Weekly Vulnerabilities Reports > November 3 to 9, 2008
Overview
125 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 132 products from 92 vendors including Yourfreeworld, Adobe, Debian, MW6 Technologies, and Planetluc. Vulnerabilities are notably categorized as "Link Following", "SQL Injection", "Cross-site Scripting", "Improper Input Validation", and "Permissions, Privileges, and Access Controls".
- 63 reported vulnerabilities are remotely exploitables.
- 31 reported vulnerabilities have public exploit available.
- 34 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 117 reported vulnerabilities are exploitable by an anonymous user.
- Yourfreeworld has the most reported vulnerabilities, with 8 reported vulnerabilities.
- Adobe has the most reported critical vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
13 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-11-04 | CVE-2008-4910 | SUN | Improper Input Validation vulnerability in SUN Java web Start The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method. | 10.0 |
2008-11-05 | CVE-2008-4817 | Adobe | Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption. | 9.3 |
2008-11-05 | CVE-2008-4814 | Adobe | Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue." | 9.3 |
2008-11-05 | CVE-2008-4813 | Adobe | Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing. | 9.3 |
2008-11-05 | CVE-2008-4812 | Adobe | Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts. | 9.3 |
2008-11-04 | CVE-2008-4922 | Djvu Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Djvu Activex Control FOR Microsoft Office 2000 Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties. | 9.3 |
2008-11-04 | CVE-2008-4306 | Ubuntu | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ubuntu Linux Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence. | 9.3 |
2008-11-04 | CVE-2008-2992 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. | 9.3 |
2008-11-05 | CVE-2008-4932 | Comingchina | Improper Input Validation vulnerability in Comingchina U-Mail Webmail Server 4.91 webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. | 9.0 |
2008-11-04 | CVE-2008-4926 | MW6 Technologies | Arbitrary File Overwrite vulnerability in MW6 Technologies Pdf417 Activex 3.0.0.1 Multiple insecure method vulnerabilities in MW6 Technologies PDF417 ActiveX control (MW6PDF417Lib.PDF417, MW6PDF417.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods. | 9.0 |
2008-11-04 | CVE-2008-4925 | MW6 Technologies | Arbitrary File Overwrite vulnerability in MW6 Technologies Datamatrix Activex 3.0.0.1 Multiple insecure method vulnerabilities in MW6 Technologies DataMatrix ActiveX control (DATAMATRIXLib.MW6DataMatrix, DataMatrix.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods. | 9.0 |
2008-11-04 | CVE-2008-4924 | MW6 Technologies | Arbitrary File Overwrite vulnerability in MW6 Technologies 1D Barcode Decoder Activex 3.0.0.1 Multiple insecure method vulnerabilities in MW6 Technologies 1D Barcode ActiveX control (BARCODELib.MW6Barcode, Barcode.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods. | 9.0 |
2008-11-04 | CVE-2008-4923 | MW6 Technologies | Arbitrary File Overwrite vulnerability in MW6 Technologies Aztec Activex 3.0.0.1 Multiple insecure method vulnerabilities in MW6 Technologies Aztec ActiveX control (AZTECLib.MW6Aztec, Aztec.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods. | 9.0 |
28 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-11-04 | CVE-2008-4919 | Visagesoft | Improper Input Validation vulnerability in Visagesoft Expert PDF Viewer Activex 3.0.990.0 Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method. | 8.8 |
2008-11-06 | CVE-2008-4395 | Linux Ubuntu | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs. | 8.3 |
2008-11-07 | CVE-2008-4999 | Nortel | Improper Input Validation vulnerability in Nortel Unistim IP Phone 0604Das Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). | 7.8 |
2008-11-05 | CVE-2008-4934 | Linux Debian Canonical | Improper Input Validation vulnerability in Linux Kernel The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted hfsplus filesystem image. | 7.8 |
