Weekly Vulnerabilities Reports > September 22 to 28, 2008

Overview

126 new vulnerabilities reported during this period, including 19 critical vulnerabilities and 51 high severity vulnerabilities. This weekly summary report vulnerabilities in 95 products from 77 vendors including Cisco, Mozilla, Canonical, Opera, and Debian. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Input Validation", and "Resource Management Errors".

  • 120 reported vulnerabilities are remotely exploitables.
  • 45 reported vulnerabilities have public exploit available.
  • 51 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 122 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 18 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

19 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-09-27 CVE-2008-4296 Cisco Credentials Management vulnerability in Cisco Linksys Wrt350N

The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.

10.0
2008-09-27 CVE-2008-4293 Opera
Microsoft
Multiple Security vulnerability in Opera Web Browser 9.51

Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications.

10.0
2008-09-27 CVE-2008-4292 Opera Credentials Management vulnerability in Opera Browser

Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors.

10.0
2008-09-27 CVE-2008-4070 Mozilla Buffer Errors vulnerability in Mozilla Seamonkey and Thunderbird

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages."

10.0
2008-09-24 CVE-2008-4064 Mozilla Resource Management Errors vulnerability in Mozilla Firefox

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp.

10.0
2008-09-24 CVE-2008-4062 Mozilla
Debian
Canonical
Resource Management Errors vulnerability in multiple products

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.

10.0
2008-09-24 CVE-2008-4061 Mozilla
Debian
Canonical
Numeric Errors vulnerability in multiple products

Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.

10.0
2008-09-24 CVE-2008-0016 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox and Seamonkey

Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.

10.0
2008-09-24 CVE-2008-4208 Osads Alliance Database Unspecified vulnerability in OSADS Alliance Database 'includes/functions.php'

Unspecified vulnerability in OSADS Alliance Database before 2.1 has unknown impact and attack vectors, possibly related to includes/functions.php, a different issue than CVE-2006-2874.

10.0
2008-09-24 CVE-2008-4193 ALT N Buffer Errors vulnerability in Alt-N Securitygateway 1.0.1

Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter.

10.0
2008-09-24 CVE-2008-4138 Technote Code Injection vulnerability in Technote 7

PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in TECHNOTE 7 allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter.

10.0
2008-09-23 CVE-2008-4188 Typo3 Code Injection vulnerability in Typo3 Secure Directory 0.1.3/1.0.0

Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) extension before 1.0.2 allows remote attackers to execute arbitrary code via unknown vectors related to "injection of control characters."

10.0
2008-09-27 CVE-2008-4197 Opera
Freebsd
Linux
Microsoft
SUN
Resource Management Errors vulnerability in Opera Browser

Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.

9.3
2008-09-26 CVE-2008-3807 Cisco Configuration vulnerability in Cisco IOS

Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this community and sending SNMP requests.

9.3
2008-09-26 CVE-2008-3638 Apple Code Injection vulnerability in Apple mac OS X and mac OS X Server

Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs.

9.3
2008-09-26 CVE-2008-3637 Apple Code Injection vulnerability in Apple mac OS X and mac OS X Server

The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."

9.3
2008-09-24 CVE-2008-4063 Canonical
Mozilla
Remote vulnerability in Mozilla Firefox/SeaMonkey/Thunderbird

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.

9.3
2008-09-24 CVE-2008-3837 Mozilla
Debian
Canonical
Remote vulnerability in Mozilla Firefox/SeaMonkey/Thunderbird

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.

9.3
2008-09-24 CVE-2008-4201 Audiocoding Buffer Errors vulnerability in Audiocoding Faad2 1.1/2.0/2.5

Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.

9.3

51 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-09-26 CVE-2008-3806 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco IOS

Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3805.

8.5
2008-09-26 CVE-2008-3805 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco IOS

Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3806.

8.5
2008-09-26 CVE-2008-3813 Cisco Unspecified vulnerability in Cisco IOS

Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet.

7.8
2008-09-26 CVE-2008-3811 Cisco Improper Input Validation vulnerability in Cisco IOS

Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different vulnerability than CVE-2008-3810.

7.8
2008-09-26 CVE-2008-3810 Cisco Improper Input Validation vulnerability in Cisco IOS

Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than CVE-2008-3811.

7.8
2008-09-26 CVE-2008-3808 Cisco Denial of Service Vulnerablities in Cisco IOS Protocol Independent Multicast (PIM)

Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet.

