Weekly Vulnerabilities Reports > September 29 to October 5, 2008
Overview
106 new vulnerabilities reported during this period, including 18 critical vulnerabilities and 45 high severity vulnerabilities. This weekly summary report vulnerabilities in 106 products from 84 vendors including Microsoft, Debian, Availscript, Redhat, and Phlatline. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Path Traversal".
- 96 reported vulnerabilities are remotely exploitables.
- 54 reported vulnerabilities have public exploit available.
- 58 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 100 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 7 reported vulnerabilities.
- Jasper Project has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
18 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-10-03 | CVE-2008-4439 | Martinwood | Code Injection vulnerability in Martinwood Datafeed Studio PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. | 10.0 |
2008-10-03 | CVE-2008-4429 | Sourcenext | Denial Of Service vulnerability in SOURCENEXT Virus Security and Virus Security ZERO Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 and earlier and Virus Security 9.5.0173 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via malformed compressed files. | 10.0 |
2008-10-03 | CVE-2008-4428 | Phlatline | Improper Input Validation vulnerability in Phlatline Personal Information Manager Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory. | 10.0 |
2008-10-03 | CVE-2008-4383 | Alcatel Alcatel Lucent | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Alcatel AOS Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie. | 10.0 |
2008-10-03 | CVE-2008-4404 | IBM | Improper Input Validation vulnerability in IBM Zseries The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476. | 10.0 |
2008-10-03 | CVE-2008-4402 | Trend Micro | Buffer Errors vulnerability in Trend Micro Officescan 8.0 Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2008-10-02 | CVE-2008-3522 | Redhat Jasper Project | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. | 10.0 |
2008-09-30 | CVE-2008-4358 | Spaw Editor | Improper Input Validation vulnerability in Spaw Editor Spaw PHP Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unknown impact and attack vectors, probably related to directory traversal sequences in the theme name. | 10.0 |
2008-09-30 | CVE-2008-4329 | Openengine | Improper Input Validation vulnerability in Openengine PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter. | 10.0 |
2008-09-29 | CVE-2008-4322 | Realflex Technologies LTD | Buffer Errors vulnerability in Realflex Technologies LTD Realwin Server 2.0 Stack-based buffer overflow in RealFlex Technologies Ltd. | 10.0 |
2008-09-29 | CVE-2008-4318 | Project Observer | Improper Input Validation vulnerability in Project-Observer Observer Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php. | 10.0 |
2008-09-29 | CVE-2008-2474 | ABB | Buffer Errors vulnerability in ABB Pcu400 4.4/4.5/4.6 Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit 400 (PCU400) 4.4 through 4.6 allows remote attackers to execute arbitrary code via a crafted packet using the (1) IEC60870-5-101 or (2) IEC60870-5-104 communication protocol to the X87 web interface. | 10.0 |
2008-10-03 | CVE-2008-4434 | Utorrent Bittorrent | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .torrent file. | 9.3 |
2008-10-03 | CVE-2008-2476 | Force10 Freebsd Juniper Netbsd Openbsd Windriver | Improper Input Validation vulnerability in multiple products The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB). | 9.3 |
2008-10-02 | CVE-2008-4396 | Safer Networking | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Safer Networking Filealyzer 1.6.0.0/1.6.0.4 Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and 1.6.0.4 beta, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via an executable with malformed version data. | 9.3 |
2008-10-02 | CVE-2008-3520 | Jasper Project | Numeric Errors vulnerability in Jasper Project Jasper 1.900.1 Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. | 9.3 |
2008-09-29 | CVE-2008-4321 | Flashget | Buffer Errors vulnerability in Flashget FTP 1.9 Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP servers to execute arbitrary code via a long response to the PWD command. | 9.3 |
2008-09-29 | CVE-2008-3827 | Mplayer | Numeric Errors vulnerability in Mplayer Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory. | 9.3 |
45 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-10-03 | CVE-2008-4425 | Phlatline | Path Traversal vulnerability in Phlatline Personal Information Manager 1.0 Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action. | 8.8 |
2008-10-02 | CVE-2008-3542 | HP | Permissions, Privileges, and Access Controls vulnerability in HP Insight Diagnostics Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors. | 7.8 |