2008-11-05 | CVE-2008-4933 | Linux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function. | 7.8 |
2008-11-06 | CVE-2008-4991 | EC Cube | SQL Injection vulnerability in Ec-Cube SQL injection vulnerability in LOCKON CO.,LTD. | 7.5 |
2008-11-05 | CVE-2008-4815 | Unix Adobe | Permissions, Privileges, and Access Controls vulnerability in Adobe Acrobat and Acrobat Reader Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH. | 7.5 |
2008-11-04 | CVE-2008-4921 | Chipmunk Scripts | Permissions, Privileges, and Access Controls vulnerability in Chipmunk Scripts Chipmunk CMS 1.3 board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to bypass authentication and gain administrator privileges via a direct request. | 7.5 |
2008-11-04 | CVE-2008-4906 | W1N78 E107 | SQL Injection vulnerability in W1N78 Lyrics 0.4.2 SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. | 7.5 |
2008-11-04 | CVE-2008-4902 | Scripts Frenzy | SQL Injection vulnerability in Scripts Frenzy Article Publisher PRO 1.5 SQL injection vulnerability in contact_author.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter. | 7.5 |
2008-11-04 | CVE-2008-4901 | Scripts Frenzy | SQL Injection vulnerability in Scripts Frenzy Article Publisher PRO 1.5 SQL injection vulnerability in admin/admin.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2008-11-04 | CVE-2008-4900 | Yourfreeworld | SQL Injection vulnerability in Yourfreeworld Classifieds Blaster Script SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-11-04 | CVE-2008-4895 | Yourfreeworld | SQL Injection vulnerability in Yourfreeworld Downline Builder Script SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-11-04 | CVE-2008-4912 | RS Maxsoft | SQL Injection vulnerability in RS Maxsoft Fotogalerie SQL injection vulnerability in popup_img.php in the fotogalerie module in RS MAXSOFT allows remote attackers to execute arbitrary SQL commands via the fotoID parameter. | 7.5 |
2008-11-04 | CVE-2008-4911 | Chattaitaliano | Code Injection vulnerability in Chattaitaliano Istant-Replay PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote attackers to execute arbitrary PHP code via a URL in the data parameter. | 7.5 |
2008-11-04 | CVE-2008-4890 | 1ST News | SQL Injection vulnerability in 1ST News 4 Professional PR1 SQL injection vulnerability in products.php in 1st News 4 Professional (PR 1) allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-11-04 | CVE-2008-4889 | DEV L S | SQL Injection vulnerability in Dev!L'S Clanportal 1.2.5/1.3.6 SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action. | 7.5 |
2008-11-04 | CVE-2008-4887 | Netrisk | SQL Injection vulnerability in Netrisk 1.9.7 SQL injection vulnerability in index.php in NetRisk 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) profile page (profile.php) or (2) game page (game.php). | 7.5 |
2008-11-04 | CVE-2008-4886 | Yourfreeworld | SQL Injection vulnerability in Yourfreeworld Shopping Cart Script SQL injection vulnerability in index.php in YourFreeWorld Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the c parameter. | 7.5 |
2008-11-04 | CVE-2008-4885 | Yourfreeworld | SQL Injection vulnerability in Yourfreeworld Scrolling Text ADS Script SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-11-04 | CVE-2008-4884 | Yourfreeworld | SQL Injection vulnerability in Yourfreeworld Classifieds Hosting Script SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-11-04 | CVE-2008-4883 | Yourfreeworld | SQL Injection vulnerability in Yourfreeworld Blog Blaster Script SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-11-04 | CVE-2008-4882 | Yourfreeworld | SQL Injection vulnerability in Yourfreeworld Autoresponder Hosting Script SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-11-04 | CVE-2008-4881 | Yourfreeworld | SQL Injection vulnerability in Yourfreeworld Reminder Service Script SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-11-04 | CVE-2008-4880 | Maran | SQL Injection vulnerability in Maran PHP Shop SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879. | 7.5 |
