Weekly Vulnerabilities Reports > October 27 to November 2, 2008
Overview
93 new vulnerabilities reported during this period, including 22 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 80 products from 69 vendors including IBM, Drupal, Ffmpeg, Mplayer, and Microsoft. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Path Traversal", and "Permissions, Privileges, and Access Controls".
- 86 reported vulnerabilities are remotely exploitables.
- 37 reported vulnerabilities have public exploit available.
- 50 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 85 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Ffmpeg has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
22 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-11-01 | CVE-2008-4873 | Sepal | Remote Command Execution vulnerability in Sepal Spboard 4.5 board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action. | 10.0 |
| 2008-11-01 | CVE-2008-4869 | Ffmpeg Mplayer | Resource Management Errors vulnerability in Ffmpeg FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak." | 10.0 |
| 2008-11-01 | CVE-2008-4868 | Ffmpeg Mplayer | Remote Security vulnerability in FFmpeg Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers." | 10.0 |
| 2008-11-01 | CVE-2008-4867 | Ffmpeg Mplayer | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value. | 10.0 |
| 2008-11-01 | CVE-2008-4866 | Ffmpeg Mplayer | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY. | 10.0 |
| 2008-10-31 | CVE-2008-4809 | IBM | Remote vulnerability in IBM Lotus Connections 2.0 Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to "Active" content. | 10.0 |
| 2008-10-31 | CVE-2008-4801 | IBM | Buffer Errors vulnerability in IBM products Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port. | 10.0 |
| 2008-10-30 | CVE-2008-4796 | Snoopy Project Debian Nagios Wordpress | OS Command Injection vulnerability in multiple products The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. | 10.0 |
| 2008-10-29 | CVE-2008-4779 | Tguzip | Buffer Errors vulnerability in Tguzip 3.5.5.0.0 Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file. | 10.0 |
| 2008-10-31 | CVE-2007-6432 | Adobe | Buffer Errors vulnerability in Adobe Pagemaker 7.0.1/7.0.2 Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a malformed .PMD file, related to "Key Strings," a different vulnerability than CVE-2007-5169 and CVE-2007-5394. | 9.3 |
| 2008-10-30 | CVE-2008-4798 | Webgui | Code Injection vulnerability in Webgui The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL. | 9.3 |
| 2008-10-30 | CVE-2008-4794 | Opera | Improper Input Validation vulnerability in Opera Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696. | 9.3 |
| 2008-10-30 | CVE-2008-2238 | Openoffice | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openoffice Openoffice.Org Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow. | 9.3 |
| 2008-10-30 | CVE-2008-2237 | Openoffice | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openoffice Openoffice.Org Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document. | 9.3 |
| 2008-10-30 | CVE-2007-6021 | Adobe | Buffer Errors vulnerability in Adobe Pagemaker 7.0.1/7.0.2 Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure. | 9.3 |
| 2008-10-30 | CVE-2007-5394 | Adobe | Buffer Errors vulnerability in Adobe Pagemaker 7.0.1/7.0.2 Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure, a different vulnerability than CVE-2007-5169 and CVE-2007-6432. | 9.3 |
| 2008-10-28 | CVE-2008-4771 | 4Xem D Link Vivotek | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property. | 9.3 |
| 2008-10-28 | CVE-2008-4769 | Wordpress | Path Traversal vulnerability in Wordpress Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. | 9.3 |
| 2008-10-27 | CVE-2008-4750 | Dbsoftlab | Buffer Errors vulnerability in Dbsoftlab Vimp X 4.8.8 Stack-based buffer overflow in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allows remote attackers to execute arbitrary code via a long LogFile property. | 9.3 |
| 2008-10-27 | CVE-2008-4749 | DB Soft LAB | File Corruption vulnerability in DB Soft LAB Vimp X 4.8.8.0 Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files via (1) the LogFile property and ClearLogFile method, and (2) the SaveToFile method. | 9.3 |
| 2008-10-28 | CVE-2008-4767 | Phpnuke PHP Nuke | Improper Input Validation vulnerability in PHP-Nuke Downloadsplus Module Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. | 9.0 |
