Weekly Vulnerabilities Reports > October 6 to 12, 2008

Overview

117 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 49 high severity vulnerabilities. This weekly summary report vulnerabilities in 105 products from 77 vendors including Apple, Vastal I Tech, EC Cube, Condor Project, and Microsoft. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Path Traversal", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 101 reported vulnerabilities are remotely exploitables.
  • 53 reported vulnerabilities have public exploit available.
  • 64 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 113 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

20 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-10-10 CVE-2008-4212 Apple Configuration vulnerability in Apple mac OS X and mac OS X Server

Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.

10.0
2008-10-10 CVE-2008-4211 Apple Numeric Errors vulnerability in Apple Iphone OS, mac OS X and mac OS X Server

Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."

10.0
2008-10-10 CVE-2008-3641 Apple Resource Management Errors vulnerability in Apple Cups

The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.

10.0
2008-10-09 CVE-2008-4526 Customcms Path Traversal vulnerability in Customcms Ccms 3.1

Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a ..

10.0
2008-10-09 CVE-2008-4509 Foss Gallery Improper Input Validation vulnerability in Foss Gallery Foss Gallery 1.0

Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory.

10.0
2008-10-09 CVE-2008-4502 Datafeedfile Code Injection vulnerability in Datafeedfile DFF Framework API

Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/.

10.0
2008-10-08 CVE-2008-4489 Atarone Path Traversal vulnerability in Atarone 1.2.0

Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme_chosen parameter.

10.0
2008-10-08 CVE-2008-4486 Yerba Path Traversal vulnerability in Yerba 6.28

Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a ..

10.0
2008-10-10 CVE-2008-3647 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment.

9.3
2008-10-10 CVE-2008-3642 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile.

9.3
2008-10-09 CVE-2008-4499 PHP WEB Explorer Path Traversal vulnerability in PHP web Explorer PHP web Explorer Lite 0.99A

Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a ..

9.3
2008-10-07 CVE-2008-4472 Autodesk Permissions, Privileges, and Access Controls vulnerability in Autodesk Design Review, DWF Viewer and Revit Architecture

The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.

9.3
2008-10-07 CVE-2008-4471 Autodesk Path Traversal vulnerability in Autodesk Design Review, DWF Viewer and Revit Architecture

Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method.

9.3
2008-10-07 CVE-2008-4384 Iseemedia
MGI Software
Roxio
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods.

9.3
2008-10-07 CVE-2008-4470 Numark Buffer Errors vulnerability in Numark CUE 5.0

Stack-based buffer overflow in Numark CUE 5.0 rev2 allows user-assisted attackers to cause a denial of service (application crash) or execute arbitrary code via an M3U playlist file that contains a long absolute pathname.

9.3
2008-10-06 CVE-2008-4453 Dspicture Permissions, Privileges, and Access Controls vulnerability in Dspicture Light Imaging Toolkit and PRO Imaging SDK

The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method.

9.3
2008-10-06 CVE-2008-4449 Mirc Buffer Errors vulnerability in Mirc 6.34

Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message.

9.3
2008-10-06 CVE-2008-3872 Adobe Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player

Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations.

9.3
2008-10-09 CVE-2008-4501 Solarwinds Path Traversal vulnerability in Solarwinds Serv-U File Server

Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.

9.0
2008-10-06 CVE-2008-4452 Cambridge Computer Corporation Buffer Errors vulnerability in Cambridge Computer Corporation Vxftpsrv 2.0.3

Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3 allows remote attackers to cause a denial of service (crash and hang) and possibly execute arbitrary code via a long CWD request.

9.0

49 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-10-10 CVE-2008-3643 Apple Multiple Security vulnerability in RETIRED: Apple Mac OS X 2008-007

Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue."

7.8
2008-10-09 CVE-2008-4508 Tonec INC Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tonec Inc. Internet Download Manager

Stack-based buffer overflow in the file parsing function in Tonec Internet Download Manager, possibly 5.14 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AppleDouble file containing a long string.

