Weekly Vulnerabilities Reports > October 6 to 12, 2008
Overview
114 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 49 high severity vulnerabilities. This weekly summary report vulnerabilities in 102 products from 74 vendors including Apple, Vastal I Tech, EC Cube, Condor Project, and IBM. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Path Traversal", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 99 reported vulnerabilities are remotely exploitables.
- 53 reported vulnerabilities have public exploit available.
- 63 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 110 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 11 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
20 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-10-10 | CVE-2008-4212 | Apple | Configuration vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. | 10.0 |
2008-10-10 | CVE-2008-4211 | Apple | Numeric Errors vulnerability in Apple Iphone OS, mac OS X and mac OS X Server Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns." | 10.0 |
2008-10-10 | CVE-2008-3641 | Apple | Resource Management Errors vulnerability in Apple Cups The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory. | 10.0 |
2008-10-09 | CVE-2008-4526 | Customcms | Path Traversal vulnerability in Customcms Ccms 3.1 Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. | 10.0 |
2008-10-09 | CVE-2008-4509 | Foss Gallery | Improper Input Validation vulnerability in Foss Gallery Foss Gallery 1.0 Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory. | 10.0 |
2008-10-09 | CVE-2008-4502 | Datafeedfile | Code Injection vulnerability in Datafeedfile DFF Framework API Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/. | 10.0 |
2008-10-08 | CVE-2008-4489 | Atarone | Path Traversal vulnerability in Atarone 1.2.0 Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme_chosen parameter. | 10.0 |
2008-10-08 | CVE-2008-4486 | Yerba | Path Traversal vulnerability in Yerba 6.28 Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. | 10.0 |
2008-10-10 | CVE-2008-3647 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment. | 9.3 |
2008-10-10 | CVE-2008-3642 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile. | 9.3 |
2008-10-09 | CVE-2008-4499 | PHP WEB Explorer | Path Traversal vulnerability in PHP web Explorer PHP web Explorer Lite 0.99A Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. | 9.3 |
2008-10-07 | CVE-2008-4472 | Autodesk | Permissions, Privileges, and Access Controls vulnerability in Autodesk Design Review, DWF Viewer and Revit Architecture The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method. | 9.3 |
2008-10-07 | CVE-2008-4471 | Autodesk | Path Traversal vulnerability in Autodesk Design Review, DWF Viewer and Revit Architecture Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method. | 9.3 |
2008-10-07 | CVE-2008-4384 | Iseemedia MGI Software Roxio | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods. | 9.3 |
2008-10-07 | CVE-2008-4470 | Numark | Buffer Errors vulnerability in Numark CUE 5.0 Stack-based buffer overflow in Numark CUE 5.0 rev2 allows user-assisted attackers to cause a denial of service (application crash) or execute arbitrary code via an M3U playlist file that contains a long absolute pathname. | 9.3 |
2008-10-06 | CVE-2008-4453 | Dspicture | Permissions, Privileges, and Access Controls vulnerability in Dspicture Light Imaging Toolkit and PRO Imaging SDK The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. | 9.3 |
2008-10-06 | CVE-2008-4449 | Mirc | Buffer Errors vulnerability in Mirc 6.34 Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message. | 9.3 |
2008-10-06 | CVE-2008-3872 | Adobe | Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations. | 9.3 |
2008-10-09 | CVE-2008-4501 | Solarwinds | Path Traversal vulnerability in Solarwinds Serv-U File Server Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command. | 9.0 |
2008-10-06 | CVE-2008-4452 | Cambridge Computer Corporation | Buffer Errors vulnerability in Cambridge Computer Corporation Vxftpsrv 2.0.3 Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3 allows remote attackers to cause a denial of service (crash and hang) and possibly execute arbitrary code via a long CWD request. | 9.0 |
49 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-10-10 | CVE-2008-3643 | Apple | Multiple Security vulnerability in RETIRED: Apple Mac OS X 2008-007 Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue." | 7.8 |
