Weekly Vulnerabilities Reports > October 20 to 26, 2008

Overview

144 new vulnerabilities reported during this period, including 29 critical vulnerabilities and 52 high severity vulnerabilities. This weekly summary report vulnerabilities in 191 products from 105 vendors including Typo3, Wireshark, Wordpress, Opera, and IBM. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Path Traversal", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Code Injection".

  • 137 reported vulnerabilities are remotely exploitables.
  • 73 reported vulnerabilities have public exploit available.
  • 83 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 133 reported vulnerabilities are exploitable by an anonymous user.
  • Typo3 has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

29 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-10-24 CVE-2008-4731 Michael Christen Multiple Unspecified vulnerability in YaCy

Multiple unspecified vulnerabilities in YaCy before 0.61 have unknown impact and attack vectors.

10.0
2008-10-23 CVE-2008-4250 Microsoft Code Injection vulnerability in Microsoft products

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."

10.0
2008-10-23 CVE-2008-3862 Trend Micro Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Officescan 7.3/8.0

Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to "parsing CGI requests."

10.0
2008-10-23 CVE-2008-2469 Libspf Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libspf Libspf2

Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.

10.0
2008-10-23 CVE-2008-4704 Mitre Code Injection vulnerability in Mitre Sezhoo 0.1

PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.

10.0
2008-10-22 CVE-2008-4692 IBM Remote Security vulnerability in DB2

The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors.

10.0
2008-10-22 CVE-2008-4690 Lynx Unspecified vulnerability in Lynx

lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929.

10.0
2008-10-22 CVE-2008-4673 Webbiscuits Code Injection vulnerability in Webbiscuits Events Calendar 1.1

PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters.

10.0
2008-10-21 CVE-2008-4641 Sentex Improper Input Validation vulnerability in Sentex Jhead

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.

10.0
2008-10-21 CVE-2008-4631 Myer Sound Laboratories Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Myer Sound Laboratories Muscle

Stack-based buffer overflow in the Message::AddToString function in message/Message.cpp in MUSCLE before 4.40 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted message.

10.0
2008-10-21 CVE-2008-4630 Midgard Multiple Unspecified vulnerability in Midgard Components Framework 2.9/8.09.0

Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Framework before 8.09.1 have unknown impact and attack vectors.

10.0
2008-10-21 CVE-2008-4619 SUN Unspecified vulnerability in SUN Sunos 5.9

The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function.

10.0
2008-10-20 CVE-2008-4615 Portalapp Remote Security vulnerability in Portalapp 4.0

Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors.

10.0
2008-10-24 CVE-2008-4728 Hummingbird Multiple Security vulnerability in Hummingbird Deployment Wizard 2008

Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method.

9.3
2008-10-23 CVE-2008-4695 Opera Information Exposure vulnerability in Opera

Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context.

9.3
2008-10-23 CVE-2008-4694 Opera Link Following vulnerability in Opera Browser

Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL.

9.3
2008-10-23 CVE-2008-4720 Arzdev Code Injection vulnerability in Arzdev Gemini Portal 4.7

Multiple PHP remote file inclusion vulnerabilities in The Gemini Portal 4.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) page/forums/bottom.php and (2) page/forums/category.php.

9.3
2008-10-23 CVE-2008-4719 Openengine Code Injection vulnerability in Openengine 2.0

PHP remote file inclusion vulnerability in cms/classes/openengine/filepool.php in openEngine 2.0 beta2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter, a different vector than CVE-2008-4329.

9.3
2008-10-22 CVE-2008-4699 Microsoft Insecure Method vulnerability in Microsoft Peachtree Accounting 2004

Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method.

9.3
2008-10-22 CVE-2008-4686 Videolan Numeric Errors vulnerability in Videolan VLC Media Player

Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.

9.3
2008-10-22 CVE-2008-4664 Qvod Buffer Errors vulnerability in Qvod Player 1.0.1/2.0.1/2.5.1

Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control (QvodInsert.dll) in QVOD Player before 2.1.5 build 0053 allows remote attackers to execute arbitrary code via a long URL property.

9.3
2008-10-22 CVE-2008-4654 Videolan Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player

Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.

9.3
2008-10-22 CVE-2008-4652 Dart Buffer Errors vulnerability in Dart Powertcp FTP for Activex 2.0.2.0

Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communications PowerTCP FTP for ActiveX 2.0.2 0 allows remote attackers to execute arbitrary code via a long SecretKey property.