2008-11-04 | CVE-2008-4879 | Maran | SQL Injection vulnerability in Maran PHP Shop SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2008-4880. | 7.5 |
2008-11-07 | CVE-2008-4414 | HP | Permissions, Privileges, and Access Controls vulnerability in HP Tru64 5.1B3/5.1B4 Unspecified vulnerability in the AdvFS showfile command in HP Tru64 UNIX 5.1B-3 and 5.1B-4 allows local users to gain privileges via unspecified vectors. | 7.2 |
2008-11-06 | CVE-2008-4963 | Cisco | Denial Of Service vulnerability in Cisco Catos and IOS Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP packet sent to a switch interface configured as a trunk port. | 7.1 |
81 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-11-07 | CVE-2008-4998 | Twiki | Link Following vulnerability in Twiki 4.1.2 ** DISPUTED ** postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. | 6.9 |
2008-11-07 | CVE-2008-4997 | Pilot QOF | Link Following vulnerability in Pilot-Qof Datafreedom-Perl 0.1.7 ** DISPUTED ** dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. | 6.9 |
2008-11-07 | CVE-2008-4996 | Debian | Link Following vulnerability in Debian Initramfs-Tools 0.92F ** DISPUTED ** init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. | 6.9 |
2008-11-07 | CVE-2008-4995 | Jose M Vidal | Link Following vulnerability in Jose M.Vidal Bk2Site 1.1.9 redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/redirect.log temporary file. | 6.9 |
2008-11-07 | CVE-2008-4994 | TI KAN | Link Following vulnerability in TI KAN Xmcd 2.6 The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.*pid temporary file. | 6.9 |
2008-11-07 | CVE-2008-4993 | XEN | Link Following vulnerability in XEN 3.2.1 qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file. | 6.9 |
2008-11-06 | CVE-2008-4988 | Lars Bahner | Link Following vulnerability in Lars Bahner Xcal 4.1 pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pscal##### temporary file. | 6.9 |
2008-11-06 | CVE-2008-4987 | Xastir | Link Following vulnerability in Xastir 1.9.2 xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ldconfig.tmp, (b) /tmp/ldconf.tmp, and (c) /tmp/ld.so.conf temporary files, related to the (1) get-maptools.sh and (2) get_shapelib.sh scripts. | 6.9 |
2008-11-06 | CVE-2008-4986 | Georges Khaznadar | Link Following vulnerability in Georges Khaznadar Wims 3.6.2 wims 3.62 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/env#####, (b) /tmp/sed#####, and (c) /tmp/referer-home.log temporary files, related to the (1) coqweb and (2) account.sh scripts. | 6.9 |
2008-11-06 | CVE-2008-4985 | Cadsoft | Link Following vulnerability in Cadsoft VDR 1.6.0 vdrleaktest in Video Disk Recorder (aka vdr-dbg or vdr) 1.6.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/memleaktest.log temporary file. | 6.9 |
2008-11-06 | CVE-2008-4984 | Freedesktop | Link Following vulnerability in Freedesktop Scratchbox2 1.99.0.24 scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/dpkg.#####.tmp, (b) /tmp/missing_deps.#####, and (c) /tmp/sb2-pkg-chk.$tstamp.##### temporary files, related to the (1) dpkg-checkbuilddeps and (2) sb2-check-pkg-mappings scripts. | 6.9 |
2008-11-06 | CVE-2008-4983 | Scilab | Link Following vulnerability in Scilab Scilab-Bin 4.1.2 scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, (c) /tmp/SciLink#####3, (d) /tmp/*.#####, (e) /tmp/*.#####.res, (f) /tmp/*.#####.err, and (g) /tmp/*.#####.diff temporary files, related to the (1) scilink, (2) scidoc, and (3) scidem scripts. | 6.9 |
2008-11-06 | CVE-2008-4982 | John Horne | Link Following vulnerability in John Horne Rkhunter 1.3.2 rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rkhunter-debug temporary file. | 6.9 |
2008-11-06 | CVE-2008-4981 | Remi Vanicat | Link Following vulnerability in Remi Vanicat Realtimebattle 1.0.8 perl.robot in realtimebattle 1.0.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl.robot.log temporary file. | 6.9 |