7.8
2008-10-09 CVE-2008-4505 IBM Improper Input Validation vulnerability in IBM Lotus Quickr 8.1

Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command.

7.8
2008-10-08 CVE-2008-4482 Apache Improper Input Validation vulnerability in Apache Xerces-C++

The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file.

7.8
2008-10-07 CVE-2008-4421 Hammer Software Path Traversal vulnerability in Hammer-Software Metagauge 1.0.0.17

Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38, allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the URL.

7.8
2008-10-07 CVE-2008-3543 HP Remote Denial Of Service vulnerability in HP Oncplus B.11.3101/B.11.3102/B.11.3103

Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on HP-UX B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors.

7.8
2008-10-10 CVE-2008-4534 EC Cube SQL Injection vulnerability in Ec-Cube

SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ver2 RC 2.3.0-rc1 and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-10-10 CVE-2008-4215 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Server 10.4.11

Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions.

7.5
2008-10-09 CVE-2008-4531 Drupal SQL Injection vulnerability in Drupal Brilliant Gallery

SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries.

7.5
2008-10-09 CVE-2008-4529 Asicms Code Injection vulnerability in Asicms 0.208

Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.php, (5) Extension.php, (6) FileStore.php, (7) HMAC.php, (8) MemcachedStore.php, (9) Message.php, (10) Nonce.php, (11) SQLStore.php, (12) SReg.php, (13) TrustRoot.php, and (14) URINorm.php in classes/Auth/OpenID/; and (15) XRDS.php, (16) XRI.php and (17) XRIRes.php in classes/Auth/Yadis/.

7.5
2008-10-09 CVE-2008-4528 Phlatline Path Traversal vulnerability in Phlatline Personal Information Manager 1.01

Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-10-09 CVE-2008-4527 PHP Fusion SQL Injection vulnerability in PHP-Fusion Recepies Module 1.1

SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action.

7.5
2008-10-09 CVE-2008-4525 Ampjuke SQL Injection vulnerability in Ampjuke 0.7.5

SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows remote attackers to execute arbitrary SQL commands via the special parameter in a performerid action.

7.5
2008-10-09 CVE-2008-4524 Adaptcms SQL Injection vulnerability in Adaptcms 1.3

SQL injection vulnerability in the "Check User" feature (includes/check_user.php) in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the user_name parameter.

7.5
2008-10-09 CVE-2008-4523 IP REG SQL Injection vulnerability in IP REG IP REG 0.1/0.2/0.3

SQL injection vulnerability in login.php in IP Reg 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the user_name parameter.

7.5
2008-10-09 CVE-2008-4522 Jesse WEB Path Traversal vulnerability in Jesse-Web Jmweb MP3 Music Audio Search and Download Script

Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script allow remote attackers to include and execute arbitrary local files via a ..

7.5
2008-10-09 CVE-2008-4521 PHP Fusion SQL Injection vulnerability in PHP-Fusion World of Warcraft Tracker Infusion Module 2.0

SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter.

7.5
2008-10-09 CVE-2008-4519 Fastpublish Path Traversal vulnerability in Fastpublish CMS 1.9.9.9.9D/1.9999D

Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 d allow remote attackers to include and execute arbitrary local files via a ..

7.5
2008-10-09 CVE-2008-4518 Fastpublish SQL Injection vulnerability in Fastpublish CMS 1.9.9.9.9D/1.9999D

Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php.

7.5
2008-10-09 CVE-2008-4517 Geccbblite SQL Injection vulnerability in Geccbblite 2.0

SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-10-09 CVE-2008-4516 Galerie SQL Injection vulnerability in Galerie 3.2

SQL injection vulnerability in galerie.php in Galerie 3.2 allows remote attackers to execute arbitrary SQL commands via the pic parameter.

7.5
2008-10-09 CVE-2008-4515 Blue Coat Systems Improper Authentication vulnerability in Blue Coat Systems K9 web Protection 4.0.230

Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript.

7.5
2008-10-09 CVE-2008-4507 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Quickr 8.1

Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors.

7.5
2008-10-09 CVE-2008-4506 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Quickr 8.1

Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors.