9.3
2008-10-21 CVE-2008-4624 Ftrsoft Code Injection vulnerability in Ftrsoft Fast Click SQL Lite 1.1.7

PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFG[CDIR] parameter.

9.3
2008-10-24 CVE-2008-4726 Goodtechsystems Buffer Errors vulnerability in Goodtechsystems Goodtech SSH 6.4

Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 allows remote authenticated users to execute arbitrary code via a long string to the (1) open (aka SSH_FXP_OPEN), (2) unlink, (3) opendir, and other unspecified parameters.

9.0
2008-10-23 CVE-2008-4722 SUN Improper Authentication vulnerability in SUN products

Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors.

9.0
2008-10-22 CVE-2008-4687 Mantis Code Injection vulnerability in Mantis

manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.

9.0
2008-10-22 CVE-2008-4668 Joomla Path Traversal vulnerability in Joomla COM Imagebrowser 0.1.5

Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a ..

9.0
2008-10-22 CVE-2008-4645 Phpwebgallery Code Injection vulnerability in PHPwebgallery

plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function.

9.0

52 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-10-24 CVE-2008-4735 Coastal Code Injection vulnerability in Coastal Coast 0.95

PHP remote file inclusion vulnerability in header.php in Concord Asset, Software, and Ticket system (CoAST) 0.95 allows remote attackers to execute arbitrary PHP code via a URL in the sections_file parameter.

8.5
2008-10-23 CVE-2008-3817 Cisco Resource Management Errors vulnerability in Cisco products

Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets, related to the "initialization code for the hardware crypto accelerator."

7.8
2008-10-23 CVE-2008-3816 Cisco Denial of Service vulnerability in Cisco products

Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet.

7.8
2008-10-22 CVE-2008-4678 IBM Resource Management Errors vulnerability in IBM Websphere Application Server

The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abend and application hang) via a long HTTP Host header, related to "storage overlay" on the stack and a "parse failure."

7.8
2008-10-21 CVE-2008-4618 Linux Improper Input Validation vulnerability in Linux Kernel

The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls.

7.8
2008-10-23 CVE-2008-3863 GNU Buffer Errors vulnerability in GNU Enscript 1.6.1/1.6.4

Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.

7.6
2008-10-24 CVE-2008-4738 Tufat SQL Injection vulnerability in Tufat Mycard 1.0.2

SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-10-24 CVE-2008-4736 Aves SQL Injection vulnerability in Aves RPG Board 0.0.8/0.8

SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the showtopic parameter.

7.5
2008-10-24 CVE-2008-4734 Pressography
Wordpress
Cross-Site Request Forgery (CSRF) vulnerability in Pressography WP Comment Remix Plugin 1.4

Cross-site request forgery (CSRF) vulnerability in the wpcr_do_options_page function in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to perform unauthorized actions as administrators via a request that sets the wpcr_hidden_form_input parameter.

7.5
2008-10-24 CVE-2008-4732 Pressography
Wordpress
SQL Injection vulnerability in Pressography WP Comment Remix Plugin 1.4

SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter.

7.5
2008-10-23 CVE-2008-4721 PHP Jabbers Information Exposure vulnerability in PHP Jabbers Post Comment 2.0

PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."

7.5
2008-10-23 CVE-2008-4718 X7 Group Path Traversal vulnerability in X7 Group X7 Chat

Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156.

7.5
2008-10-23 CVE-2008-4717 Zeeways SQL Injection vulnerability in Zeeways Zeelyrics 2.0

SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.

7.5
2008-10-23 CVE-2008-4716 Scriptdemo SQL Injection vulnerability in Scriptdemo PHP-Lance 1.52

SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2008-10-23 CVE-2008-4715 Jpad Project SQL Injection vulnerability in Jpad Project Jpad 1.0

SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.

7.5
2008-10-23 CVE-2008-4714 Atomic Photo Album Improper Authentication vulnerability in Atomic Photo Album Atomic Photo Album 1.1.0

Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password cookies, which probably allows remote attackers to bypass authentication and gain administrative access via modified cookies.