| 2008-10-28 | CVE-2008-4762 | Freesshd | Buffer Errors vulnerability in Freesshd 1.2.1 Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters. | 9.0 |
28 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-11-01 | CVE-2008-4878 | Mywebcards | Improper Input Validation vulnerability in Mywebcards Webcards Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file. | 8.5 |
| 2008-10-27 | CVE-2008-4748 | Kvirc | Improper Input Validation vulnerability in Kvirc 3.4.0 Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI. | 7.6 |
| 2008-11-01 | CVE-2008-4864 | Python | Integer Overflow or Wraparound vulnerability in Python Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. | 7.5 |
| 2008-10-31 | CVE-2008-4811 | Smarty | Permissions, Privileges, and Access Controls vulnerability in Smarty The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character. | 7.5 |
| 2008-10-31 | CVE-2008-4810 | Smarty | Code Injection vulnerability in Smarty The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions. | 7.5 |
| 2008-10-31 | CVE-2008-4806 | IBM | SQL Injection vulnerability in IBM Lotus Connections Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. | 7.5 |
| 2008-10-31 | CVE-2008-4804 | Nukedgallery Phpnuke | SQL Injection vulnerability in Nukedgallery Gallery SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. | 7.5 |
| 2008-10-29 | CVE-2008-4793 | Drupal | Permissions, Privileges, and Access Controls vulnerability in Drupal The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules. | 7.5 |
| 2008-10-29 | CVE-2008-4786 | E107 | SQL Injection vulnerability in E107 Easyshop Plugin SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | 7.5 |
| 2008-10-29 | CVE-2008-4785 | E107 | SQL Injection vulnerability in E107 Alternate Profiles Plugin 0.2 SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-10-29 | CVE-2008-4784 | Aflog | Improper Authentication vulnerability in Aflog 1.01 aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php. | 7.5 |
| 2008-10-29 | CVE-2008-4783 | Easy Script | Improper Authentication vulnerability in Easy-Script Tlads 1.0 tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to "admin." | 7.5 |
| 2008-10-29 | CVE-2008-4782 | Aiocp | SQL Injection vulnerability in Aiocp 1.4.000/1.4.001 SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter. | 7.5 |
| 2008-10-29 | CVE-2008-4781 | Easy Script | Path Traversal vulnerability in Easy-Script Myktools 2.4 Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2008-10-29 | CVE-2008-4778 | Dream4 | SQL Injection vulnerability in Dream4 Koobi CMS 4.3.0 SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action. | 7.5 |
| 2008-10-29 | CVE-2008-4777 | Joomla Mambo | SQL Injection vulnerability in Joomla COM LMS SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task. | 7.5 |
| 2008-10-28 | CVE-2008-4772 | Questwork | SQL Injection vulnerability in Questwork Questcms SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter. | 7.5 |
| 2008-10-28 | CVE-2008-4768 | TLM CMS | SQL Injection vulnerability in TLM CMS TLM CMS 3.1 SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to execute arbitrary SQL commands via the nom parameter to a-b-membres.php. | 7.5 |
| 2008-10-28 | CVE-2008-4766 | O2Php | SQL Injection vulnerability in O2PHP Oxygen Bulletin Board SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to execute arbitrary SQL commands via the member parameter. | 7.5 |
| 2008-10-28 | CVE-2008-4765 | Oscommerce | SQL Injection vulnerability in Oscommerce Poll Booth 2.0 SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. | 7.5 |
| 2008-10-28 | CVE-2008-4757 | PHP Daily | SQL Injection vulnerability in PHP-Daily Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d) prest_detail.php. | 7.5 |
| 2008-10-28 | CVE-2008-4755 | Pozscripts | SQL Injection vulnerability in Pozscripts Classified Auctions Script SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-10-27 | CVE-2008-4753 | AJ Square INC | SQL Injection vulnerability in AJ Square INC RSS Reader SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter. | 7.5 |
| 2008-10-27 | CVE-2008-4752 | Tech Logic | Improper Authentication vulnerability in Tech Logic Tlnews 2.2 TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin. | 7.5 |
| 2008-10-27 | CVE-2008-4746 | Uniwin | SQL Injection vulnerability in Uniwin Ecart Professional 2.0.17 Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) search.asp and (2) cartUtil.asp. | 7.5 |