2008-10-01 | CVE-2008-4380 | Samsung | Improper Input Validation vulnerability in Samsung DVR Shr2040 B3.03Ek1.53V2.190705281908 The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters. | 7.8 |
2008-09-30 | CVE-2008-4361 | Powerportal | Path Traversal vulnerability in Powerportal 2.0.13 Directory traversal vulnerability in PowerPortal 2.0.13 allows remote attackers to list and possibly read arbitrary files via a .. | 7.8 |
2008-10-03 | CVE-2008-4436 | Bblog | SQL Injection vulnerability in Bblog Wbblog 0.7.6 SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog 0.7.6 allows remote attackers to execute arbitrary SQL commands via the mod parameter. | 7.5 |
2008-10-03 | CVE-2008-4433 | Rmsoft Xoops | SQL Injection vulnerability in Rmsoft Minishop Module 1.0 SQL injection vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops might allow remote attackers to execute arbitrary SQL commands via the itemsxpag parameter. | 7.5 |
2008-10-03 | CVE-2008-4431 | Icebb | SQL Injection vulnerability in Icebb SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlier allows remote attackers to execute arbitrary SQL commands via the skin parameter, probably related to an incorrect protection mechanism in the clean_string function in includes/functions.php. | 7.5 |
2008-10-03 | CVE-2008-4427 | Phlatline | Improper Authentication vulnerability in Phlatline Personal Information Manager changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords. | 7.5 |
2008-10-03 | CVE-2008-4360 | Lighttpd Debian | Information Exposure vulnerability in multiple products mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files. | 7.5 |
2008-10-03 | CVE-2008-4359 | Lighttpd Debian | Information Exposure vulnerability in multiple products lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data. | 7.5 |
2008-10-01 | CVE-2008-4378 | MR CGI GUY | SQL Injection vulnerability in MR. CGI GUY HOT Links SQL PHP SQL injection vulnerability in report.php in Mr. | 7.5 |
2008-10-01 | CVE-2008-4377 | Creative Mind | SQL Injection vulnerability in Creative Mind Creator CMS 5.0 SQL injection vulnerability in index.asp in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the sideid parameter. | 7.5 |
2008-10-01 | CVE-2008-4376 | Livetvscript | SQL Injection vulnerability in Livetvscript Live TV Script SQL injection vulnerability in index.php in Live TV Script allows remote attackers to execute arbitrary SQL commands via the mid parameter. | 7.5 |
2008-10-01 | CVE-2008-4375 | Availscript | SQL Injection vulnerability in Availscript Classmate Script SQL injection vulnerability in viewprofile.php in Availscript Classmate Script allows remote attackers to execute arbitrary SQL commands via the p parameter. | 7.5 |
2008-10-01 | CVE-2008-4374 | Cmsbuzz | SQL Injection vulnerability in Cmsbuzz CMS Buzz SQL injection vulnerability in index.php in CMS Buzz allows remote attackers to execute arbitrary SQL commands via the id parameter in a playgame action. | 7.5 |
2008-10-01 | CVE-2008-4373 | Availscript | SQL Injection vulnerability in Availscript Jobs Portal Script SQL injection vulnerability in job_seeker/applynow.php in AvailScript Job Portal Script allows remote attackers to execute arbitrary SQL commands via the jid parameter. | 7.5 |
2008-10-01 | CVE-2008-4371 | Availscript | SQL Injection vulnerability in Availscript Article Script SQL injection vulnerability in articles.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the aIDS parameter. | 7.5 |
2008-10-01 | CVE-2008-4369 | Availscript | SQL Injection vulnerability in Availscript Photo Album SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter. | 7.5 |
2008-09-30 | CVE-2008-4364 | Parsagostar | SQL Injection vulnerability in Parsagostar Parsaweb CMS SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page. | 7.5 |
2008-09-30 | CVE-2008-4357 | Powie | SQL Injection vulnerability in Powie Plink 2.07 SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-09-30 | CVE-2008-4356 | Kasseler CMS | SQL Injection vulnerability in Kasseler-Cms Kasseler CMS 1.1.0/1.2.0 Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting module; (3) the fid parameter to index.php in a ShowForum action to the Forum module; (4) the tid parameter to index.php in a ShowTopic action to the Forum module; (5) the uname parameter to index.php in a UserInfo action to the Account module; or (6) the module parameter to index.php, probably related to the TopSites module. | 7.5 |
2008-09-30 | CVE-2008-4355 | Powie | SQL Injection vulnerability in Powie Pforum 1.30 SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-09-30 | CVE-2008-4354 | NET ART Media | SQL Injection vulnerability in NET ART Media Iboutique 4.0 SQL injection vulnerability in the products module in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. | 7.5 |