7.5
2008-10-09 CVE-2008-4498 Phpautos SQL Injection vulnerability in PHPautos 2.9.1

SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2008-10-09 CVE-2008-4497 Built2Go SQL Injection vulnerability in Built2Go Real Estate Listings 1.5

SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter.

7.5
2008-10-09 CVE-2008-4496 Select Development Solutions SQL Injection vulnerability in Select Development Solutions PHP Realtor 1.5

SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.

7.5
2008-10-09 CVE-2008-4495 Select Development Solutions SQL Injection vulnerability in Select Development Solutions PHP Auto Dealer 2.7

SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.

7.5
2008-10-09 CVE-2008-4494 Torrenttrader SQL Injection vulnerability in Torrenttrader 1.04

SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-10-08 CVE-2008-4492 Yourownbux SQL Injection vulnerability in Yourownbux 4.0

SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie.

7.5
2008-10-08 CVE-2008-3063 V Webmail SQL Injection vulnerability in V-Webmail 1.5.0

SQL injection vulnerability in login.php in V-webmail 1.5.0 might allow remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2008-10-07 CVE-2008-4469 Vastal I Tech SQL Injection vulnerability in Vastal I-Tech Freelance Zone

SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the coder_id parameter.

7.5
2008-10-07 CVE-2008-4468 Vastal I Tech SQL Injection vulnerability in Vastal I-Tech Share Zone

SQL injection vulnerability in view_news.php in Vastal I-Tech Share Zone allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-10-07 CVE-2008-4467 Vastal I Tech SQL Injection vulnerability in Vastal I-Tech Toner Cart

SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-10-07 CVE-2008-4466 Vastal I Tech SQL Injection vulnerability in Vastal I-Tech Cosmetics Zone

SQL injection vulnerability in view_products_cat.php in Vastal I-Tech Cosmetics Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

7.5
2008-10-07 CVE-2008-4465 Vastal I Tech SQL Injection vulnerability in Vastal I-Tech DVD Zone

SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

7.5
2008-10-07 CVE-2008-4464 Vastal I Tech SQL Injection vulnerability in Vastal I-Tech MAG Zone

SQL injection vulnerability in view_mags.php in Vastal I-Tech Mag Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

7.5
2008-10-07 CVE-2008-4463 Vastal I Tech SQL Injection vulnerability in Vastal I-Tech Jobs Zone

SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter.

7.5
2008-10-07 CVE-2008-4462 Vastal I Tech SQL Injection vulnerability in Vastal I-Tech Visa Zone

SQL injection vulnerability in view_news.php in Vastal I-Tech Visa Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter.

7.5
2008-10-07 CVE-2008-4461 Vastal I Tech SQL Injection vulnerability in Vastal I-Tech Dating Zone 0.9.9

SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter.

7.5
2008-10-07 CVE-2008-4460 Vastal I Tech SQL Injection vulnerability in Vastal I-Tech Mmorpg Zone

SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the game_id parameter.

7.5
2008-10-07 CVE-2008-4459 Extrovert Software SQL Injection vulnerability in Extrovert Software Thyme 1.3

SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter.

7.5
2008-10-07 CVE-2008-4458 E PHP Scripts SQL Injection vulnerability in E-PHP Scripts B2B Trading Marketplace Script

SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action.

7.5
2008-10-10 CVE-2008-3645 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors.

7.2
2008-10-08 CVE-2008-3830 Condor Project Permissions, Privileges, and Access Controls vulnerability in Condor Project Condor

Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions.

7.2
2008-10-08 CVE-2008-4477 JIM Trocki Link Following vulnerability in JIM Trocki MON 0.99.2

alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack on the test.alert.log temporary file.

7.2
2008-10-07 CVE-2008-4475 GNU Link Following vulnerability in GNU Ibackup 2.27

ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

7.2
2008-10-07 CVE-2008-4474 Freeradius Link Following vulnerability in Freeradius 2.0.4

freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.