2008-11-06 | CVE-2008-4980 | ZAK B Elep | Link Following vulnerability in ZAK B Elep Rccp 0.9 delqueueask in rccp 0.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cccp_tmp.txt temporary file. | 6.9 |
2008-11-06 | CVE-2008-4979 | Shrubbery | Link Following vulnerability in Shrubbery Rancid 2.3.2~A8 getipacctg in rancid 2.3.2~a8 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/ipacct.#####.prefixes, (2) /tmp/ipacct.#####.sorted, (3) /tmp/ipacct.#####.pl, and (4) /tmp/ipacct.##### temporary files. | 6.9 |
2008-11-06 | CVE-2008-4978 | Radiance | Link Following vulnerability in Radiance 3 radiance 3R9+20080530 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/opt.fmt, (b) /tmp/out#####.fmt, (c) /tmp/tf#####.dat, (d) /tmp/gsf#####, (e) /tmp/sc#####.sh, (f) /tmp/il#####.pic, (g) /tmp/tl#####.pic, (h) /tmp/ds#####.pic, (i) /tmp/tfa#####, and (j) /tmp/sed##### temporary files, related to the (1) optics2rad, (2) pdelta, (3) dayfact, and (4) raddepend scripts. | 6.9 |
2008-11-06 | CVE-2008-4977 | Postfix | Link Following vulnerability in Postfix 2.5.2 ** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. | 6.9 |
2008-11-06 | CVE-2008-4976 | Alan Woodland | Link Following vulnerability in Alan Woodland Ogle and Ogle-Mmx ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/ogle_audio.#####, (b) /tmp/ogle_cli.#####, (c) /tmp/ogle_ctrl.#####, (d) /tmp/ogle_gui.#####, (e) /tmp/ogle_mpeg_ps.#####, (f) /tmp/ogle_mpeg_vs.#####, (g) /tmp/ogle_nav.#####, and (h) /tmp/ogle_vout.#####, temporary files, related to the (1) ogle_audio_debug, (2) ogle_cli_debug, (3) ogle_ctrl_debug, (4) ogle_gui_debug, (5) ogle_mpeg_ps_debug, (6) ogle_mpeg_vs_debug, (7) ogle_nav_debug, and (8) ogle_vout_debug scripts. | 6.9 |
2008-11-06 | CVE-2008-4975 | Debian | Link Following vulnerability in Debian Newsgate 1.6 mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mmp##### temporary file. | 6.9 |
2008-11-06 | CVE-2008-4974 | Netmrg | Link Following vulnerability in Netmrg 0.20 rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*.xml and (2) /tmp/*.backup temporary files. | 6.9 |
2008-11-06 | CVE-2008-4973 | Debian | Link Following vulnerability in Debian Myspell 3.1 i2myspell in myspell 3.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/i2my#####.1 and (2) /tmp/i2my#####.2 temporary files. | 6.9 |
2008-11-06 | CVE-2008-4972 | Steve Robbins | Link Following vulnerability in Steve Robbins MGT 2.31 mailgo in mgt 2.31 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mailgo##### temporary file. | 6.9 |
2008-11-06 | CVE-2008-4971 | Align BMR Kyushu U AC | Link Following vulnerability in Align.Bmr.Kyushu-U.Ac Mafft 6.240 mafft-homologs in mafft 6.240 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/_vf#?????, (2) /tmp/_if#?????, (3) /tmp/_pf#?????, (4) /tmp/_af#?????, (5) /tmp/_rid#?????, (6) /tmp/_res#?????, (7) /tmp/_q#?????, and (8) /tmp/_bf#????? temporary files. | 6.9 |
2008-11-06 | CVE-2008-4970 | Lustre | Link Following vulnerability in Lustre Lustre-Tests 1.6.5/1.6.5.1 runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file. | 6.9 |
2008-11-06 | CVE-2008-4969 | Alastair Mckinstry | Link Following vulnerability in Alastair Mckinstry Ltp-Network-Test 20060918 ltp-network-test 20060918 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/vsftpd.conf, (b) /tmp/udp/2/*, (c) /tmp/tcp/2/*, (d) /tmp/udp/3/*, (e) /tmp/tcp/3/*, (f) /tmp/nfs_fsstress.udp.2.log, (g) /tmp/nfs_fsstress.udp.3.log, (h) /tmp/nfs_fsstress.tcp.2.log, (i) /tmp/nfs_fsstress.tcp.3.log, and (j) /tmp/nfs_fsstress.sardata temporary files, related to the (1) ftp_setup_vsftp_conf and (2) nfs_fsstress.sh scripts. | 6.9 |
2008-11-06 | CVE-2008-4968 | Bitmover | Link Following vulnerability in Bitmover Lmbench 3.0A7 The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/sdiff.##### temporary file. | 6.9 |
2008-11-06 | CVE-2008-4967 | Linuxtrade | Link Following vulnerability in Linuxtrade 3.65 linuxtrade 3.65 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/bwk, (b) /tmp/zzz, and (c) /tmp/ggg temporary files, related to the (1) linuxtrade.bwkvol, (2) linuxtrade.wn, and (3) moneyam.helper scripts. | 6.9 |
