Weekly Vulnerabilities Reports > October 27 to November 2, 2008

Overview

94 new vulnerabilities reported during this period, including 22 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 80 products from 69 vendors including IBM, Drupal, Ffmpeg, Mplayer, and Microsoft. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Path Traversal", and "Permissions, Privileges, and Access Controls".

  • 87 reported vulnerabilities are remotely exploitables.
  • 37 reported vulnerabilities have public exploit available.
  • 49 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 86 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Ffmpeg has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

22 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-11-01 CVE-2008-4873 Sepal Remote Command Execution vulnerability in Sepal Spboard 4.5

board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.

10.0
2008-11-01 CVE-2008-4869 Ffmpeg
Mplayer
Resource Management Errors vulnerability in Ffmpeg

FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak."

10.0
2008-11-01 CVE-2008-4868 Ffmpeg
Mplayer
Remote Security vulnerability in FFmpeg

Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers."

10.0
2008-11-01 CVE-2008-4867 Ffmpeg
Mplayer
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.

10.0
2008-11-01 CVE-2008-4866 Ffmpeg
Mplayer
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY.

10.0
2008-10-31 CVE-2008-4809 IBM Remote vulnerability in IBM Lotus Connections 2.0

Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to "Active" content.

10.0
2008-10-31 CVE-2008-4801 IBM Buffer Errors vulnerability in IBM products

Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port.

10.0
2008-10-30 CVE-2008-4796 Andrei Zmievski Code Injection vulnerability in Andrei Zmievski Snoopy

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.

10.0
2008-10-29 CVE-2008-4779 Tguzip Buffer Errors vulnerability in Tguzip 3.5.5.0.0

Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file.

10.0
2008-10-31 CVE-2007-6432 Adobe Buffer Errors vulnerability in Adobe Pagemaker 7.0.1/7.0.2

Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a malformed .PMD file, related to "Key Strings," a different vulnerability than CVE-2007-5169 and CVE-2007-5394.

9.3
2008-10-30 CVE-2008-4798 Webgui Code Injection vulnerability in Webgui

The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL.

9.3
2008-10-30 CVE-2008-4794 Opera Improper Input Validation vulnerability in Opera

Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.

9.3
2008-10-30 CVE-2008-2238 Openoffice Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openoffice Openoffice.Org

Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.

9.3
2008-10-30 CVE-2008-2237 Openoffice Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openoffice Openoffice.Org

Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document.

9.3
2008-10-30 CVE-2007-6021 Adobe Buffer Errors vulnerability in Adobe Pagemaker 7.0.1/7.0.2

Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure.

9.3
2008-10-30 CVE-2007-5394 Adobe Buffer Errors vulnerability in Adobe Pagemaker 7.0.1/7.0.2

Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure, a different vulnerability than CVE-2007-5169 and CVE-2007-6432.

9.3
2008-10-28 CVE-2008-4771 4Xem
D Link
Vivotek
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property.

9.3
2008-10-28 CVE-2008-4769 Wordpress Path Traversal vulnerability in Wordpress

Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php.

9.3
2008-10-27 CVE-2008-4750 Dbsoftlab Buffer Errors vulnerability in Dbsoftlab Vimp X 4.8.8

Stack-based buffer overflow in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allows remote attackers to execute arbitrary code via a long LogFile property.

9.3
2008-10-27 CVE-2008-4749 DB Soft LAB File Corruption vulnerability in DB Soft LAB Vimp X 4.8.8.0

Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files via (1) the LogFile property and ClearLogFile method, and (2) the SaveToFile method.

9.3
2008-10-28 CVE-2008-4767 Phpnuke
PHP Nuke
Improper Input Validation vulnerability in PHP-Nuke Downloadsplus Module

Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file.

9.0
2008-10-28 CVE-2008-4762 Freesshd Buffer Errors vulnerability in Freesshd 1.2.1

Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters.

9.0

28 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-11-01 CVE-2008-4878 Mywebcards Improper Input Validation vulnerability in Mywebcards Webcards

Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file.

8.5
2008-10-27 CVE-2008-4748 Kvirc Improper Input Validation vulnerability in Kvirc 3.4.0

Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI.

7.6
2008-11-01 CVE-2008-4864 Python Software Foundation Numeric Errors vulnerability in Python Software Foundation Python

Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.

7.5
2008-10-31 CVE-2008-4811 Smarty Permissions, Privileges, and Access Controls vulnerability in Smarty

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.

7.5
2008-10-31 CVE-2008-4810 Smarty Code Injection vulnerability in Smarty

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions.

7.5
2008-10-31 CVE-2008-4806 IBM SQL Injection vulnerability in IBM Lotus Connections

Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components.

7.5
2008-10-31 CVE-2008-4804 Nukedgallery
Phpnuke
SQL Injection vulnerability in Nukedgallery Gallery

SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php.

7.5
2008-10-29 CVE-2008-4793 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal

The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.

