Weekly Vulnerabilities Reports > September 29 to October 5, 2008

Overview

114 new vulnerabilities reported during this period, including 21 critical vulnerabilities and 46 high severity vulnerabilities. This weekly summary report vulnerabilities in 110 products from 88 vendors including Microsoft, Availscript, Debian, Redhat, and Linux. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Input Validation", "Resource Management Errors", and "Permissions, Privileges, and Access Controls".

  • 99 reported vulnerabilities are remotely exploitables.
  • 56 reported vulnerabilities have public exploit available.
  • 58 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 109 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Jasper Project has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

21 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-10-03 CVE-2008-4439 Martinwood Code Injection vulnerability in Martinwood Datafeed Studio

PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter.

10.0
2008-10-03 CVE-2008-4429 Sourcenext Denial Of Service vulnerability in SOURCENEXT Virus Security and Virus Security ZERO

Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 and earlier and Virus Security 9.5.0173 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via malformed compressed files.

10.0
2008-10-03 CVE-2008-4428 Phlatline Improper Input Validation vulnerability in Phlatline Personal Information Manager

Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory.

10.0
2008-10-03 CVE-2008-4383 Alcatel
Alcatel Lucent
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Alcatel AOS

Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.

10.0
2008-10-03 CVE-2008-4404 IBM Improper Input Validation vulnerability in IBM Zseries

The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.

10.0
2008-10-03 CVE-2008-4402 Trend Micro Buffer Errors vulnerability in Trend Micro Officescan 8.0

Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors.

10.0
2008-10-02 CVE-2008-3522 Redhat
Jasper Project
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.

10.0
2008-09-30 CVE-2008-4358 Spaw Editor Improper Input Validation vulnerability in Spaw Editor Spaw PHP

Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unknown impact and attack vectors, probably related to directory traversal sequences in the theme name.

10.0
2008-09-30 CVE-2008-4329 Openengine Improper Input Validation vulnerability in Openengine

PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter.

10.0
2008-09-29 CVE-2008-4322 Realflex Technologies LTD Buffer Errors vulnerability in Realflex Technologies LTD Realwin Server 2.0

Stack-based buffer overflow in RealFlex Technologies Ltd.

10.0
2008-09-29 CVE-2008-4318 Project Observer Improper Input Validation vulnerability in Project-Observer Observer

Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php.

10.0
2008-09-29 CVE-2008-4301 Microsoft Unspecified vulnerability in Microsoft Internet Information Services

** DISPUTED ** A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method.

10.0
2008-09-29 CVE-2008-2474 ABB Buffer Errors vulnerability in ABB Pcu400 4.4/4.5/4.6

Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit 400 (PCU400) 4.4 through 4.6 allows remote attackers to execute arbitrary code via a crafted packet using the (1) IEC60870-5-101 or (2) IEC60870-5-104 communication protocol to the X87 web interface.

10.0
2008-10-03 CVE-2008-4434 Utorrent
Bittorrent
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .torrent file.

9.3
2008-10-03 CVE-2008-2476 Force10
Freebsd
Juniper
Netbsd
Openbsd
Windriver
Improper Input Validation vulnerability in multiple products

The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).

9.3
2008-10-02 CVE-2008-4396 Safer Networking Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Safer Networking Filealyzer 1.6.0.0/1.6.0.4

Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and 1.6.0.4 beta, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via an executable with malformed version data.

9.3
2008-10-02 CVE-2008-3520 Jasper Project Numeric Errors vulnerability in Jasper Project Jasper 1.900.1

Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.

9.3
2008-09-30 CVE-2008-4343 Chilkat Software Improper Input Validation vulnerability in Chilkat Software Chilkat XML Activex Control 3.0.3.0

The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method.

9.3
2008-09-30 CVE-2008-4342 Burnaware Technologies
Impressum
Numedia Soft
Improper Input Validation vulnerability in multiple products

NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods.

9.3
2008-09-29 CVE-2008-4321 Flashget Buffer Errors vulnerability in Flashget FTP 1.9

Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP servers to execute arbitrary code via a long response to the PWD command.

9.3
2008-09-29 CVE-2008-3827 Mplayer Numeric Errors vulnerability in Mplayer

Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory.

9.3

46 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-10-03 CVE-2008-4425 Phlatline Path Traversal vulnerability in Phlatline Personal Information Manager 1.0

Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action.

8.8
2008-10-02 CVE-2008-3542 HP Permissions, Privileges, and Access Controls vulnerability in HP Insight Diagnostics

Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors.

7.8
2008-10-01 CVE-2008-4380 Samsung Improper Input Validation vulnerability in Samsung DVR Shr2040 B3.03Ek1.53V2.190705281908

The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters.