2008-11-06 | CVE-2008-4966 | Openswan | Link Following vulnerability in Openswan Linux-Patch-Openswan 2.4.12 linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/snap##### and (b) /tmp/nightly##### temporary files, related to the (1) maysnap and (2) maytest scripts. | 6.9 |
2008-11-06 | CVE-2008-4965 | Savonet | Link Following vulnerability in Savonet Liguidsoap 0.3.8.1+2 liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/liguidsoap.liq, (2) /tmp/lig.#####.log, and (3) /tmp/emission.ogg temporary files. | 6.9 |
2008-11-06 | CVE-2008-4964 | Krzysztof Kozlowski | Link Following vulnerability in Krzysztof Kozlowski Konwert 1.8 filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary files via a symlink attack on a /tmp/any-##### temporary file. | 6.9 |
2008-11-05 | CVE-2008-4960 | DOV Grobgeld | Link Following vulnerability in DOV Grobgeld Impose+ 0.2 impose in impose+ 0.2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-tmp.ps and (2) /tmp/bboxx-* temporary files. | 6.9 |
2008-11-05 | CVE-2008-4959 | Gpsdrive | Link Following vulnerability in Gpsdrive Gpsdrive-Scripts 2.10 geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/geo.google, (2) /tmp/geo.yahoo, (3) /tmp/geo.coords, and (4) /tmp/geo#####.coords temporary files. | 6.9 |
2008-11-05 | CVE-2008-4958 | Alejandro Garrido Mota | Link Following vulnerability in Alejandro Garrido Mota Gdrae 0.1 gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gdrae/palabra temporary file. | 6.9 |
2008-11-05 | CVE-2008-4957 | Gccxml | Link Following vulnerability in Gccxml 0.9.0 find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file. | 6.9 |
2008-11-05 | CVE-2008-4956 | Firewallbuilder | Link Following vulnerability in Firewallbuilder Fwbuilder 2.1.19 fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ssh-agent.##### temporary file. | 6.9 |
2008-11-05 | CVE-2008-4954 | Fumitoshi Ukai | Link Following vulnerability in Fumitoshi Ukai FML 4.0.3 mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/debugbuf temporary file. | 6.9 |
2008-11-05 | CVE-2008-4953 | Firehol | Link Following vulnerability in Firehol 1.256 ** DISPUTED ** firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. | 6.9 |
2008-11-05 | CVE-2008-4952 | Emacs | Link Following vulnerability in Emacs Emacs-Jabber 0.7.91 emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file. | 6.9 |
2008-11-05 | CVE-2008-4951 | Gplhost | Link Following vulnerability in Gplhost Dtc-Common 0.29.6 dtc 0.29.6 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/awstats.log, (b) /tmp/spam.log.#####, and (c) /tmp/spam_err.log temporary files, related to the (1) accesslog.php and (2) sa-wrapper scripts. | 6.9 |
2008-11-05 | CVE-2008-4950 | Debian | Link Following vulnerability in Debian Dpkg-Cross 2.3.0 ** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. | 6.9 |
2008-11-05 | CVE-2008-4949 | Manoj Srivastava | Link Following vulnerability in Manoj Srivastava Dist 3.5 dist 3.5 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/cil#####, (b) /tmp/pdo#####, and (c) /tmp/pdn##### temporary files, related to the (1) patcil and (2) patdiff scripts. | 6.9 |
2008-11-05 | CVE-2008-4948 | Nostatic | Link Following vulnerability in Nostatic Digitaldj 0.7.5 fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ddj_fest.tmp temporary file. | 6.9 |
2008-11-05 | CVE-2008-4947 | Guus Sliepen | Link Following vulnerability in Guus Sliepen Dhis-Server dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file. | 6.9 |
2008-11-05 | CVE-2008-4946 | Convirture | Link Following vulnerability in Convirture Convirt 0.8.2 convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5) common/provision.sh, (6) example/provision.sh, and (7) Windows_CD_Install/provision.sh scripts in image_store/. | 6.9 |
2008-11-05 | CVE-2008-4945 | Tivano | Link Following vulnerability in Tivano Cdrw-Taper 0.4 amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite arbitrary files via a symlink attack involving a /tmp/amlabel-cdrw.##### temporary directory. | 6.9 |