2008-09-30 | CVE-2008-4353 | Linkarity | SQL Injection vulnerability in Linkarity SQL injection vulnerability in link.php in Linkarity allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | 7.5 |
2008-09-30 | CVE-2008-4352 | Phpsmartcom | SQL Injection vulnerability in PHPsmartcom 0.2 SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a viewprofile action to index.php. | 7.5 |
2008-09-30 | CVE-2008-4351 | Phpsmartcom | Path Traversal vulnerability in PHPsmartcom 0.2 Directory traversal vulnerability in index.php in phpSmartCom 0.2 allows remote attackers to include and execute arbitrary files via a .. | 7.5 |
2008-09-30 | CVE-2008-4350 | Vblogix | SQL Injection vulnerability in Vblogix Tutorial Script SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | 7.5 |
2008-09-30 | CVE-2008-4348 | Outshine | SQL Injection vulnerability in Outshine PHPortfolio 1.3 SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-09-30 | CVE-2008-4347 | Powie | SQL Injection vulnerability in Powie Pnews 2.03 SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | 7.5 |
2008-09-30 | CVE-2008-4346 | Talkback | Path Traversal vulnerability in Talkback 2.3.6/2.3.6.4 Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-09-30 | CVE-2008-4345 | Webportal | SQL Injection vulnerability in Webportal CMS 0.6.0/0.6Beta/0.7.3 SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter. | 7.5 |
2008-09-30 | CVE-2008-4344 | 6Rbscript | SQL Injection vulnerability in 6Rbscript SQL injection vulnerability in cat.php in 6rbScript allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | 7.5 |
2008-09-30 | CVE-2008-4341 | Myblog | Permissions, Privileges, and Access Controls vulnerability in Myblog add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin. | 7.5 |
2008-09-30 | CVE-2008-4335 | Atomic Photo Album | SQL Injection vulnerability in Atomic Photo Album Atomic Photo Album 1.1.0Pre4 SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to execute arbitrary SQL commands via the apa_album_ID parameter. | 7.5 |
2008-09-30 | CVE-2008-4334 | Cannot | Permissions, Privileges, and Access Controls vulnerability in Cannot PHP Infoboard V.7 PHP infoBoard V.7 Plus allows remote attackers to bypass authentication and gain administrative access by setting the infouser cookie to 1. | 7.5 |
2008-09-30 | CVE-2008-4332 | Cannot | SQL Injection vulnerability in Cannot PHP Infoboard V.7 SQL injection vulnerability in the showjavatopic function in func.php in PHP infoBoard V.7 Plus allows remote attackers to execute arbitrary SQL commands via the idcat parameter to showtopic.php. | 7.5 |
2008-09-30 | CVE-2008-4331 | Phpocs | Path Traversal vulnerability in PHPocs 0.1 Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-09-30 | CVE-2008-4330 | Lansuite | Path Traversal vulnerability in Lansuite 3.3.2 Directory traversal vulnerability in index.php in LanSuite 3.3.2 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-09-30 | CVE-2008-4328 | Easyrealtorpro | SQL Injection vulnerability in Easyrealtorpro 2008 SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 allows remote attackers to execute arbitrary SQL commands via the (1) item, (2) search_ordermethod, and (3) search_order parameters. | 7.5 |
2008-09-30 | CVE-2008-4094 | Rubyonrails | SQL Injection vulnerability in Rubyonrails Rails and Ruby ON Rails Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer. | 7.5 |
2008-10-03 | CVE-2008-4440 | Debian | Link Following vulnerability in Debian Feta The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files. | 7.2 |
2008-10-03 | CVE-2008-4406 | Debian | Link Following vulnerability in Debian Xsabre 0.2.4B A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete or overwrite arbitrary files via a symlink attack on unspecified .tmp files. | 7.2 |
2008-10-03 | CVE-2008-4405 | Citrix | Permissions, Privileges, and Access Controls vulnerability in Citrix XEN 3.0.3 xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. | 7.2 |
2008-09-30 | CVE-2008-4363 | Deslock | Improper Input Validation vulnerability in Deslock 3.2.7 DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended. | 7.2 |
2008-10-03 | CVE-2008-4437 | Mozilla | Path Traversal vulnerability in Mozilla Bugzilla Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. | 7.1 |
41 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-09-29 | CVE-2008-4192 | Redhat | Link Following vulnerability in Redhat Cman 2.20080629/2.20080801 The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file. | 6.9 |
2008-10-03 | CVE-2008-4423 | Ovidentia | SQL Injection vulnerability in Ovidentia 6.6.5 SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action. | 6.5 |