7.5
2008-10-23 CVE-2008-4713 212Cafe SQL Injection vulnerability in 212Cafe 212Cafeboard 0.07

SQL injection vulnerability in view.php in 212cafe Board 0.07 allows remote attackers to execute arbitrary SQL commands via the qID parameter.

7.5
2008-10-23 CVE-2008-4709 Pilot Group SQL Injection vulnerability in Pilot Group Etraining

SQL injection vulnerability in news_read.php in Pilot Group (PG) eTraining allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-10-23 CVE-2008-4708 Sylvain Pasquet Improper Authentication vulnerability in Sylvain Pasquet Bbzl.PHP 0.92

BbZL.PhP 0.92 allows remote attackers to bypass authentication and gain administrative access by setting the phorum_admin_session cookie to 1.

7.5
2008-10-23 CVE-2008-4706 Vbulletin SQL Injection vulnerability in Vbulletin Vbgooglemap 1.0.3

SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a vBulletin module, allows remote attackers to execute arbitrary SQL commands via the mapid parameter in a showdetails action to (1) vbgooglemaphse.php and (2) mapa.php.

7.5
2008-10-23 CVE-2008-4705 Phponlinedatingsoftware SQL Injection vulnerability in PHPonlinedatingsoftware Myphpdating 1.0

SQL injection vulnerability in success_story.php in php Online Dating Software MyPHPDating allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-10-23 CVE-2008-4703 Bosdev SQL Injection vulnerability in Bosdev Bosnews 4

SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows remote attackers to execute arbitrary SQL commands via the article parameter.

7.5
2008-10-22 CVE-2008-4702 Phpwebgallery Path Traversal vulnerability in PHPwebgallery 1.3.4

Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2008-10-22 CVE-2008-4689 Mantis Improper Authentication vulnerability in Mantis

Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.

7.5
2008-10-22 CVE-2008-4675 Phpcounter SQL Injection vulnerability in PHPcounter

SQL injection vulnerability in index.php in PHPcounter 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.

7.5
2008-10-22 CVE-2008-4667 Arabcms Path Traversal vulnerability in Arabcms 2.0

Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-10-22 CVE-2008-4665 Datingpro SQL Injection vulnerability in Datingpro Matchmaking

SQL injection vulnerability in PG Matchmaking allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) news_read.php and (2) gifts_show.php.

7.5
2008-10-22 CVE-2008-4660 Typo3 SQL Injection vulnerability in Typo3 M1 Intern 1.0.0

SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-10-22 CVE-2008-4659 Typo3 SQL Injection vulnerability in Typo3 Mannschaftsliste

SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-10-22 CVE-2008-4658 Typo3 SQL Injection vulnerability in Typo3 Jobcontrol

SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-10-22 CVE-2008-4657 Typo3 SQL Injection vulnerability in Typo3 Econda Plugin 0.0.1

SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-10-22 CVE-2008-4656 Typo3 SQL Injection vulnerability in Typo3 Frontend Users View 0.1.2/0.1.3

SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-10-22 CVE-2008-4655 Typo3 SQL Injection vulnerability in Typo3 Simplesurvey

SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-10-22 CVE-2008-4653 Xoops SQL Injection vulnerability in Xoops Makale 0.26

SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-10-22 CVE-2008-4650 Mywebland SQL Injection vulnerability in Mywebland Myevent 1.6

SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter.

7.5
2008-10-22 CVE-2008-4649 Elxis Improper Authentication vulnerability in Elxis CMS 2008.1

Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

7.5
2008-10-22 CVE-2008-4647 Sweetcms SQL Injection vulnerability in Sweetcms 1.5.2

SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2008-10-22 CVE-2008-4644 Mywebland Permissions, Privileges, and Access Controls vulnerability in Mywebland Mystats

hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header.

7.5
2008-10-22 CVE-2008-4643 Mywebland SQL Injection vulnerability in Mywebland Mystats

SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter.

7.5
2008-10-21 CVE-2008-4642 Astrospaces SQL Injection vulnerability in Astrospaces 1.1.1

SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.

7.5
2008-10-21 CVE-2008-4628 Mywebland SQL Injection vulnerability in Mywebland Minibloggie 1.0

SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.

7.5
2008-10-21 CVE-2008-4627 Rgallery
Woltlab
SQL Injection vulnerability in Rgallery Plugin 1.09

SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php.

