegraMOD 1.4.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup via a direct request to a backup/backup-yyyy-dd-mm.sql filename. | 5.0 |
| 2008-09-23 | CVE-2008-4180 | Nooms | Information Exposure vulnerability in Nooms 1.1 Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the g_dbuser parameter and a password in the g_dbpwd parameter, and possibly a "localhost" g_dbhost parameter value, related to a "Mysql Remote Brute Force Vulnerability." | 5.0 |
| 2008-09-23 | CVE-2008-3661 | Drupal | Cryptographic Issues vulnerability in Drupal Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | 5.0 |
| 2008-09-22 | CVE-2008-4170 | Oscommerce | Information Exposure vulnerability in Oscommerce 2.2 create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message. | 5.0 |
| 2008-09-22 | CVE-2008-4160 | SUN | Resource Management Errors vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation. | 4.7 |
| 2008-09-24 | CVE-2008-4190 | Openswan Xelerance | Link Following vulnerability in multiple products The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. | 4.4 |
| 2008-09-27 | CVE-2008-4196 | Opera | Cross-Site Scripting vulnerability in Opera Browser Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-09-27 | CVE-2008-4119 | Broadcom CA | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms." | 4.3 |
| 2008-09-24 | CVE-2008-4067 | Mozilla Linux Debian Canonical | Path Traversal vulnerability in multiple products Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. | 4.3 |
| 2008-09-24 | CVE-2008-4066 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox 2.0.0.14/2.0.0.15/2.0.0.16 Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug." | 4.3 |
| 2008-09-24 | CVE-2008-4065 | Mozilla Debian Canonical | Cross-Site Scripting vulnerability in multiple products Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug." | 4.3 |
| 2008-09-24 | CVE-2008-3098 | Fuzzylime | Cross-Site Scripting vulnerability in Fuzzylime CMS Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuzzylime (cms) before 3.03 allows remote attackers to inject arbitrary web script or HTML via the user parameter to the login form. | 4.3 |
| 2008-09-24 | CVE-2008-4149 | Drupal | Cross-Site Scripting vulnerability in Drupal Link TO US 5.X1.Xdev Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to Us module 5.x before 5.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link page header" field. | 4.3 |
| 2008-09-24 | CVE-2008-4147 | Drupal | Cross-Site Scripting vulnerability in Drupal Mailsave Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x before 5.x-3.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an attached file that has a modified Content-Type. | 4.3 |
| 2008-09-24 | CVE-2008-4140 | Opensolution | Cross-Site Scripting vulnerability in Opensolution Quick.Cart 3.1 Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
| 2008-09-23 | CVE-2008-4187 | Proactive CMS | Path Traversal vulnerability in Proactive CMS Proactive CMS Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. | 4.3 |
| 2008-09-23 | CVE-2008-4184 | Webcms | Cross-Site Scripting vulnerability in Webcms Portal Edition Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal Edition allows remote attackers to inject arbitrary web script or HTML via the patron parameter. | 4.3 |
| 2008-09-23 | CVE-2008-4182 | Horde | Cross-Site Scripting vulnerability in Horde Turba Contact Manager H3 2.2.1/3.1.1/3.2.2 Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session. | 4.3 |
| 2008-09-23 | CVE-2008-4179 | Nooms | Cross-Site Scripting vulnerability in Nooms 1.1 Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) page_id parameter to smileys.php and the (2) q parameter to search.php. | 4.3 |
| 2008-09-23 | CVE-2008-4174 | Benjamin KUZ | Cross-Site Scripting vulnerability in Benjamin KUZ Dynamic MP3 Lister 2.0.1 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dynamic MP3 Lister 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) currentpath, (2) invert, (3) search, and (4) sort parameters. | 4.3 |
| 2008-09-23 | CVE-2008-3519 | Redhat | Configuration vulnerability in Redhat Jboss Enterprise Application Platform 4.2/4.3 The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273. | 4.3 |
| 2008-09-22 | CVE-2008-4162 | Nooms | Link Following vulnerability in Nooms 1.1 Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the g_site_url parameter. | 4.3 |
| 2008-09-22 | CVE-2008-4168 | Pro2Col | Cross-Site Scripting vulnerability in Pro2Col Stingray FTS Cross-site scripting (XSS) vulnerability in verify_login.jsp in Pro2col Stingray FTS allows remote attackers to inject arbitrary web script or HTML via the form_username parameter (aka user name field). | 4.3 |
| 2008-09-22 | CVE-2008-4166 | Avantbrowser | Numeric Errors vulnerability in Avantbrowser Avant Browser Integer overflow in the JavaScript engine in Avant Browser 11.7 Build 9 and earlier allows remote attackers to cause a denial of service (application crash) by attempting to URL encode a string containing many instances of an invalid character. | 4.3 |
| 2008-09-22 | CVE-2008-4165 | Kolab | Cryptographic Issues vulnerability in Kolab Groupware Server 1.0.0 admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the referer string. | 4.0 |
3 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-09-24 | CVE-2008-4152 | Drupal | Cross-Site Scripting vulnerability in Drupal Talk Cross-site scripting (XSS) vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via a node title. | 3.5 |
| 2008-09-24 | CVE-2008-4139 | Opensolution | Cross-Site Scripting vulnerability in Opensolution Quick.Cms.Lite 2.1 Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution Quick.Cms.Lite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query string. | 2.6 |
| 2008-09-22 | CVE-2008-4164 | Memht | Information Exposure vulnerability in Memht Portal cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | 2.6 |