2008-10-09 | CVE-2008-4508 | Tonec INC | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tonec Inc. Internet Download Manager Stack-based buffer overflow in the file parsing function in Tonec Internet Download Manager, possibly 5.14 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AppleDouble file containing a long string. | 7.8 |
2008-10-09 | CVE-2008-4505 | IBM | Improper Input Validation vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. | 7.8 |
2008-10-08 | CVE-2008-4482 | Apache | Improper Input Validation vulnerability in Apache Xerces-C++ The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file. | 7.8 |
2008-10-07 | CVE-2008-4421 | Hammer Software | Path Traversal vulnerability in Hammer-Software Metagauge 1.0.0.17 Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38, allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the URL. | 7.8 |
2008-10-07 | CVE-2008-3543 | HP | Remote Denial Of Service vulnerability in HP Oncplus B.11.3101/B.11.3102/B.11.3103 Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on HP-UX B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors. | 7.8 |
2008-10-10 | CVE-2008-4534 | EC Cube | SQL Injection vulnerability in Ec-Cube SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ver2 RC 2.3.0-rc1 and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2008-10-10 | CVE-2008-4215 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Server 10.4.11 Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions. | 7.5 |
2008-10-09 | CVE-2008-4531 | Drupal | SQL Injection vulnerability in Drupal Brilliant Gallery SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. | 7.5 |
2008-10-09 | CVE-2008-4529 | Asicms | Code Injection vulnerability in Asicms 0.208 Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.php, (5) Extension.php, (6) FileStore.php, (7) HMAC.php, (8) MemcachedStore.php, (9) Message.php, (10) Nonce.php, (11) SQLStore.php, (12) SReg.php, (13) TrustRoot.php, and (14) URINorm.php in classes/Auth/OpenID/; and (15) XRDS.php, (16) XRI.php and (17) XRIRes.php in classes/Auth/Yadis/. | 7.5 |
2008-10-09 | CVE-2008-4528 | Phlatline | Path Traversal vulnerability in Phlatline Personal Information Manager 1.01 Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-10-09 | CVE-2008-4527 | PHP Fusion | SQL Injection vulnerability in PHP-Fusion Recepies Module 1.1 SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. | 7.5 |
2008-10-09 | CVE-2008-4525 | Ampjuke | SQL Injection vulnerability in Ampjuke 0.7.5 SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows remote attackers to execute arbitrary SQL commands via the special parameter in a performerid action. | 7.5 |
2008-10-09 | CVE-2008-4524 | Adaptcms | SQL Injection vulnerability in Adaptcms 1.3 SQL injection vulnerability in the "Check User" feature (includes/check_user.php) in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. | 7.5 |
2008-10-09 | CVE-2008-4523 | IP REG | SQL Injection vulnerability in IP REG IP REG 0.1/0.2/0.3 SQL injection vulnerability in login.php in IP Reg 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the user_name parameter. | 7.5 |
2008-10-09 | CVE-2008-4522 | Jesse WEB | Path Traversal vulnerability in Jesse-Web Jmweb MP3 Music Audio Search and Download Script Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-10-09 | CVE-2008-4521 | PHP Fusion | SQL Injection vulnerability in PHP-Fusion World of Warcraft Tracker Infusion Module 2.0 SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter. | 7.5 |
2008-10-09 | CVE-2008-4519 | Fastpublish | Path Traversal vulnerability in Fastpublish CMS 1.9.9.9.9D/1.9999D Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 d allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-10-09 | CVE-2008-4518 | Fastpublish | SQL Injection vulnerability in Fastpublish CMS 1.9.9.9.9D/1.9999D Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php. | 7.5 |
2008-10-09 | CVE-2008-4517 | Geccbblite | SQL Injection vulnerability in Geccbblite 2.0 SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-10-09 | CVE-2008-4516 | Galerie | SQL Injection vulnerability in Galerie 3.2 SQL injection vulnerability in galerie.php in Galerie 3.2 allows remote attackers to execute arbitrary SQL commands via the pic parameter. | 7.5 |
2008-10-09 | CVE-2008-4515 | Blue Coat Systems | Improper Authentication vulnerability in Blue Coat Systems K9 web Protection 4.0.230 Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript. | 7.5 |