7.8
2008-09-30 CVE-2008-4361 Powerportal Path Traversal vulnerability in Powerportal 2.0.13

Directory traversal vulnerability in PowerPortal 2.0.13 allows remote attackers to list and possibly read arbitrary files via a ..

7.8
2008-10-03 CVE-2008-4436 Bblog SQL Injection vulnerability in Bblog Wbblog 0.7.6

SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog 0.7.6 allows remote attackers to execute arbitrary SQL commands via the mod parameter.

7.5
2008-10-03 CVE-2008-4433 Rmsoft
Xoops
SQL Injection vulnerability in Rmsoft Minishop Module 1.0

SQL injection vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops might allow remote attackers to execute arbitrary SQL commands via the itemsxpag parameter.

7.5
2008-10-03 CVE-2008-4431 Icebb SQL Injection vulnerability in Icebb

SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlier allows remote attackers to execute arbitrary SQL commands via the skin parameter, probably related to an incorrect protection mechanism in the clean_string function in includes/functions.php.

7.5
2008-10-03 CVE-2008-4427 Phlatline Improper Authentication vulnerability in Phlatline Personal Information Manager

changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.

7.5
2008-10-03 CVE-2008-4360 Lighttpd
Debian
Information Exposure vulnerability in multiple products

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.

7.5
2008-10-03 CVE-2008-4359 Lighttpd
Debian
Information Exposure vulnerability in multiple products

lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.

7.5
2008-10-01 CVE-2008-4378 MR CGI GUY SQL Injection vulnerability in MR. CGI GUY HOT Links SQL PHP

SQL injection vulnerability in report.php in Mr.

7.5
2008-10-01 CVE-2008-4377 Creative Mind SQL Injection vulnerability in Creative Mind Creator CMS 5.0

SQL injection vulnerability in index.asp in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the sideid parameter.

7.5
2008-10-01 CVE-2008-4376 Livetvscript SQL Injection vulnerability in Livetvscript Live TV Script

SQL injection vulnerability in index.php in Live TV Script allows remote attackers to execute arbitrary SQL commands via the mid parameter.

7.5
2008-10-01 CVE-2008-4375 Availscript SQL Injection vulnerability in Availscript Classmate Script

SQL injection vulnerability in viewprofile.php in Availscript Classmate Script allows remote attackers to execute arbitrary SQL commands via the p parameter.

7.5
2008-10-01 CVE-2008-4374 Cmsbuzz SQL Injection vulnerability in Cmsbuzz CMS Buzz

SQL injection vulnerability in index.php in CMS Buzz allows remote attackers to execute arbitrary SQL commands via the id parameter in a playgame action.

7.5
2008-10-01 CVE-2008-4373 Availscript SQL Injection vulnerability in Availscript Jobs Portal Script

SQL injection vulnerability in job_seeker/applynow.php in AvailScript Job Portal Script allows remote attackers to execute arbitrary SQL commands via the jid parameter.

7.5
2008-10-01 CVE-2008-4371 Availscript SQL Injection vulnerability in Availscript Article Script

SQL injection vulnerability in articles.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the aIDS parameter.

7.5
2008-10-01 CVE-2008-4369 Availscript SQL Injection vulnerability in Availscript Photo Album

SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter.

7.5
2008-09-30 CVE-2008-4364 Parsagostar SQL Injection vulnerability in Parsagostar Parsaweb CMS

SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page.

7.5
2008-09-30 CVE-2008-4357 Powie SQL Injection vulnerability in Powie Plink 2.07

SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-09-30 CVE-2008-4356 Kasseler CMS SQL Injection vulnerability in Kasseler-Cms Kasseler CMS 1.1.0/1.2.0

Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting module; (3) the fid parameter to index.php in a ShowForum action to the Forum module; (4) the tid parameter to index.php in a ShowTopic action to the Forum module; (5) the uname parameter to index.php in a UserInfo action to the Account module; or (6) the module parameter to index.php, probably related to the TopSites module.

7.5
2008-09-30 CVE-2008-4355 Powie SQL Injection vulnerability in Powie Pforum 1.30

SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-09-30 CVE-2008-4354 NET ART Media SQL Injection vulnerability in NET ART Media Iboutique 4.0

SQL injection vulnerability in the products module in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php.

7.5
2008-09-30 CVE-2008-4353 Linkarity SQL Injection vulnerability in Linkarity

SQL injection vulnerability in link.php in Linkarity allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

7.5
2008-09-30 CVE-2008-4352 Phpsmartcom SQL Injection vulnerability in PHPsmartcom 0.2

SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a viewprofile action to index.php.