7.8
2008-09-26 CVE-2008-3799 Cisco Resource Management Errors vulnerability in Cisco IOS 12.2/12.3/12.4

Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages.

7.8
2008-09-26 CVE-2008-3798 Cisco Unspecified vulnerability in Cisco IOS 12.4/12.4Mr

Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session.

7.8
2008-09-26 CVE-2008-2739 Cisco Unspecified vulnerability in Cisco IOS

The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a different vulnerability than CVE-2008-1447.

7.8
2008-09-25 CVE-2008-4243 Epic Games Path Traversal vulnerability in Epic Games Unreal Tournament 3 1.3

Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 (UT3) 1.3 allows remote attackers to read arbitrary files via a ..

7.8
2008-09-24 CVE-2008-4068 Mozilla
Debian
Canonical
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.

7.8
2008-09-22 CVE-2008-4163 ISC Improper Input Validation vulnerability in ISC Bind 9.3.5/9.4.2/9.5.0

Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors.

7.8
2008-09-25 CVE-2008-4247 Freebsd
Netbsd
Openbsd
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

7.5
2008-09-25 CVE-2008-4244 Rianxosencabos CMS Improper Authentication vulnerability in Rianxosencabos CMS Rianxosencabos CMS 0.9

Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1.

7.5
2008-09-25 CVE-2008-4241 CJ SQL Injection vulnerability in CJ Ultra Plus 1.0.3

SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie.

7.5
2008-09-24 CVE-2008-4060 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.

7.5
2008-09-24 CVE-2008-4059 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.

7.5
2008-09-24 CVE-2008-4058 Mozilla
Debian
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.

7.5
2008-09-24 CVE-2008-3836 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions.

7.5
2008-09-24 CVE-2008-3835 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.

7.5
2008-09-24 CVE-2008-4206 Attachmax Code Injection vulnerability in Attachmax Dolphin 2.1.0

PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter.

7.5
2008-09-24 CVE-2008-4205 Attachmax SQL Injection vulnerability in Attachmax Dolphin 2.1.0

SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a Search action to index.php.

7.5
2008-09-24 CVE-2008-4204 Softacid SQL Injection vulnerability in Softacid Hotel Reservation System

SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation System (HRS) allows remote attackers to execute arbitrary SQL commands via the city parameter.

7.5
2008-09-24 CVE-2008-4203 Czaries SQL Injection vulnerability in Czaries Czarnews 1.12/1.13/1.14

SQL injection vulnerability in cn_users.php in CzarNews 1.20 and earlier allows remote attackers to execute arbitrary SQL commands via a recook cookie.

7.5
2008-09-24 CVE-2008-4202 Gonafish SQL Injection vulnerability in Gonafish Linkscaffepro 4.5

SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 allows remote attackers to execute arbitrary SQL commands via the idd parameter in a deadlink action.

7.5
2008-09-24 CVE-2008-4150 Dieselscripts SQL Injection vulnerability in Dieselscripts Diesel Joke Site

SQL injection vulnerability in picture_category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3763.

7.5
2008-09-24 CVE-2008-4148 Drupal SQL Injection vulnerability in Drupal Mailhandler

SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API.

7.5
2008-09-24 CVE-2008-4144 Discountedscripts SQL Injection vulnerability in Discountedscripts E-Gold Script Shop

SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Script Shop allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action.

7.5
2008-09-24 CVE-2008-4143 Razorecommerce SQL Injection vulnerability in Razorecommerce Shopping Cart

SQL injection vulnerability in category_search.php in RazorCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-09-24 CVE-2008-4142 Ephpscripts SQL Injection vulnerability in Ephpscripts E-PHP CMS

SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter.

7.5
2008-09-24 CVE-2008-4141 X10Media Code Injection vulnerability in X10Media .X10 Automatic MP3 Script 1.5.5

Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.php.

7.5
2008-09-24 CVE-2008-4137 PHP Crawler Improper Input Validation vulnerability in PHP Crawler PHP Crawler

PHP remote file inclusion vulnerability in footer.php in PHP-Crawler 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the footer_file parameter.

7.5
2008-09-23 CVE-2008-4186 Webcms SQL Injection vulnerability in Webcms Portal Edition

SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id_doc parameter.

7.5
2008-09-23 CVE-2008-4185 Webcms SQL Injection vulnerability in Webcms Portal Edition

SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213.