2008-10-09 | CVE-2008-4507 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors. | 7.5 |
2008-10-09 | CVE-2008-4506 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors. | 7.5 |
2008-10-09 | CVE-2008-4498 | Phpautos | SQL Injection vulnerability in PHPautos 2.9.1 SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2008-10-09 | CVE-2008-4497 | Built2Go | SQL Injection vulnerability in Built2Go Real Estate Listings 1.5 SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter. | 7.5 |
2008-10-09 | CVE-2008-4496 | Select Development Solutions | SQL Injection vulnerability in Select Development Solutions PHP Realtor 1.5 SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter. | 7.5 |
2008-10-09 | CVE-2008-4495 | Select Development Solutions | SQL Injection vulnerability in Select Development Solutions PHP Auto Dealer 2.7 SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter. | 7.5 |
2008-10-09 | CVE-2008-4494 | Torrenttrader | SQL Injection vulnerability in Torrenttrader 1.04 SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-10-08 | CVE-2008-4492 | Yourownbux | SQL Injection vulnerability in Yourownbux 4.0 SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie. | 7.5 |
2008-10-08 | CVE-2008-3063 | V Webmail | SQL Injection vulnerability in V-Webmail 1.5.0 SQL injection vulnerability in login.php in V-webmail 1.5.0 might allow remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2008-10-07 | CVE-2008-4469 | Vastal I Tech | SQL Injection vulnerability in Vastal I-Tech Freelance Zone SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the coder_id parameter. | 7.5 |
2008-10-07 | CVE-2008-4468 | Vastal I Tech | SQL Injection vulnerability in Vastal I-Tech Share Zone SQL injection vulnerability in view_news.php in Vastal I-Tech Share Zone allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-10-07 | CVE-2008-4467 | Vastal I Tech | SQL Injection vulnerability in Vastal I-Tech Toner Cart SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-10-07 | CVE-2008-4466 | Vastal I Tech | SQL Injection vulnerability in Vastal I-Tech Cosmetics Zone SQL injection vulnerability in view_products_cat.php in Vastal I-Tech Cosmetics Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | 7.5 |
2008-10-07 | CVE-2008-4465 | Vastal I Tech | SQL Injection vulnerability in Vastal I-Tech DVD Zone SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | 7.5 |
2008-10-07 | CVE-2008-4464 | Vastal I Tech | SQL Injection vulnerability in Vastal I-Tech MAG Zone SQL injection vulnerability in view_mags.php in Vastal I-Tech Mag Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | 7.5 |
2008-10-07 | CVE-2008-4463 | Vastal I Tech | SQL Injection vulnerability in Vastal I-Tech Jobs Zone SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | 7.5 |
2008-10-07 | CVE-2008-4462 | Vastal I Tech | SQL Injection vulnerability in Vastal I-Tech Visa Zone SQL injection vulnerability in view_news.php in Vastal I-Tech Visa Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | 7.5 |
2008-10-07 | CVE-2008-4461 | Vastal I Tech | SQL Injection vulnerability in Vastal I-Tech Dating Zone 0.9.9 SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter. | 7.5 |
2008-10-07 | CVE-2008-4460 | Vastal I Tech | SQL Injection vulnerability in Vastal I-Tech Mmorpg Zone SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the game_id parameter. | 7.5 |
2008-10-07 | CVE-2008-4459 | Extrovert Software | SQL Injection vulnerability in Extrovert Software Thyme 1.3 SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. | 7.5 |
2008-10-07 | CVE-2008-4458 | E PHP Scripts | SQL Injection vulnerability in E-PHP Scripts B2B Trading Marketplace Script SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action. | 7.5 |
2008-10-10 | CVE-2008-3645 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors. | 7.2 |
2008-10-08 | CVE-2008-3830 | Condor Project | Permissions, Privileges, and Access Controls vulnerability in Condor Project Condor Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions. | 7.2 |
2008-10-08 | CVE-2008-4477 | JIM Trocki | Link Following vulnerability in JIM Trocki MON 0.99.2 alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack on the test.alert.log temporary file. | 7.2 |
2008-10-07 | CVE-2008-4475 | GNU | Link Following vulnerability in GNU Ibackup 2.27 ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 7.2 |
2008-10-07 | CVE-2008-4474 | Freeradius | Link Following vulnerability in Freeradius 2.0.4 freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct. | 7.2 |