7.5
2008-10-21 CVE-2008-4625 Shiftthis
Wordpress
SQL Injection vulnerability in Shiftthis Shifthis Newsletter

SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.

7.5
2008-10-21 CVE-2008-4623 Martin Diphoorn
Joomla
SQL Injection vulnerability in Martin Diphoorn COM Ds-Syndicate 1.1.1

SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.

7.5
2008-10-21 CVE-2008-4622 Phpfastnews Improper Authentication vulnerability in PHPfastnews 1.0.0

The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1.

7.5
2008-10-21 CVE-2008-4621 Zeescripts SQL Injection vulnerability in Zeescripts Zeeproperty

SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproperty allows remote attackers to execute arbitrary SQL commands via the adid parameter.

7.5
2008-10-21 CVE-2008-4620 Mrbs SQL Injection vulnerability in Mrbs

SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.

7.5
2008-10-20 CVE-2008-4617 Pyxicom
Joomla
Mambo Foundation
SQL Injection vulnerability in Pyxicom Actualite 1.0

SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-10-20 CVE-2008-4614 Portalapp Improper Authentication vulnerability in Portalapp 4.0

PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies.

7.5
2008-10-20 CVE-2008-4613 Portalapp SQL Injection vulnerability in Portalapp 4.0

SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitrary SQL commands via the sortby parameter.

7.5
2008-10-20 CVE-2008-4611 PHP Arsivimiz SQL Injection vulnerability in PHP Arsivimiz PHP Ziyaretci Defteri

SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretci Defteri allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.

7.5
2008-10-20 CVE-2008-4609 BSD
Bsdi
Cisco
Dragonflybsd
Freebsd
Linux
Microsoft
Midnightbsd
Netbsd
Openbsd
Trustedbsd
Configuration vulnerability in multiple products

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

7.1

60 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-10-24 CVE-2008-4739 Plugspace Path Traversal vulnerability in Plugspace 0.1

Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-10-24 CVE-2008-4729 Hummingbird Buffer Errors vulnerability in Hummingbird Exceed and Exceed Powersuite

Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX control (hclxweb.dll) in Hummingbird Xweb ActiveX Control 13.0 and earlier allows remote attackers to execute arbitrary code via a long PlainTextPassword property.

6.8
2008-10-23 CVE-2008-4712 Lnblog Path Traversal vulnerability in Lnblog 0.8.0/0.8.1/0.8.2

Directory traversal vulnerability in pages/showblog.php in LnBlog 0.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-10-23 CVE-2008-4711 Joovili SQL Injection vulnerability in Joovili 2.1/3.0.6

SQL injection vulnerability in Joovili 3.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.blog.php, (2) view.event.php, (3) view.group.php, (4) view.music.php, (5) view.picture.php, and (6) view.video.php.

6.8
2008-10-22 CVE-2008-4701 Liberiacms SQL Injection vulnerability in Liberiacms Liberia CMS 1.00/1.10/1.11

SQL injection vulnerability in admin.php in Libera CMS 1.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_user cookie parameter, a different vector than CVE-2008-4700.

6.8
2008-10-22 CVE-2008-4700 Liberiacms SQL Injection vulnerability in Liberiacms Liberia CMS 1.00/1.10/1.11

SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_pass cookie parameter.

6.8
2008-10-22 CVE-2008-4679 IBM Improper Authentication vulnerability in IBM Websphere Application Server

The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate.

6.8
2008-10-22 CVE-2008-4676 Citrix Permissions, Privileges, and Access Controls vulnerability in Citrix Access Essentials, Presentation Server and Xenapp

Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file.

6.8
2008-10-22 CVE-2008-4674 Conkurent SQL Injection vulnerability in Conkurent Real Estate Manager

SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in browse mode.

6.8
2008-10-22 CVE-2008-4666 Deeserver SQL Injection vulnerability in Deeserver Ultimate Webboard 3.00

SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00 allows remote attackers to execute arbitrary SQL commands via the Category parameter.

6.8
2008-10-22 CVE-2008-4662 Lokicms Path Traversal vulnerability in Lokicms 0.3.4

Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-10-21 CVE-2008-4632 Kure Path Traversal vulnerability in Kure 0.6.3

Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a ..

6.8
2008-10-21 CVE-2008-4626 Zirkon BOX Path Traversal vulnerability in Zirkon BOX Yappa-Ng 2.3.2

Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-10-22 CVE-2008-4651 Jetbox SQL Injection vulnerability in Jetbox CMS 2.1

Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php.