7.5
2008-10-29 CVE-2008-4786 E107 SQL Injection vulnerability in E107 Easyshop Plugin

SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

7.5
2008-10-29 CVE-2008-4785 E107 SQL Injection vulnerability in E107 Alternate Profiles Plugin 0.2

SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-10-29 CVE-2008-4784 Aflog Improper Authentication vulnerability in Aflog 1.01

aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php.

7.5
2008-10-29 CVE-2008-4783 Easy Script Improper Authentication vulnerability in Easy-Script Tlads 1.0

tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to "admin."

7.5
2008-10-29 CVE-2008-4782 Aiocp SQL Injection vulnerability in Aiocp 1.4.000/1.4.001

SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.

7.5
2008-10-29 CVE-2008-4781 Easy Script Path Traversal vulnerability in Easy-Script Myktools 2.4

Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2008-10-29 CVE-2008-4778 Dream4 SQL Injection vulnerability in Dream4 Koobi CMS 4.3.0

SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action.

7.5
2008-10-29 CVE-2008-4777 Joomla
Mambo
SQL Injection vulnerability in Joomla COM LMS

SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.

7.5
2008-10-28 CVE-2008-4772 Questwork SQL Injection vulnerability in Questwork Questcms

SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter.

7.5
2008-10-28 CVE-2008-4768 TLM CMS SQL Injection vulnerability in TLM CMS TLM CMS 3.1

SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to execute arbitrary SQL commands via the nom parameter to a-b-membres.php.

7.5
2008-10-28 CVE-2008-4766 O2Php SQL Injection vulnerability in O2PHP Oxygen Bulletin Board

SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to execute arbitrary SQL commands via the member parameter.

7.5
2008-10-28 CVE-2008-4765 Oscommerce SQL Injection vulnerability in Oscommerce Poll Booth 2.0

SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation.

7.5
2008-10-28 CVE-2008-4757 PHP Daily SQL Injection vulnerability in PHP-Daily

Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d) prest_detail.php.

7.5
2008-10-28 CVE-2008-4755 Pozscripts SQL Injection vulnerability in Pozscripts Classified Auctions Script

SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-10-27 CVE-2008-4753 AJ Square INC SQL Injection vulnerability in AJ Square INC RSS Reader

SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter.

7.5
2008-10-27 CVE-2008-4752 Tech Logic Improper Authentication vulnerability in Tech Logic Tlnews 2.2

TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin.

7.5
2008-10-27 CVE-2008-4746 Uniwin SQL Injection vulnerability in Uniwin Ecart Professional 2.0.17

Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) search.asp and (2) cartUtil.asp.

7.5
2008-10-27 CVE-2008-4744 Dxproscripts SQL Injection vulnerability in Dxproscripts Dxshopcart 4.30Mc

SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc allows remote attackers to execute arbitrary SQL commands via the pid parameter.

7.5
2008-10-27 CVE-2008-4743 Quidascript SQL Injection vulnerability in Quidascript FAQ Management Script

SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2008-11-01 CVE-2008-4865 Valgrind Local Security vulnerability in Valgrind

Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options.

7.2

40 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-11-01 CVE-2008-4863 Blender Unspecified vulnerability in Blender 2.46

Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.

6.9
2008-11-01 CVE-2008-4877 Mywebcards SQL Injection vulnerability in Mywebcards Webcards

SQL injection vulnerability in admin.php in WebCards 1.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter.

6.8
2008-11-01 CVE-2008-4875 Philips Electronics Path Traversal vulnerability in Philips Electronics Voip841 Dect Phone 1.0.4.48/1.0.4.50

Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a ..

6.8
2008-10-29 CVE-2008-4780 Easy Script Path Traversal vulnerability in Easy-Script Myforum 1.3

Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter.

6.8
2008-10-28 CVE-2008-4760 Graphiks SQL Injection vulnerability in Graphiks Myforum 1.3

SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

6.8
2008-10-29 CVE-2008-4792 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal

The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.

6.0
2008-10-29 CVE-2008-4791 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal

The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors.

6.0
2008-10-29 CVE-2008-4790 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal

The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.

6.0
2008-10-29 CVE-2008-4789 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal

The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."

6.0
2008-10-29 CVE-2008-4787 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6

Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many   (Non-Blocking Space character) sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related issue to CVE-2003-1025.

5.8
2008-10-27 CVE-2008-4754 Scripts FOR Sites SQL Injection vulnerability in Scripts-For-Sites EZ Forum

SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.

5.8
2008-10-27 CVE-2008-4740 Tinycms Path Traversal vulnerability in Tinycms 1.1.2

Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

5.1
2008-11-01 CVE-2008-4874 Philips Electronics Credentials Management vulnerability in Philips Electronics Voip841 Dect Phone 1.0.4.48/1.0.4.50

The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access.

5.0
2008-10-31 CVE-2008-4309 NET Snmp Improper Input Validation vulnerability in Net-Snmp 5.2.5/5.3.2.2/5.4

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

5.0
2008-10-31 CVE-2008-4808 IBM Information Exposure vulnerability in IBM Lotus Connections

IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors.