7.5
2008-09-23 CVE-2008-4178 Downline Goldmine SQL Injection vulnerability in Downline Goldmine Builder and NEW Addon

SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-09-23 CVE-2008-4177 Preprojects SQL Injection vulnerability in Preprojects PRE Real Estate Listings

SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter.

7.5
2008-09-23 CVE-2008-4176 ASP Indir SQL Injection vulnerability in ASP Indir FOT Video Scripti 1.1

SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta allows remote attackers to execute arbitrary SQL commands via the oyun parameter.

7.5
2008-09-22 CVE-2008-4173 Proarcadescript SQL Injection vulnerability in Proarcadescript 1.3

SQL injection vulnerability in ProArcadeScript 1.3 allows remote attackers to execute arbitrary SQL commands via the random parameter to the default URI.

7.5
2008-09-22 CVE-2008-4172 Rfaah SQL Injection vulnerability in Rfaah Cars-Vehicles Script

SQL injection vulnerability in page.php in Cars & Vehicle (aka Cars-Vehicle Script) allows remote attackers to execute arbitrary SQL commands via the lnkid parameter.

7.5
2008-09-22 CVE-2008-4171 Invision Power Services SQL Injection vulnerability in Invision Power Services Invision Power Board 2.2/2.3

SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter.

7.5
2008-09-22 CVE-2008-4169 Iscripts SQL Injection vulnerability in Iscripts Easyindex

SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter.

7.5
2008-09-22 CVE-2008-4159 Zanfi Solutions SQL Injection vulnerability in Zanfi Solutions JAW Portal and Zanfi CMS Lite

SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter.

7.5
2008-09-22 CVE-2008-4157 Vastal SQL Injection vulnerability in Vastal PHPvid 1.1

SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610.

7.5
2008-09-27 CVE-2008-4294 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Netcool Webtop 2.1.0

IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user privileges after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation, as demonstrated by a root session that is still valid after a subsequent read-only session has begun.

7.2
2008-09-22 CVE-2008-3949 Suse Code Injection vulnerability in Suse Linux

emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.

7.2
2008-09-26 CVE-2008-3812 Cisco Improper Input Validation vulnerability in Cisco IOS

Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet.

7.1
2008-09-26 CVE-2008-3809 Cisco Denial of Service Vulnerablities in Cisco IOS Protocol Independent Multicast (PIM)

Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet.

7.1
2008-09-26 CVE-2008-3804 Cisco Unspecified vulnerability in Cisco IOS 12.2/12.4

Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software path is used.

7.1
2008-09-26 CVE-2008-3802 Cisco Unspecified vulnerability in Cisco IOS

Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka Cisco bug ID CSCsk42759, a different vulnerability than CVE-2008-3800 and CVE-2008-3801.

7.1
2008-09-26 CVE-2008-3801 Cisco Denial of Service vulnerability in Cisco products

Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802.

7.1
2008-09-26 CVE-2008-3800 Cisco Denial of Service vulnerability in Cisco products

Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.

7.1

52 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-09-25 CVE-2008-4242 Proftpd Project Cross-Site Request Forgery (CSRF) vulnerability in Proftpd Project Proftpd 1.3.1

ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

6.8
2008-09-24 CVE-2008-4145 Addalink SQL Injection vulnerability in Addalink

SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

6.8
2008-09-23 CVE-2008-4181 Netenberg Path Traversal vulnerability in Netenberg Fantastico DE Luxe

Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a ..

6.8
2008-09-22 CVE-2008-4161 Assetman SQL Injection vulnerability in Assetman 2.5B

SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action.

6.8
2008-09-22 CVE-2008-4158 Zanfi Solutions Path Traversal vulnerability in Zanfi Solutions Zanfi CMS Lite 1.2

Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a ..

6.8
2008-09-24 CVE-2008-4191 Emacspeak INC Link Following vulnerability in Emacspeak INC Emacspeak 26.0/28.0

extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file.

6.6
2008-09-25 CVE-2008-4245 Rianxosencabos CMS Permissions, Privileges, and Access Controls vulnerability in Rianxosencabos CMS Rianxosencabos CMS 0.9

The Admin Control Panel in Rianxosencabos CMS 0.9 does not require administrator privileges, which allows remote authenticated users to (1) change a user's privileges, (2) delete a user account, or perform unspecified other administrative actions via vectors involving an admin lista action to the default URI, possibly related to useradmin.php.