6.0
2008-10-21 CVE-2008-4633 Drupal SQL Injection vulnerability in Drupal Node Clone

SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote."

6.0
2008-10-23 CVE-2008-4698 Opera Permissions, Privileges, and Access Controls vulnerability in Opera Browser

Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds.

5.8
2008-10-23 CVE-2008-4707 Sylvain Pasquet Path Traversal vulnerability in Sylvain Pasquet Bbzl PHP 0.92

Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows remote attackers to access unauthorized directories via a ..

5.0
2008-10-22 CVE-2008-4693 IBM Information Exposure vulnerability in IBM DB2

The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES."

5.0
2008-10-22 CVE-2008-4691 IBM Denial-Of-Service vulnerability in IBM DB2 8.2/9.1

Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors.

5.0
2008-10-22 CVE-2008-4688 Mantis Information Exposure vulnerability in Mantis

core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.

5.0
2008-10-22 CVE-2008-4685 Wireshark Resource Management Errors vulnerability in Wireshark

Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.

5.0
2008-10-22 CVE-2008-4683 Wireshark Resource Management Errors vulnerability in Wireshark

The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call.

5.0
2008-10-22 CVE-2008-4682 Wireshark Improper Input Validation vulnerability in Wireshark

wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.

5.0
2008-10-21 CVE-2008-4635 Hisanaga Electric CO
Xoops
Information Exposure vulnerability in Hisanaga Electric CO Hisa Cart

Unspecified vulnerability in Hisanaga Electric Co, Ltd.

5.0
2008-10-20 CVE-2008-4616 THE Spanner
Wordpress
Improper Input Validation vulnerability in multiple products

The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key.

5.0
2008-10-20 CVE-2008-4610 Mplayer Resource Management Errors vulnerability in Mplayer

MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.

5.0
2008-10-20 CVE-2008-3831 Linux
Debian
Openbsd
Resource Management Errors vulnerability in Linux Kernel 2.6.24

The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration.

4.7
2008-10-21 CVE-2008-4639 Sentex Unspecified vulnerability in Sentex Jhead

jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

4.6
2008-10-21 CVE-2008-4638 Symantec Information Exposure vulnerability in Symantec Veritas File System 5.0/Unknown

qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message.

4.6
2008-10-21 CVE-2008-3248 Symantec Information Exposure vulnerability in Symantec Veritas File System 5.0/Unknown

qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating and then reading files.

4.6
2008-10-24 CVE-2008-4737 Noc2 Cross-Site Scripting vulnerability in Noc2 Whodomlite 1.1.3

Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the dom parameter.

4.3
2008-10-24 CVE-2008-4733 Pressography
Wordpress
Cross-Site Scripting vulnerability in Pressography WP Comment Remix Plugin 1.4

Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) replytotext, (2) quotetext, (3) originallypostedby, (4) sep, (5) maxtags, (6) tagsep, (7) tagheadersep, (8) taglabel, and (9) tagheaderlabel parameters.

4.3
2008-10-24 CVE-2008-4730 Phpmyid Cross-Site Scripting vulnerability in PHPmyid 0.9

Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_trust_root parameter and an inconsistent openid_return_to parameter, which is not properly handled in an error message.

4.3
2008-10-24 CVE-2008-4727 Sungard Cross-Site Scripting vulnerability in Sungard Banner Student 7.3

Cross-site scripting (XSS) vulnerability in the contact update page (ss/bwgkoemr.P_UpdateEmrgContacts) in SunGard Banner Student 7.3 allows remote attackers to inject arbitrary web script or HTML via the addr1 parameter.

4.3
2008-10-23 CVE-2008-4725 Opera Cross-Site Scripting vulnerability in Opera Browser 9.52

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696.

4.3
2008-10-23 CVE-2008-4724 Google Cross-Site Scripting vulnerability in Google Chrome 0.2.149.30

Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file.

4.3
2008-10-23 CVE-2008-4723 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox 3.0.1/3.0.2/3.0.3

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 3.0.1 through 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file.

4.3
2008-10-23 CVE-2008-4697 Opera Cross-Site Scripting vulnerability in Opera Browser

The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

4.3
2008-10-23 CVE-2008-4696 Opera Cross-Site Scripting vulnerability in Opera

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).