2008-09-30 | CVE-2008-4366 | Camera Life | Improper Input Validation vulnerability in Camera Life Camera Life 2.6.2B4 Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/upload. | 6.5 |
2008-09-30 | CVE-2008-4339 | Symantec | Permissions, Privileges, and Access Controls vulnerability in Symantec Netbackup Enterprise Server and Netbackup Server Unspecified vulnerability in the Java Administration GUI (jnbSA) in Symantec Veritas NetBackup Server and NetBackup Enterprise Server 5.1 before MP7, 6.0 before MP7, and 6.5 before 6.5.2 allows remote authenticated users to gain privileges via unknown attack vectors related to "bpjava* binaries." | 6.5 |
2008-09-29 | CVE-2008-4319 | Libra File Manager | Improper Authentication vulnerability in Libra File Manager PHP Filemanager fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string. | 6.4 |
2008-09-30 | CVE-2008-4338 | Vacilanda | SQL Injection vulnerability in Vacilanda Brilliant Gallery 5/6 SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with "access brilliant_gallery" permissions to execute arbitrary SQL commands via the (1) nid, (2) qid, (3) state, and possibly (4) user parameters. | 6.0 |
2008-09-30 | CVE-2008-4325 | Viewvc | Remote Security vulnerability in Viewvc 1.0.5 lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. | 5.8 |
2008-09-29 | CVE-2008-4302 | Linux Debian Redhat | Improper Locking vulnerability in multiple products fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool. | 5.5 |
2008-10-03 | CVE-2008-4409 | Xmlsoft | Resource Management Errors vulnerability in Xmlsoft Libxml2 2.7.0/2.7.1 libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. | 5.0 |
2008-10-03 | CVE-2008-4403 | Trend Micro | Resource Management Errors vulnerability in Trend Micro Officescan 8.0 The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the "error handling mechanism." | 5.0 |
2008-10-03 | CVE-2008-2439 | Trend Micro | Path Traversal vulnerability in Trend Micro Officescan and Worry Free Business Security Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. | 5.0 |
2008-10-02 | CVE-2008-4382 | KDE | Resource Management Errors vulnerability in KDE Konqueror 3.5.9 Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. | 5.0 |
2008-10-02 | CVE-2008-4381 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 5/6/7 Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. | 5.0 |
2008-10-01 | CVE-2008-4368 | Apple | Cryptographic Issues vulnerability in Apple mac OS X 10.5.4/10.5.5 The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE. | 5.0 |
2008-09-29 | CVE-2008-4324 | Mozilla Microsoft | Resource Management Errors vulnerability in Mozilla Firefox 3.0.3 The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. | 5.0 |
2008-09-29 | CVE-2008-4300 | Microsoft | Unspecified vulnerability in Microsoft Internet Information Services A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. | 5.0 |
2008-09-29 | CVE-2008-4299 | Microsoft | Numeric Errors vulnerability in Microsoft Internet Authentication Service Helper COM Component A certain ActiveX control in the Microsoft Internet Authentication Service (IAS) Helper COM Component in iashlpr.dll allows remote attackers to cause a denial of service (browser crash) via a large integer value in the first argument to the PutProperty method. | 5.0 |
2008-09-30 | CVE-2008-4362 | Deslock | Resource Management Errors vulnerability in Deslock 3.2.7 The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) via a crafted IOCTL request to \Device\DLPTokenWalter0. | 4.9 |
2008-09-29 | CVE-2008-3524 | Redhat | Link Following vulnerability in Redhat Fedora and Initscripts rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run. | 4.7 |
2008-10-03 | CVE-2008-3825 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. | 4.4 |
2008-10-03 | CVE-2008-4438 | Datafeed Studio | Cross-Site Scripting vulnerability in Datafeed Studio Datafeed Studio 1.6.2 Cross-site scripting (XSS) vulnerability in search.php in Datafeed Studio 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
2008-10-03 | CVE-2008-4435 | Rmsoft Xoops | Cross-Site Scripting vulnerability in Rmsoft Downloads Plus Module 1.5/1.7 Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php. | 4.3 |
2008-10-03 | CVE-2008-4432 | Rmsoft Xoops | Cross-Site Scripting vulnerability in Rmsoft Minishop Module 1.0 Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops allows remote attackers to inject arbitrary web script or HTML via the itemsxpag parameter. | 4.3 |
2008-10-03 | CVE-2008-4426 | Phlatline | Cross-Site Scripting vulnerability in Phlatline Personal Information Manager 1.0 Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action. | 4.3 |
2008-10-03 | CVE-2008-4424 | Domain Group Network | Cross-Site Scripting vulnerability in Domain Group Network Goocms 1.02 Cross-site scripting (XSS) vulnerability in index.php in Domain Group Network GooCMS 1.02 allows remote attackers to inject arbitrary web script or HTML via the s parameter in a comments action. | 4.3 |