7.5
2008-09-30 CVE-2008-4351 Phpsmartcom Path Traversal vulnerability in PHPsmartcom 0.2

Directory traversal vulnerability in index.php in phpSmartCom 0.2 allows remote attackers to include and execute arbitrary files via a ..

7.5
2008-09-30 CVE-2008-4350 Vblogix SQL Injection vulnerability in Vblogix Tutorial Script

SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.

7.5
2008-09-30 CVE-2008-4348 Outshine SQL Injection vulnerability in Outshine PHPortfolio 1.3

SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-09-30 CVE-2008-4347 Powie SQL Injection vulnerability in Powie Pnews 2.03

SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

7.5
2008-09-30 CVE-2008-4346 Talkback Path Traversal vulnerability in Talkback 2.3.6/2.3.6.4

Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-09-30 CVE-2008-4345 Webportal SQL Injection vulnerability in Webportal CMS 0.6.0/0.6Beta/0.7.3

SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter.

7.5
2008-09-30 CVE-2008-4344 6Rbscript SQL Injection vulnerability in 6Rbscript

SQL injection vulnerability in cat.php in 6rbScript allows remote attackers to execute arbitrary SQL commands via the CatID parameter.

7.5
2008-09-30 CVE-2008-4341 Myblog Permissions, Privileges, and Access Controls vulnerability in Myblog

add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin.

7.5
2008-09-30 CVE-2008-4335 Atomic Photo Album SQL Injection vulnerability in Atomic Photo Album Atomic Photo Album 1.1.0Pre4

SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to execute arbitrary SQL commands via the apa_album_ID parameter.

7.5
2008-09-30 CVE-2008-4334 Cannot Permissions, Privileges, and Access Controls vulnerability in Cannot PHP Infoboard V.7

PHP infoBoard V.7 Plus allows remote attackers to bypass authentication and gain administrative access by setting the infouser cookie to 1.

7.5
2008-09-30 CVE-2008-4332 Cannot SQL Injection vulnerability in Cannot PHP Infoboard V.7

SQL injection vulnerability in the showjavatopic function in func.php in PHP infoBoard V.7 Plus allows remote attackers to execute arbitrary SQL commands via the idcat parameter to showtopic.php.

7.5
2008-09-30 CVE-2008-4331 Phpocs Path Traversal vulnerability in PHPocs 0.1

Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-09-30 CVE-2008-4330 Lansuite Path Traversal vulnerability in Lansuite 3.3.2

Directory traversal vulnerability in index.php in LanSuite 3.3.2 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-09-30 CVE-2008-4328 Easyrealtorpro SQL Injection vulnerability in Easyrealtorpro 2008

SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 allows remote attackers to execute arbitrary SQL commands via the (1) item, (2) search_ordermethod, and (3) search_order parameters.

7.5
2008-09-30 CVE-2008-4094 Rubyonrails SQL Injection vulnerability in Rubyonrails Rails and Ruby ON Rails

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.

7.5
2008-10-03 CVE-2008-4440 Debian Link Following vulnerability in Debian Feta

The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files.

7.2
2008-10-03 CVE-2008-4406 Debian Link Following vulnerability in Debian Xsabre 0.2.4B

A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete or overwrite arbitrary files via a symlink attack on unspecified .tmp files.

7.2
2008-10-03 CVE-2008-4405 Citrix Permissions, Privileges, and Access Controls vulnerability in Citrix XEN 3.0.3

xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid.

7.2
2008-10-02 CVE-2008-3521 Jasper Project Link Following vulnerability in Jasper Project Jasper 1.900.1

Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit.

7.2
2008-09-30 CVE-2008-4363 Deslock Improper Input Validation vulnerability in Deslock 3.2.7

DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended.

7.2
2008-10-03 CVE-2008-4437 Mozilla Path Traversal vulnerability in Mozilla Bugzilla

Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a ..

7.1

45 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-09-29 CVE-2008-4192 Redhat Link Following vulnerability in Redhat Cman 2.20080629/2.20080801

The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.

6.9
2008-10-03 CVE-2008-4423 Ovidentia SQL Injection vulnerability in Ovidentia 6.6.5

SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action.

6.5
2008-09-30 CVE-2008-4366 Camera Life Improper Input Validation vulnerability in Camera Life Camera Life 2.6.2B4

Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/upload.

6.5
2008-09-30 CVE-2008-4339 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Netbackup Enterprise Server and Netbackup Server

Unspecified vulnerability in the Java Administration GUI (jnbSA) in Symantec Veritas NetBackup Server and NetBackup Enterprise Server 5.1 before MP7, 6.0 before MP7, and 6.5 before 6.5.2 allows remote authenticated users to gain privileges via unknown attack vectors related to "bpjava* binaries."