| 2008-10-27 | CVE-2008-4744 | Dxproscripts | SQL Injection vulnerability in Dxproscripts Dxshopcart 4.30Mc SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc allows remote attackers to execute arbitrary SQL commands via the pid parameter. | 7.5 |
| 2008-10-27 | CVE-2008-4743 | Quidascript | SQL Injection vulnerability in Quidascript FAQ Management Script SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
| 2008-11-01 | CVE-2008-4865 | Valgrind | Local Security vulnerability in Valgrind Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. | 7.2 |
39 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-11-01 | CVE-2008-4863 | Blender | Unspecified vulnerability in Blender 2.46 Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. | 6.9 |
| 2008-11-01 | CVE-2008-4877 | Mywebcards | SQL Injection vulnerability in Mywebcards Webcards SQL injection vulnerability in admin.php in WebCards 1.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. | 6.8 |
| 2008-11-01 | CVE-2008-4875 | Philips Electronics | Path Traversal vulnerability in Philips Electronics Voip841 Dect Phone 1.0.4.48/1.0.4.50 Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. | 6.8 |
| 2008-10-29 | CVE-2008-4780 | Easy Script | Path Traversal vulnerability in Easy-Script Myforum 1.3 Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter. | 6.8 |
| 2008-10-28 | CVE-2008-4760 | Graphiks | SQL Injection vulnerability in Graphiks Myforum 1.3 SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.8 |
| 2008-10-29 | CVE-2008-4792 | Drupal | Permissions, Privileges, and Access Controls vulnerability in Drupal The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values. | 6.0 |
| 2008-10-29 | CVE-2008-4791 | Drupal | Permissions, Privileges, and Access Controls vulnerability in Drupal The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors. | 6.0 |
| 2008-10-29 | CVE-2008-4790 | Drupal | Permissions, Privileges, and Access Controls vulnerability in Drupal The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors. | 6.0 |
| 2008-10-29 | CVE-2008-4789 | Drupal | Permissions, Privileges, and Access Controls vulnerability in Drupal The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error." | 6.0 |
| 2008-10-29 | CVE-2008-4787 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6 Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many (Non-Blocking Space character) sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related issue to CVE-2003-1025. | 5.8 |
| 2008-10-27 | CVE-2008-4754 | Scripts FOR Sites | SQL Injection vulnerability in Scripts-For-Sites EZ Forum SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter. | 5.8 |
| 2008-10-27 | CVE-2008-4740 | Tinycms | Path Traversal vulnerability in Tinycms 1.1.2 Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 5.1 |
| 2008-11-01 | CVE-2008-4874 | Philips Electronics | Credentials Management vulnerability in Philips Electronics Voip841 Dect Phone 1.0.4.48/1.0.4.50 The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access. | 5.0 |
| 2008-10-31 | CVE-2008-4808 | IBM | Information Exposure vulnerability in IBM Lotus Connections IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. | 5.0 |
| 2008-10-31 | CVE-2008-4800 | Microsoft | Resource Management Errors vulnerability in Microsoft Debug Diagnostic Tool The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread method. | 5.0 |
| 2008-10-30 | CVE-2008-4797 | Arihiro Kurta | Path Traversal vulnerability in Arihiro Kurta Kantan web Server Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server 1.8 and earlier allows remote attackers to read arbitrary files via unknown vectors. | 5.0 |
| 2008-10-29 | CVE-2008-4788 | Microsoft | Remote Security vulnerability in Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to spoof example.com, aka MSRC ticket MSRC7900. | 5.0 |
| 2008-10-28 | CVE-2008-4773 | Questwork | Path Traversal vulnerability in Questwork Questcms Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. | 5.0 |
| 2008-10-28 | CVE-2008-4764 | Extplorer Joomla | Path Traversal vulnerability in Extplorer COM Extplorer 2.0.0 Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2008-10-28 | CVE-2008-4759 | Buzzscripts | Path Traversal vulnerability in Buzzscripts Buzzywall 1.3.1 Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. | 5.0 |
| 2008-10-28 | CVE-2008-4758 | PHP Daily | Path Traversal vulnerability in PHP-Daily Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. | 5.0 |