7.2
2008-10-06 CVE-2008-4451 Eset Software Permissions, Privileges, and Access Controls vulnerability in Eset Software System Analyzer Tool 1.1.1.0

The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 allows local users to execute arbitrary code via a certain METHOD_NEITHER IOCTL request to \Device\esiasdrv that overwrites a pointer.

7.2

44 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-10-10 CVE-2008-4394 Gentoo Local Privilege Escalation vulnerability in Gentoo 'sys-apps/portage' Search Path

Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.

6.9
2008-10-07 CVE-2008-4476 Sympa Link Following vulnerability in Sympa 5.3.4

sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file.

6.9
2008-10-10 CVE-2008-3646 Apple Race Condition vulnerability in Apple mac OS X 10.5.5

The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.

6.8
2008-10-10 CVE-2008-3432 VIM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VIM 6.2/6.3

Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.

6.8
2008-10-09 CVE-2008-4504 Herosoft Buffer Errors vulnerability in Herosoft Hero DVD Player 3.0.8

Heap-based buffer overflow in Mplayer.exe in Herosoft Inc.

6.8
2008-10-09 CVE-2008-4503 Adobe Clickjacking vulnerability in RETIRED: Adobe Flash Player

The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking."

6.8
2008-10-08 CVE-2008-4493 Microsoft Improper Input Validation vulnerability in Microsoft Digital Image 2006

Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request.

6.8
2008-10-08 CVE-2008-4487 Atarone SQL Injection vulnerability in Atarone 1.2.0

SQL injection vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) site_name, (2) email, (3) theme_chosen, (4) hp, (5) c_meta, (6) id, and (7) c_js parameters.

6.8
2008-10-08 CVE-2008-4484 Crux Software Permissions, Privileges, and Access Controls vulnerability in Crux Software Gallery

main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.

6.8
2008-10-08 CVE-2008-4483 Crux Software Path Traversal vulnerability in Crux Software Gallery

Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-10-07 CVE-2008-4457 Memht SQL Injection vulnerability in Memht Portal

SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php.

6.8
2008-10-06 CVE-2008-4455 Mysql Quick Admin Path Traversal vulnerability in Mysql Quick Admin Mysql Quick Admin 1.5.5

Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a ..

6.8
2008-10-06 CVE-2008-4454 Mysql Quick Admin Path Traversal vulnerability in Mysql Quick Admin Mysql Quick Admin 1.5.5

Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a ..

6.8
2008-10-06 CVE-2008-4448 Positive Software Cross-Site Request Forgery (CSRF) vulnerability in Positive Software H-Sphere 4.3.10

Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions.

6.8
2008-10-06 CVE-2008-4279 Vmware Permissions, Privileges, and Access Controls vulnerability in VMWare products

The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address.

6.8
2008-10-08 CVE-2008-3814 Cisco Improper Authentication vulnerability in Cisco Unity

Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once.

5.8
2008-10-08 CVE-2008-4490 Phpabook Path Traversal vulnerability in PHPabook 0.8.4B/0.8.6B/0.8.7B

Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

5.1
2008-10-09 CVE-2008-4514 Konqueror Improper Input Validation vulnerability in Konqueror 3.5.9

The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error.

5.0
2008-10-09 CVE-2008-4512 Designplace Permissions, Privileges, and Access Controls vulnerability in Designplace Asp/Ms Access Shoutbox 1.1

ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.

5.0
2008-10-09 CVE-2008-4511 Todd Woolums Permissions, Privileges, and Access Controls vulnerability in Todd Woolums ASP News Management 2.21

Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.

5.0
2008-10-08 CVE-2008-3829 Condor Project Multiple Security vulnerability in Condor Prior to 7.0.5

Unspecified vulnerability in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) via unknown vectors.

5.0
2008-10-08 CVE-2008-4491 Apple Information Exposure vulnerability in Apple Mail 3.5

Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail.

5.0
2008-10-08 CVE-2008-3060 V Webmail Information Exposure vulnerability in V-Webmail 1.5.0

V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message.

5.0
2008-10-09 CVE-2008-4510 Microsoft Resource Management Errors vulnerability in Microsoft Windows Vista

Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page.