5.0
2008-10-31 CVE-2008-4800 Microsoft Resource Management Errors vulnerability in Microsoft Debug Diagnostic Tool

The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread method.

5.0
2008-10-30 CVE-2008-4797 Arihiro Kurta Path Traversal vulnerability in Arihiro Kurta Kantan web Server

Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server 1.8 and earlier allows remote attackers to read arbitrary files via unknown vectors.

5.0
2008-10-29 CVE-2008-4788 Microsoft Remote Security vulnerability in Microsoft Internet Explorer 6

Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to spoof example.com, aka MSRC ticket MSRC7900.

5.0
2008-10-28 CVE-2008-4773 Questwork Path Traversal vulnerability in Questwork Questcms

Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a ..

5.0
2008-10-28 CVE-2008-4764 Extplorer
Joomla
Path Traversal vulnerability in Extplorer COM Extplorer 2.0.0

Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2008-10-28 CVE-2008-4759 Buzzscripts Path Traversal vulnerability in Buzzscripts Buzzywall 1.3.1

Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a ..

5.0
2008-10-28 CVE-2008-4758 PHP Daily Path Traversal vulnerability in PHP-Daily

Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a ..

5.0
2008-10-27 CVE-2008-4741 FAR PHP Path Traversal vulnerability in Far-PHP 1.00

Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..

5.0
2008-10-27 CVE-2006-7234 Lynx Local Code Execution vulnerability in Lynx '.mailcap' and '.mime.type' Files

Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.

4.6
2008-11-01 CVE-2008-4876 Philips Electronics Cross-Site Scripting vulnerability in Philips Electronics Voip841 Dect Phone 1.0.4.48/1.0.4.50

Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page.

4.3
2008-11-01 CVE-2008-4872 Itechscripts Cross-Site Scripting vulnerability in Itechscripts Itechbids 5.0

Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter.

4.3
2008-11-01 CVE-2008-4871 MY Little Forum Cross-Site Scripting vulnerability in MY Little Forum MY Little Forum 1.75/2.0

Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2.0 Beta 23 allows remote attackers to inject arbitrary web script or HTML via BBcode IMG tags.

4.3
2008-10-31 CVE-2008-4805 IBM Cross-Site Scripting vulnerability in IBM Lotus Connections

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (8) Global Search components.

4.3
2008-10-31 CVE-2008-4803 Simple PHP Scripts Cross-Site Scripting vulnerability in Simple PHP Scripts Gallery 0.1/0.3/0.4

Cross-site scripting (XSS) vulnerability in index.php in Simple PHP Scripts gallery 0.1, 0.3, and 0.4 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.

4.3
2008-10-31 CVE-2008-4802 Simple PHP Scripts Cross-Site Scripting vulnerability in Simple PHP Scripts Blog 0.3

Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP Scripts blog 0.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2008-10-31 CVE-2008-4799 Netpbm Numeric Errors vulnerability in Netpbm

pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read.

4.3
2008-10-30 CVE-2008-4795 Opera Cross-Site Scripting vulnerability in Opera

The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.

4.3
2008-10-28 CVE-2008-4776 Wojtek Kaniewsk Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wojtek Kaniewsk Libgadu

libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.

4.3
2008-10-28 CVE-2008-4774 Questwork Cross-Site Scripting vulnerability in Questwork Questcms

Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter.

4.3
2008-10-28 CVE-2008-4763 Wikidsystems Cross-Site Scripting vulnerability in Wikidsystems Wclient-PHP 3.01

Multiple cross-site scripting (XSS) vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHP_SELF variable.

4.3
2008-10-28 CVE-2008-4761 Kayako Cross-Site Scripting vulnerability in Kayako Esupport 3.20.2

Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter.

4.3
2008-10-28 CVE-2008-4756 PHP Daily Cross-Site Scripting vulnerability in PHP-Daily

Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter.

4.3
2008-10-27 CVE-2008-4751 Epistream Cross-Site Scripting vulnerability in Epistream Ipei Guestbook 2.0

Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597.

4.3
2008-10-27 CVE-2008-4745 Uniwin Cross-Site Scripting vulnerability in Uniwin Ecart Professional 2.0.17

Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin eCart Professional 2.0.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-10-27 CVE-2008-4742 Timetrex Cross-Site Scripting vulnerability in Timetrex 2.2.11

Multiple cross-site scripting (XSS) vulnerabilities in interface/Login.php in TimeTrex 2.2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) password and (2) user_name parameters.

4.3

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-10-28 CVE-2008-4775 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin 2.11.9.2/3.0.0/3.0.1

Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977.

2.6
2008-11-01 CVE-2008-4870 Dovecot
RED HAT
Permissions, Privileges, and Access Controls vulnerability in Dovecot 1.0.7

dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.

2.1
2008-10-31 CVE-2008-4807 IBM Credentials Management vulnerability in IBM Lotus Connections

IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file.

2.1
2008-10-27 CVE-2008-4747 SUN Information Exposure vulnerability in SUN Java Access Manager 6/7/7.1

Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library.

2.1