| 2008-10-27 | CVE-2008-4741 | FAR PHP | Path Traversal vulnerability in Far-PHP 1.00 Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2008-10-27 | CVE-2006-7234 | Lynx | Local Code Execution vulnerability in Lynx '.mailcap' and '.mime.type' Files Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory. | 4.6 |
| 2008-11-01 | CVE-2008-4876 | Philips Electronics | Cross-Site Scripting vulnerability in Philips Electronics Voip841 Dect Phone 1.0.4.48/1.0.4.50 Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page. | 4.3 |
| 2008-11-01 | CVE-2008-4872 | Itechscripts | Cross-Site Scripting vulnerability in Itechscripts Itechbids 5.0 Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. | 4.3 |
| 2008-11-01 | CVE-2008-4871 | MY Little Forum | Cross-Site Scripting vulnerability in MY Little Forum MY Little Forum 1.75/2.0 Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2.0 Beta 23 allows remote attackers to inject arbitrary web script or HTML via BBcode IMG tags. | 4.3 |
| 2008-10-31 | CVE-2008-4805 | IBM | Cross-Site Scripting vulnerability in IBM Lotus Connections Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (8) Global Search components. | 4.3 |
| 2008-10-31 | CVE-2008-4803 | Simple PHP Scripts | Cross-Site Scripting vulnerability in Simple PHP Scripts Gallery 0.1/0.3/0.4 Cross-site scripting (XSS) vulnerability in index.php in Simple PHP Scripts gallery 0.1, 0.3, and 0.4 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. | 4.3 |
| 2008-10-31 | CVE-2008-4802 | Simple PHP Scripts | Cross-Site Scripting vulnerability in Simple PHP Scripts Blog 0.3 Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP Scripts blog 0.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
| 2008-10-31 | CVE-2008-4799 | Netpbm | Numeric Errors vulnerability in Netpbm pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read. | 4.3 |
| 2008-10-30 | CVE-2008-4795 | Opera | Cross-Site Scripting vulnerability in Opera The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks. | 4.3 |
| 2008-10-28 | CVE-2008-4776 | Wojtek Kaniewsk | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wojtek Kaniewsk Libgadu libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read. | 4.3 |
| 2008-10-28 | CVE-2008-4774 | Questwork | Cross-Site Scripting vulnerability in Questwork Questcms Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter. | 4.3 |
| 2008-10-28 | CVE-2008-4763 | Wikidsystems | Cross-Site Scripting vulnerability in Wikidsystems Wclient-PHP 3.01 Multiple cross-site scripting (XSS) vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHP_SELF variable. | 4.3 |
| 2008-10-28 | CVE-2008-4761 | Kayako | Cross-Site Scripting vulnerability in Kayako Esupport 3.20.2 Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. | 4.3 |
| 2008-10-28 | CVE-2008-4756 | PHP Daily | Cross-Site Scripting vulnerability in PHP-Daily Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter. | 4.3 |
| 2008-10-27 | CVE-2008-4751 | Epistream | Cross-Site Scripting vulnerability in Epistream Ipei Guestbook 2.0 Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597. | 4.3 |
| 2008-10-27 | CVE-2008-4745 | Uniwin | Cross-Site Scripting vulnerability in Uniwin Ecart Professional 2.0.17 Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin eCart Professional 2.0.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-10-27 | CVE-2008-4742 | Timetrex | Cross-Site Scripting vulnerability in Timetrex 2.2.11 Multiple cross-site scripting (XSS) vulnerabilities in interface/Login.php in TimeTrex 2.2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) password and (2) user_name parameters. | 4.3 |
4 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-10-28 | CVE-2008-4775 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin 2.11.9.2/3.0.0/3.0.1 Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977. | 2.6 |
| 2008-11-01 | CVE-2008-4870 | Dovecot | Incorrect Permission Assignment for Critical Resource vulnerability in Dovecot 1.0.7 dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value. | 2.1 |
| 2008-10-31 | CVE-2008-4807 | IBM | Credentials Management vulnerability in IBM Lotus Connections IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. | 2.1 |
| 2008-10-27 | CVE-2008-4747 | SUN | Information Exposure vulnerability in SUN Java Access Manager 6/7/7.1 Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library. | 2.1 |