4.9
2008-10-06 CVE-2008-4445 Linux Information Exposure vulnerability in Linux Kernel

The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113.

4.7
2008-10-10 CVE-2008-4214 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files.

4.6
2008-10-08 CVE-2008-3828 Condor Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Condor Project Condor

Stack-based buffer overflow in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

4.6
2008-10-08 CVE-2008-3826 Condor Project Permissions, Privileges, and Access Controls vulnerability in Condor Project Condor

Unspecified vulnerability in Condor before 7.0.5 allows attackers to execute jobs as other users via unknown vectors.

4.6
2008-10-10 CVE-2008-4537 EC Cube Cross-Site Scripting vulnerability in Ec-Cube

Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.1.1-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17336 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4536.

4.3
2008-10-10 CVE-2008-4536 EC Cube Cross-Site Scripting vulnerability in Ec-Cube

Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.2.0-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17319 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4537.

4.3
2008-10-10 CVE-2008-4535 EC Cube Cross-Site Scripting vulnerability in Ec-Cube

Cross-site scripting (XSS) vulnerability in EC-CUBE Ver2 2.1.2a and earlier, EC-CUBE Ver2 Beta(RC) 2.2.0-beta and earlier, and EC-CUBE Community Edition Nighly-Build r17623 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4536 and CVE-2008-4537.

4.3
2008-10-10 CVE-2008-4533 Katan Cross-Site Scripting vulnerability in Katan web Server 1.6

Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2008-10-09 CVE-2008-4532 Maxiscript Cross-Site Scripting vulnerability in Maxiscript Website Directory

Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action.

4.3
2008-10-09 CVE-2008-4520 Autonessus Cross-Site Scripting vulnerability in Autonessus

Cross-site scripting (XSS) vulnerability in bulk_update.pl in AutoNessus before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the remark parameter.

4.3
2008-10-09 CVE-2008-4513 Phorum Cross-Site Scripting vulnerability in Phorum 5.2.8

Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags.

4.3
2008-10-08 CVE-2008-4488 Atarone Cross-Site Scripting vulnerability in Atarone 1.2.0

Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) id parameters.

4.3
2008-10-08 CVE-2008-4485 Bluecoat Cross-Site Scripting vulnerability in Bluecoat Security Gateway OS 4.2/5.2/5.3

Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL.

4.3
2008-10-08 CVE-2008-4481 Redmine Cross-Site Scripting vulnerability in Redmine

Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-10-08 CVE-2008-3061 V Webmail Remote Security vulnerability in V-Webmail 1.5.0

Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the to parameter.

4.3
2008-10-07 CVE-2008-4393 Verisign Cross-Site Scripting vulnerability in Verisign Kontiki Delivery Management System

Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery Management System (DMS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to zodiac/servlet/zodiac.

4.3
2008-10-06 CVE-2008-4450 Apache Friends Cross-Site Scripting vulnerability in Apache Friends Xampp 1.6.8

Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attackers to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters.

4.3
2008-10-06 CVE-2008-4447 Positive Software Cross-Site Scripting vulnerability in Positive Software H-Sphere 4.3.10

Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab parameter during a sysinfo action.

4.3
2008-10-06 CVE-2008-4446 Nucleus CMS Cross-Site Scripting vulnerability in Nucleus CMS Nucleus

Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-10-09 CVE-2008-4500 Solarwinds Improper Input Validation vulnerability in Solarwinds Serv-U File Server

Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-10-09 CVE-2008-4530 Drupal Cross-Site Scripting vulnerability in Drupal Brilliant Gallery

Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers.

3.5
2008-10-06 CVE-2008-4456 Mysql
Oracle
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document.

2.6
2008-10-07 CVE-2008-3834 Freedesktop Improper Input Validation vulnerability in Freedesktop Dbus, Dbus1.0 and Dbus1.1.0

The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.

2.1
2008-10-06 CVE-2008-4278 Vmware
Microsoft
Information Exposure vulnerability in VMWare Virtualcenter

VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.

2.1