2008-10-06 | CVE-2008-4451 | Eset Software | Permissions, Privileges, and Access Controls vulnerability in Eset Software System Analyzer Tool 1.1.1.0 The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 allows local users to execute arbitrary code via a certain METHOD_NEITHER IOCTL request to \Device\esiasdrv that overwrites a pointer. | 7.2 |
41 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-10-10 | CVE-2008-4394 | Gentoo | Local Privilege Escalation vulnerability in Gentoo 'sys-apps/portage' Search Path Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds. | 6.9 |
2008-10-07 | CVE-2008-4476 | Sympa | Link Following vulnerability in Sympa 5.3.4 sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. | 6.9 |
2008-10-10 | CVE-2008-3646 | Apple | Race Condition vulnerability in Apple mac OS X 10.5.5 The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users. | 6.8 |
2008-10-09 | CVE-2008-4504 | Herosoft | Buffer Errors vulnerability in Herosoft Hero DVD Player 3.0.8 Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. | 6.8 |
2008-10-09 | CVE-2008-4503 | Adobe | Clickjacking vulnerability in RETIRED: Adobe Flash Player The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking." | 6.8 |
2008-10-08 | CVE-2008-4493 | Microsoft | Improper Input Validation vulnerability in Microsoft Digital Image 2006 Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. | 6.8 |
2008-10-08 | CVE-2008-4487 | Atarone | SQL Injection vulnerability in Atarone 1.2.0 SQL injection vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) site_name, (2) email, (3) theme_chosen, (4) hp, (5) c_meta, (6) id, and (7) c_js parameters. | 6.8 |
2008-10-08 | CVE-2008-4484 | Crux Software | Permissions, Privileges, and Access Controls vulnerability in Crux Software Gallery main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php. | 6.8 |
2008-10-08 | CVE-2008-4483 | Crux Software | Path Traversal vulnerability in Crux Software Gallery Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2008-10-07 | CVE-2008-4457 | Memht | SQL Injection vulnerability in Memht Portal SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php. | 6.8 |
2008-10-06 | CVE-2008-4455 | Mysql Quick Admin | Path Traversal vulnerability in Mysql Quick Admin Mysql Quick Admin 1.5.5 Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. | 6.8 |
2008-10-06 | CVE-2008-4454 | Mysql Quick Admin | Path Traversal vulnerability in Mysql Quick Admin Mysql Quick Admin 1.5.5 Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a .. | 6.8 |
2008-10-06 | CVE-2008-4448 | Positive Software | Cross-Site Request Forgery (CSRF) vulnerability in Positive Software H-Sphere 4.3.10 Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions. | 6.8 |
2008-10-06 | CVE-2008-4279 | Vmware | Permissions, Privileges, and Access Controls vulnerability in VMWare products The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address. | 6.8 |
2008-10-08 | CVE-2008-3814 | Cisco | Improper Authentication vulnerability in Cisco Unity Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once. | 5.8 |
2008-10-08 | CVE-2008-4490 | Phpabook | Path Traversal vulnerability in PHPabook 0.8.4B/0.8.6B/0.8.7B Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 5.1 |
2008-10-09 | CVE-2008-4514 | Konqueror | Improper Input Validation vulnerability in Konqueror 3.5.9 The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error. | 5.0 |
2008-10-09 | CVE-2008-4512 | Designplace | Permissions, Privileges, and Access Controls vulnerability in Designplace Asp/Ms Access Shoutbox 1.1 ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | 5.0 |
2008-10-09 | CVE-2008-4511 | Todd Woolums | Permissions, Privileges, and Access Controls vulnerability in Todd Woolums ASP News Management 2.21 Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | 5.0 |
2008-10-08 | CVE-2008-3829 | Condor Project | Multiple Security vulnerability in Condor Prior to 7.0.5 Unspecified vulnerability in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) via unknown vectors. | 5.0 |
2008-10-08 | CVE-2008-4491 | Apple | Information Exposure vulnerability in Apple Mail 3.5 Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. | 5.0 |
2008-10-08 | CVE-2008-3060 | V Webmail | Information Exposure vulnerability in V-Webmail 1.5.0 V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message. | 5.0 |
2008-10-09 | CVE-2008-4510 | Microsoft | Resource Management Errors vulnerability in Microsoft Windows Vista Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page. | 4.9 |