6.5
2008-09-29 CVE-2008-4319 Libra File Manager Improper Authentication vulnerability in Libra File Manager PHP Filemanager

fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.

6.4
2008-09-30 CVE-2008-4338 Vacilanda SQL Injection vulnerability in Vacilanda Brilliant Gallery 5/6

SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with "access brilliant_gallery" permissions to execute arbitrary SQL commands via the (1) nid, (2) qid, (3) state, and possibly (4) user parameters.

6.0
2008-09-30 CVE-2008-4325 Viewvc Remote Security vulnerability in Viewvc 1.0.5

lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object.

5.8
2008-10-03 CVE-2008-4409 Xmlsoft Resource Management Errors vulnerability in Xmlsoft Libxml2 2.7.0/2.7.1

libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281.

5.0
2008-10-03 CVE-2008-4403 Trend Micro Resource Management Errors vulnerability in Trend Micro Officescan 8.0

The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the "error handling mechanism."

5.0
2008-10-03 CVE-2008-2439 Trend Micro Path Traversal vulnerability in Trend Micro Officescan and Worry Free Business Security

Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request.

5.0
2008-10-02 CVE-2008-4382 KDE Resource Management Errors vulnerability in KDE Konqueror 3.5.9

Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.

5.0
2008-10-02 CVE-2008-4381 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 5/6/7

Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.

5.0
2008-10-01 CVE-2008-4368 Apple Cryptographic Issues vulnerability in Apple mac OS X 10.5.4/10.5.5

The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE.

5.0
2008-09-29 CVE-2008-4324 Mozilla
Microsoft
Resource Management Errors vulnerability in Mozilla Firefox 3.0.3

The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events.

5.0
2008-09-29 CVE-2008-4300 Microsoft Unspecified vulnerability in Microsoft Internet Information Services

A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method.

5.0
2008-09-29 CVE-2008-4299 Microsoft Numeric Errors vulnerability in Microsoft Internet Authentication Service Helper COM Component

A certain ActiveX control in the Microsoft Internet Authentication Service (IAS) Helper COM Component in iashlpr.dll allows remote attackers to cause a denial of service (browser crash) via a large integer value in the first argument to the PutProperty method.

5.0
2008-10-03 CVE-2008-4410 Linux Improper Input Validation vulnerability in Linux Kernel 2.6.26.5

The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry was intended, which allows local users to cause a denial of service (persistent application failure) via crafted function calls, related to the Java Runtime Environment (JRE) experiencing improper LDT selector state, a different vulnerability than CVE-2008-3247.

4.9
2008-10-03 CVE-2008-3833 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210.

4.9
2008-10-03 CVE-2008-3832 Redhat
Linux
Resource Management Errors vulnerability in Redhat Fedora 8/9

A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function.

4.9
2008-09-30 CVE-2008-4362 Deslock Resource Management Errors vulnerability in Deslock 3.2.7

The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) via a crafted IOCTL request to \Device\DLPTokenWalter0.

4.9
2008-09-29 CVE-2008-4302 Linux Resource Management Errors vulnerability in Linux Kernel

fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.

4.9
2008-09-29 CVE-2008-3524 Redhat Link Following vulnerability in Redhat Fedora and Initscripts

rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run.

4.7
2008-09-29 CVE-2008-4210 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.

4.6
2008-10-03 CVE-2008-3825 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop

pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program.

4.4
2008-10-03 CVE-2008-4438 Datafeed Studio Cross-Site Scripting vulnerability in Datafeed Studio Datafeed Studio 1.6.2

Cross-site scripting (XSS) vulnerability in search.php in Datafeed Studio 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2008-10-03 CVE-2008-4435 Rmsoft
Xoops
Cross-Site Scripting vulnerability in Rmsoft Downloads Plus Module 1.5/1.7

Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php.

4.3
2008-10-03 CVE-2008-4432 Rmsoft
Xoops
Cross-Site Scripting vulnerability in Rmsoft Minishop Module 1.0

Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops allows remote attackers to inject arbitrary web script or HTML via the itemsxpag parameter.

4.3
2008-10-03 CVE-2008-4426 Phlatline Cross-Site Scripting vulnerability in Phlatline Personal Information Manager 1.0

Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action.

4.3
2008-10-03 CVE-2008-4424 Domain Group Network Cross-Site Scripting vulnerability in Domain Group Network Goocms 1.02

Cross-site scripting (XSS) vulnerability in index.php in Domain Group Network GooCMS 1.02 allows remote attackers to inject arbitrary web script or HTML via the s parameter in a comments action.