6.5
2008-09-23 CVE-2008-4175 Linkbidscript SQL Injection vulnerability in Linkbidscript 1.5

Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) ucat parameter to upgrade.php and the (2) id parameter to linkadmin/edit.php.

6.5
2008-09-27 CVE-2008-4200 Opera Improper Input Validation vulnerability in Opera Browser

Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker.

6.4
2008-09-22 CVE-2008-4167 Ezphotogallery Improper Authentication vulnerability in Ezphotogallery 2.1

useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account.

6.4
2008-09-27 CVE-2008-4295 Microsoft
HTC
Improper Input Validation vulnerability in Microsoft Windows Mobile 6.0

Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.

5.4
2008-09-26 CVE-2008-3803 Cisco Improper Input Validation vulnerability in Cisco IOS 12.0S/12.0Sx/12.0Sz

A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances.

5.1
2008-09-27 CVE-2008-4298 Lighttpd Resource Management Errors vulnerability in Lighttpd

Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.

5.0
2008-09-27 CVE-2008-4297 Mercurial Permissions, Privileges, and Access Controls vulnerability in Mercurial

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.

5.0
2008-09-27 CVE-2008-4199 Opera Information Exposure vulnerability in Opera Browser

Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."

5.0
2008-09-27 CVE-2008-4198 Opera Multiple Security vulnerability in Opera Web Browser 9.51

Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the http page.

5.0
2008-09-27 CVE-2008-4195 Opera Permissions, Privileges, and Access Controls vulnerability in Opera Browser

Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script.

5.0
2008-09-25 CVE-2008-4246 Denora IRC Stats Resource Management Errors vulnerability in Denora IRC Stats Denora IRC Stats

Unspecified vulnerability in Denora IRC Stats Server before 1.4.1 allows remote IRC servers to cause a denial of service (application crash) via a crafted CTCP response.

5.0
2008-09-24 CVE-2008-4069 Mozilla Information Exposure vulnerability in Mozilla Firefox and Seamonkey

The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.

5.0
2008-09-24 CVE-2008-4207 Attachmax Information Exposure vulnerability in Attachmax Dolphin 2.1.0

Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php in the main folder, which allows remote attackers to obtain sensitive information via a direct request, which invokes the phpinfo function.

5.0
2008-09-24 CVE-2008-3663 Squirrelmail Cryptographic Issues vulnerability in Squirrelmail 1.4.15

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

5.0
2008-09-24 CVE-2008-4194 Pdnsd Resource Management Errors vulnerability in Pdnsd

The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug."

5.0
2008-09-24 CVE-2008-3102 Mantisbt Cryptographic Issues vulnerability in Mantisbt

Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

5.0
2008-09-24 CVE-2008-4153 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal Talk

The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, does not perform access checks for a node before displaying comments, which allows remote attackers to obtain sensitive information.

5.0
2008-09-24 CVE-2008-4151 Cyask Path Traversal vulnerability in Cyask 3

Directory traversal vulnerability in collect.php in CYASK 3.x allows remote attackers to read arbitrary files via a ..

5.0
2008-09-24 CVE-2008-4146 Addalink Improper Authentication vulnerability in Addalink

Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field.

5.0
2008-09-24 CVE-2008-4136 Michael Roth Software Improper Input Validation vulnerability in Michael Roth Software Pftp 6.0F

Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote attackers to cause a denial of service (service crash) via multiple RETR commands, possibly involving long filenames.

5.0
2008-09-23 CVE-2008-4183 Integramod Information Exposure vulnerability in Integramod 1.4

IntegraMOD 1.4.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup via a direct request to a backup/backup-yyyy-dd-mm.sql filename.

5.0
2008-09-23 CVE-2008-4180 Nooms Information Exposure vulnerability in Nooms 1.1

Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the g_dbuser parameter and a password in the g_dbpwd parameter, and possibly a "localhost" g_dbhost parameter value, related to a "Mysql Remote Brute Force Vulnerability."

5.0
2008-09-23 CVE-2008-3661 Drupal Cryptographic Issues vulnerability in Drupal

Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

5.0
2008-09-22 CVE-2008-4170 Oscommerce Information Exposure vulnerability in Oscommerce 2.2

create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message.

5.0
2008-09-22 CVE-2008-4160 SUN Resource Management Errors vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation.