2008-10-03 | CVE-2008-4408 | Mediawiki | Cross-Site Scripting vulnerability in Mediawiki 1.12.0/1.13.1 Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component. | 4.3 |
2008-10-03 | CVE-2008-2236 | Blosxom | Cross-Site Scripting vulnerability in Blosxom Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the flav parameter (flavour variable). | 4.3 |
2008-10-01 | CVE-2008-4379 | MR CGI GUY | SQL Injection vulnerability in MR. CGI GUY HOT Links SQL PHP Cross-site scripting (XSS) vulnerability in report.php in Mr. | 4.3 |
2008-10-01 | CVE-2008-4372 | Availscript | Cross-Site Scripting vulnerability in Availscript Article Script Cross-site scripting (XSS) vulnerability in articles.php in AvailScript Article Script allows remote attackers to inject arbitrary web script or HTML via the aIDS parameter. | 4.3 |
2008-10-01 | CVE-2008-4370 | Availscript | Cross-Site Scripting vulnerability in Availscript Photo Album Multiple cross-site scripting (XSS) vulnerabilities in Availscript Photo Album allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to pics.php and the (2) a parameter to view.php. | 4.3 |
2008-09-30 | CVE-2008-4365 | Siteman | Cross-Site Scripting vulnerability in Siteman 1.1.1/1.1.10/1.1.9 Cross-site scripting (XSS) vulnerability in search.php in Siteman 1.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2008-09-30 | CVE-2008-4349 | S0Nic | Cross-Site Scripting vulnerability in S0Nic Paranews 3.4 Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0nic Paranews 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) page parameter in a details action. | 4.3 |
2008-09-30 | CVE-2008-4340 | Improper Input Validation vulnerability in Google Chrome 0.2.149.29/0.2.149.30 Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function. | 4.3 | |
2008-09-30 | CVE-2008-4337 | Bitweaver | Cross-Site Scripting vulnerability in Bitweaver 2.0.2 Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to (1) edit.php and (2) list.php in articles/; (3) list_blogs.php and (4) rankings.php in blogs/; (5) calendar/index.php; (6) calendar.php, (7) index.php, and (8) list_events.php in events/; (9) index.php and (10) list_galleries.php in fisheye/; (11) liberty/list_content.php; (12) newsletters/edition.php; (13) pigeonholes/list.php; (14) recommends/index.php; (15) rss/index.php; (16) stars/index.php; (17) users/remind_password.php; (18) wiki/orphan_pages.php; and (19) stats/index.php, different vectors than CVE-2007-0526 and CVE-2005-4379. | 4.3 |
2008-09-30 | CVE-2008-4336 | Constantin Charissis | Cross-Site Scripting vulnerability in Constantin Charissis Atomic Photo Album 1.1.0Pre4 Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to inject arbitrary web script or HTML via the apa_album_ID parameter. | 4.3 |
2008-09-30 | CVE-2008-4333 | Cannot | Cross-Site Scripting vulnerability in Cannot PHP Infoboard V.7 Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus allows remote attackers to inject arbitrary web script or HTML via the isname parameter in a newtopic action. | 4.3 |
2008-09-30 | CVE-2008-4327 | Microsoft | Numeric Errors vulnerability in Microsoft Windows XP gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237. | 4.3 |
2008-09-30 | CVE-2008-4326 | Phpmyadmin Microsoft | Cross-Site Scripting vulnerability in PHPmyadmin The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. | 4.3 |
2008-09-29 | CVE-2008-4323 | Microsoft | Denial-Of-Service vulnerability in Microsoft Windows XP SP3 Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. | 4.3 |
2008-09-29 | CVE-2008-4320 | Opennms ORG | Cross-Site Scripting vulnerability in Opennms.Org Opennms Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list. | 4.3 |
2008-09-29 | CVE-2008-4120 | Flatpress | Cross-Site Scripting vulnerability in Flatpress 0.804 Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php. | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-10-02 | CVE-2008-2831 | Mailmarshal | Cross-Site Scripting vulnerability in Mailmarshal E10000 Appliance and Smtp Multiple cross-site scripting (XSS) vulnerabilities in the delegated spam management feature in the Spam Quarantine Management (SQM) component in MailMarshal SMTP 6.0.3.8 through 6.3.0.0 allow user-assisted remote authenticated users to inject arbitrary web script or HTML via (1) the list of blocked senders or (2) the list of safe senders. | 3.5 |
2008-10-03 | CVE-2008-4407 | Debian | Denial-Of-Service vulnerability in Debian Xsabre 0.2.4B XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create /tmp/sabre.log, which allows local users to cause a denial of service (application unavailability) by creating a /tmp/sabre.log file that cannot be overwritten. | 2.1 |