4.3
2008-10-03 CVE-2008-4408 Mediawiki Cross-Site Scripting vulnerability in Mediawiki 1.12.0/1.13.1

Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.

4.3
2008-10-03 CVE-2008-2236 Blosxom Cross-Site Scripting vulnerability in Blosxom

Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the flav parameter (flavour variable).

4.3
2008-10-01 CVE-2008-4379 MR CGI GUY SQL Injection vulnerability in MR. CGI GUY HOT Links SQL PHP

Cross-site scripting (XSS) vulnerability in report.php in Mr.

4.3
2008-10-01 CVE-2008-4372 Availscript Cross-Site Scripting vulnerability in Availscript Article Script

Cross-site scripting (XSS) vulnerability in articles.php in AvailScript Article Script allows remote attackers to inject arbitrary web script or HTML via the aIDS parameter.

4.3
2008-10-01 CVE-2008-4370 Availscript Cross-Site Scripting vulnerability in Availscript Photo Album

Multiple cross-site scripting (XSS) vulnerabilities in Availscript Photo Album allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to pics.php and the (2) a parameter to view.php.

4.3
2008-09-30 CVE-2008-4365 Siteman Cross-Site Scripting vulnerability in Siteman 1.1.1/1.1.10/1.1.9

Cross-site scripting (XSS) vulnerability in search.php in Siteman 1.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2008-09-30 CVE-2008-4349 S0Nic Cross-Site Scripting vulnerability in S0Nic Paranews 3.4

Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0nic Paranews 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) page parameter in a details action.

4.3
2008-09-30 CVE-2008-4340 Google Improper Input Validation vulnerability in Google Chrome 0.2.149.29/0.2.149.30

Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function.

4.3
2008-09-30 CVE-2008-4337 Bitweaver Cross-Site Scripting vulnerability in Bitweaver 2.0.2

Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to (1) edit.php and (2) list.php in articles/; (3) list_blogs.php and (4) rankings.php in blogs/; (5) calendar/index.php; (6) calendar.php, (7) index.php, and (8) list_events.php in events/; (9) index.php and (10) list_galleries.php in fisheye/; (11) liberty/list_content.php; (12) newsletters/edition.php; (13) pigeonholes/list.php; (14) recommends/index.php; (15) rss/index.php; (16) stars/index.php; (17) users/remind_password.php; (18) wiki/orphan_pages.php; and (19) stats/index.php, different vectors than CVE-2007-0526 and CVE-2005-4379.

4.3
2008-09-30 CVE-2008-4336 Constantin Charissis Cross-Site Scripting vulnerability in Constantin Charissis Atomic Photo Album 1.1.0Pre4

Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to inject arbitrary web script or HTML via the apa_album_ID parameter.

4.3
2008-09-30 CVE-2008-4333 Cannot Cross-Site Scripting vulnerability in Cannot PHP Infoboard V.7

Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus allows remote attackers to inject arbitrary web script or HTML via the isname parameter in a newtopic action.

4.3
2008-09-30 CVE-2008-4327 Microsoft Numeric Errors vulnerability in Microsoft Windows XP

gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237.

4.3
2008-09-30 CVE-2008-4326 Phpmyadmin
Microsoft
Cross-Site Scripting vulnerability in PHPmyadmin

The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.

4.3
2008-09-29 CVE-2008-4323 Microsoft Denial-Of-Service vulnerability in Microsoft Windows XP SP3

Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file.

4.3
2008-09-29 CVE-2008-4320 Opennms ORG Cross-Site Scripting vulnerability in Opennms.Org Opennms

Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list.

4.3
2008-09-29 CVE-2008-4120 Flatpress Cross-Site Scripting vulnerability in Flatpress 0.804

Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-10-02 CVE-2008-2831 Mailmarshal Cross-Site Scripting vulnerability in Mailmarshal E10000 Appliance and Smtp

Multiple cross-site scripting (XSS) vulnerabilities in the delegated spam management feature in the Spam Quarantine Management (SQM) component in MailMarshal SMTP 6.0.3.8 through 6.3.0.0 allow user-assisted remote authenticated users to inject arbitrary web script or HTML via (1) the list of blocked senders or (2) the list of safe senders.

3.5
2008-10-03 CVE-2008-4407 Debian Denial-Of-Service vulnerability in Debian Xsabre 0.2.4B

XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create /tmp/sabre.log, which allows local users to cause a denial of service (application unavailability) by creating a /tmp/sabre.log file that cannot be overwritten.

2.1