4.7
2008-09-24 CVE-2008-4190 Openswan
Xelerance
Link Following vulnerability in multiple products

The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files.

4.4
2008-09-27 CVE-2008-4196 Opera Cross-Site Scripting vulnerability in Opera Browser

Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-09-27 CVE-2008-4119 Broadcom
CA
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms."

4.3
2008-09-24 CVE-2008-4067 Mozilla
Linux
Debian
Canonical
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a ..

4.3
2008-09-24 CVE-2008-4066 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox 2.0.0.14/2.0.0.15/2.0.0.16

Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&#56325ascript" sequence, aka "HTML escaped low surrogates bug."

4.3
2008-09-24 CVE-2008-4065 Mozilla
Debian
Canonical
Cross-Site Scripting vulnerability in multiple products

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."

4.3
2008-09-24 CVE-2008-3098 Fuzzylime Cross-Site Scripting vulnerability in Fuzzylime CMS

Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuzzylime (cms) before 3.03 allows remote attackers to inject arbitrary web script or HTML via the user parameter to the login form.

4.3
2008-09-24 CVE-2008-4149 Drupal Cross-Site Scripting vulnerability in Drupal Link TO US 5.X1.Xdev

Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to Us module 5.x before 5.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link page header" field.

4.3
2008-09-24 CVE-2008-4147 Drupal Cross-Site Scripting vulnerability in Drupal Mailsave

Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x before 5.x-3.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an attached file that has a modified Content-Type.

4.3
2008-09-24 CVE-2008-4140 Opensolution Cross-Site Scripting vulnerability in Opensolution Quick.Cart 3.1

Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string.

4.3
2008-09-23 CVE-2008-4187 Proactive CMS Path Traversal vulnerability in Proactive CMS Proactive CMS

Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a ..

4.3
2008-09-23 CVE-2008-4184 Webcms Cross-Site Scripting vulnerability in Webcms Portal Edition

Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal Edition allows remote attackers to inject arbitrary web script or HTML via the patron parameter.

4.3
2008-09-23 CVE-2008-4182 Horde Cross-Site Scripting vulnerability in Horde Turba Contact Manager H3 2.2.1/3.1.1/3.2.2

Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session.

4.3
2008-09-23 CVE-2008-4179 Nooms Cross-Site Scripting vulnerability in Nooms 1.1

Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) page_id parameter to smileys.php and the (2) q parameter to search.php.

4.3
2008-09-23 CVE-2008-4174 Benjamin KUZ Cross-Site Scripting vulnerability in Benjamin KUZ Dynamic MP3 Lister 2.0.1

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dynamic MP3 Lister 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) currentpath, (2) invert, (3) search, and (4) sort parameters.

4.3
2008-09-23 CVE-2008-3519 Redhat Configuration vulnerability in Redhat Jboss Enterprise Application Platform 4.2/4.3

The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273.

4.3
2008-09-22 CVE-2008-4162 Nooms Link Following vulnerability in Nooms 1.1

Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the g_site_url parameter.

4.3
2008-09-22 CVE-2008-4168 Pro2Col Cross-Site Scripting vulnerability in Pro2Col Stingray FTS

Cross-site scripting (XSS) vulnerability in verify_login.jsp in Pro2col Stingray FTS allows remote attackers to inject arbitrary web script or HTML via the form_username parameter (aka user name field).

4.3
2008-09-22 CVE-2008-4166 Avantbrowser Numeric Errors vulnerability in Avantbrowser Avant Browser

Integer overflow in the JavaScript engine in Avant Browser 11.7 Build 9 and earlier allows remote attackers to cause a denial of service (application crash) by attempting to URL encode a string containing many instances of an invalid character.

4.3
2008-09-22 CVE-2008-4165 Kolab Cryptographic Issues vulnerability in Kolab Groupware Server 1.0.0

admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the referer string.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-09-24 CVE-2008-4152 Drupal Cross-Site Scripting vulnerability in Drupal Talk

Cross-site scripting (XSS) vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via a node title.

3.5
2008-09-24 CVE-2008-4139 Opensolution Cross-Site Scripting vulnerability in Opensolution Quick.Cms.Lite 2.1

Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution Quick.Cms.Lite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query string.

2.6
2008-09-22 CVE-2008-4164 Memht Information Exposure vulnerability in Memht Portal

cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

2.6
2008-09-27 CVE-2008-3528 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 2.6.26.5

The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations.

2.1