4.3
2008-10-23 CVE-2008-3815 Cisco Improper Authentication vulnerability in Cisco ASA 5500 and PIX

Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors.

4.3
2008-10-23 CVE-2007-4349 HP Denial of Service vulnerability in HP OpenView Products Shared Trace Service RPC Request Handling

The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference.

4.3
2008-10-23 CVE-2008-4710 Drupal Cross-Site Scripting vulnerability in Drupal Stock Module 6X

Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-10-22 CVE-2008-4684 Wireshark Resource Management Errors vulnerability in Wireshark

packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector.

4.3
2008-10-22 CVE-2008-4681 Wireshark Improper Input Validation vulnerability in Wireshark

Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.

4.3
2008-10-22 CVE-2008-4680 Wireshark Resource Management Errors vulnerability in Wireshark

packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB).

4.3
2008-10-22 CVE-2008-4677 VIM Credentials Management vulnerability in VIM Netrw

autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords.

4.3
2008-10-22 CVE-2008-4672 Goodlyrics Cross-Site Scripting vulnerability in Goodlyrics Lyrics Script

Cross-site scripting (XSS) vulnerability in search_results.php in buymyscripts Lyrics Script allows remote attackers to inject arbitrary web script or HTML via the k parameter.

4.3
2008-10-22 CVE-2008-4671 Wordpress Cross-Site Scripting vulnerability in Wordpress MU

Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters.

4.3
2008-10-22 CVE-2008-4670 ED Putal Cross-Site Scripting vulnerability in ED Putal Clickbank Portal

Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol Clickbank Portal allows remote attackers to inject arbitrary web script or HTML via the search box.

4.3
2008-10-22 CVE-2008-4669 DAN Fletcher Cross-Site Scripting vulnerability in DAN Fletcher Recipe Script

Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher Recipe Script allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

4.3
2008-10-22 CVE-2008-4663 Kumacchi Cross-Site Scripting vulnerability in Kumacchi KS CGI Access LOG 1.44

Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used in K's CGI Access Log Kaiseki (1) jcode.pl and (2) Jcode.pm, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-10-22 CVE-2008-4661 Typo3 Cross-Site Scripting vulnerability in Typo3 Page Improvements

Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-10-22 CVE-2008-4648 Elxis Cross-Site Scripting vulnerability in Elxis CMS 2008.1

Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS 2008.1 revision 2204 allows remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or the (2) option, (3) Itemid, (4) id, (5) task, (6) bid, and (7) contact_id parameters.

4.3
2008-10-21 CVE-2008-4637 Cpcommerce Cross-Site Scripting vulnerability in Cpcommerce

Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature.

4.3
2008-10-21 CVE-2008-4121 Cpcommerce Cross-Site Scripting vulnerability in Cpcommerce

Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to sendtofriend.php.

4.3
2008-10-21 CVE-2007-4350 HP Cross-Site Scripting vulnerability in HP Sitescope 9.0

Cross-site scripting (XSS) vulnerability in the management interface in HP SiteScope 9.0 build 911 allows remote attackers to inject arbitrary web script or HTML via an SNMP trap message.

4.3
2008-10-21 CVE-2008-4629 Usagi Cross-Site Scripting vulnerability in Usagi Mynets

Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-10-21 CVE-2008-1547 Microsoft Open Redirect vulnerability in Microsoft Exchange Server 2003

Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.

4.3
2008-10-20 CVE-2008-4612 Portalapp Cross-Site Scripting vulnerability in Portalapp 4.0

Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp and (2) content.asp.

4.3
2008-10-20 CVE-2007-6718 Mplayer Denial-Of-Service vulnerability in MPlayer

MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-10-21 CVE-2008-4640 Sentex Improper Input Validation vulnerability in Sentex Jhead

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character.

3.6
2008-10-21 CVE-2008-4634 SIX Apart Cross-Site Scripting vulnerability in SIX Apart Movable Type 4/4.20

Cross-site scripting (XSS) vulnerability in Movable Type 4 through 4.21 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the administrative page, a different vulnerability than CVE-2008-4079.

3.5
2008-10-22 CVE-2008-4646 Websense Credentials Management vulnerability in Websense Enterpise 6.3.2

The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database.

2.1