2008-10-10 | CVE-2008-4214 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files. | 4.6 |
2008-10-08 | CVE-2008-3828 | Condor Project | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Condor Project Condor Stack-based buffer overflow in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. | 4.6 |
2008-10-08 | CVE-2008-3826 | Condor Project | Permissions, Privileges, and Access Controls vulnerability in Condor Project Condor Unspecified vulnerability in Condor before 7.0.5 allows attackers to execute jobs as other users via unknown vectors. | 4.6 |
2008-10-10 | CVE-2008-4537 | EC Cube | Cross-Site Scripting vulnerability in Ec-Cube Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.1.1-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17336 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4536. | 4.3 |
2008-10-10 | CVE-2008-4536 | EC Cube | Cross-Site Scripting vulnerability in Ec-Cube Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.2.0-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17319 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4537. | 4.3 |
2008-10-10 | CVE-2008-4535 | EC Cube | Cross-Site Scripting vulnerability in Ec-Cube Cross-site scripting (XSS) vulnerability in EC-CUBE Ver2 2.1.2a and earlier, EC-CUBE Ver2 Beta(RC) 2.2.0-beta and earlier, and EC-CUBE Community Edition Nighly-Build r17623 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4536 and CVE-2008-4537. | 4.3 |
2008-10-10 | CVE-2008-4533 | Katan | Cross-Site Scripting vulnerability in Katan web Server 1.6 Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2008-10-09 | CVE-2008-4532 | Maxiscript | Cross-Site Scripting vulnerability in Maxiscript Website Directory Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action. | 4.3 |
2008-10-09 | CVE-2008-4520 | Autonessus | Cross-Site Scripting vulnerability in Autonessus Cross-site scripting (XSS) vulnerability in bulk_update.pl in AutoNessus before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the remark parameter. | 4.3 |
2008-10-08 | CVE-2008-4488 | Atarone | Cross-Site Scripting vulnerability in Atarone 1.2.0 Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) id parameters. | 4.3 |
2008-10-08 | CVE-2008-4485 | Bluecoat | Cross-Site Scripting vulnerability in Bluecoat Security Gateway OS 4.2/5.2/5.3 Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL. | 4.3 |
2008-10-08 | CVE-2008-4481 | Redmine | Cross-Site Scripting vulnerability in Redmine Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-10-08 | CVE-2008-3061 | V Webmail | Remote Security vulnerability in V-Webmail 1.5.0 Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the to parameter. | 4.3 |
2008-10-07 | CVE-2008-4393 | Verisign | Cross-Site Scripting vulnerability in Verisign Kontiki Delivery Management System Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery Management System (DMS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to zodiac/servlet/zodiac. | 4.3 |
2008-10-06 | CVE-2008-4450 | Apache Friends | Cross-Site Scripting vulnerability in Apache Friends Xampp 1.6.8 Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attackers to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters. | 4.3 |
2008-10-06 | CVE-2008-4447 | Positive Software | Cross-Site Scripting vulnerability in Positive Software H-Sphere 4.3.10 Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab parameter during a sysinfo action. | 4.3 |
2008-10-06 | CVE-2008-4446 | Nucleus CMS | Cross-Site Scripting vulnerability in Nucleus CMS Nucleus Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-10-09 | CVE-2008-4500 | Solarwinds | Improper Input Validation vulnerability in Solarwinds Serv-U File Server Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1". | 4.0 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-10-09 | CVE-2008-4530 | Drupal | Cross-Site Scripting vulnerability in Drupal Brilliant Gallery Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers. | 3.5 |
2008-10-06 | CVE-2008-4456 | Mysql Oracle | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. | 2.6 |
2008-10-07 | CVE-2008-3834 | Freedesktop | Improper Input Validation vulnerability in Freedesktop Dbus, Dbus1.0 and Dbus1.1.0 The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. | 2.1 |
2008-10-06 | CVE-2008-4278 | Vmware Microsoft | Information Exposure vulnerability in VMWare Virtualcenter VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password. | 2.1 |