2008-11-05 | CVE-2008-4944 | Gleydson Mazioli DA Silva | Link Following vulnerability in Gleydson Mazioli DA Silva Cdcontrol 1.90 writtercontrol in cdcontrol 1.90 allows local users to overwrite arbitrary files via a symlink attack on /tmp/v-recorder*-out temporary files. | 6.9 |
2008-11-05 | CVE-2008-4943 | Iglues | Link Following vulnerability in Iglues Bulmages-Servers 0.11.1 bulmages-servers 0.11.1 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/error.txt, (b) /tmp/errores.txt, and possibly other temporary files, related to the (1) creabulmafact, (2) creabulmacont, and possibly (3) actualizabulmacont, (4) installbulmages-db, and (5) actualizabulmafact scripts. | 6.9 |
2008-11-05 | CVE-2008-4942 | Audiolink | Link Following vulnerability in Audiolink 0.05 audiolink in audiolink 0.05 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/audiolink.db.tmp and (2) /tmp/audiolink.tb.tmp temporary files. | 6.9 |
2008-11-05 | CVE-2008-4941 | ARB Project | Link Following vulnerability in ARB Project Arb-Common 0.0 arb-common 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/arb_fdnaml_*, (b) /tmp/arb_pids_*, (c) /tmp/arbdsmz.html, and (d) /tmp/arbdsmz.htm temporary files, related to the (1) arb_fastdnaml and (2) dszmconnect.pl scripts. | 6.9 |
2008-11-05 | CVE-2008-4940 | Aptoncd | Link Following vulnerability in Aptoncd 0.1 xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/aptoncd temporary file. | 6.9 |
2008-11-05 | CVE-2008-4939 | Apertium | Link Following vulnerability in Apertium 3.0.7 apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####.lex.cc, (b) /tmp/#####.deformat.l, (c) /tmp/#####.reformat.l, (d) /tmp/#####docxorig, (e) /tmp/#####docxsalida.zip, (f) /tmp/#####xlsxembed, (g) /tmp/#####xlsxorig, and (h) /tmp/#####xslxsalida.zip temporary files, related to the (1) apertium-gen-deformat, (2) apertium-gen-reformat, and (3) apertium scripts. | 6.9 |
2008-11-05 | CVE-2008-4938 | Aegis | Link Following vulnerability in Aegis and Aegis-Web aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####, (b) /tmp/#####.intro, (c) /tmp/aegis.#####.ae, (d) /tmp/aegis.#####, (e) /tmp/aegis.#####.1, (f) /tmp/aegis.#####.2, (g) /tmp/aegis.#####.log, and (h) /tmp/aegis.#####.out temporary files, related to the (1) bng_dvlpd.sh, (2) bng_rvwd.sh, (3) awt_dvlp.sh, (4) awt_intgrtn.sh, and (5) aegis.cgi scripts. | 6.9 |
2008-11-05 | CVE-2008-4936 | Gert Doering | Link Following vulnerability in Gert Doering Mgetty 1.1.36 faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file. | 6.9 |
2008-11-05 | CVE-2008-4935 | Amiga | Link Following vulnerability in Amiga Aview 1.3.0 asciiview in aview 1.3.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/aview#####.pgm temporary file. | 6.9 |
2008-11-04 | CVE-2008-4899 | Planetluc | Cross-Site Request Forgery (CSRF) vulnerability in Planetluc Rateme 1.3.3 Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe 1.3.3 allows remote attackers to perform unauthorized actions as other users via unspecified vectors. | 6.8 |
2008-11-04 | CVE-2008-4897 | Logz | SQL Injection vulnerability in Logz 1.3.1 SQL injection vulnerability in fichiers/add_url.php in Logz podcast CMS 1.3.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the art parameter. | 6.8 |
2008-11-03 | CVE-2008-3868 | CCE Interact | Cross-Site Request Forgery (CSRF) vulnerability in Cce-Interact Interact 2.4.1 Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts. | 6.8 |
2008-11-03 | CVE-2008-3867 | CCE Interact | SQL Injection vulnerability in Cce-Interact Interact 2.4.1 SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter. | 6.8 |
2008-11-05 | CVE-2008-4955 | Duncan Webb | Link Following vulnerability in Duncan Webb Freevo 1.8.1 freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-#####.pid, (2) /tmp/freevo-gdb, (3) /tmp/freevo-gdb.sh, and (4) /tmp/*.stats temporary files. | 6.2 |
2008-11-04 | CVE-2008-4413 | HP | Permissions, Privileges, and Access Controls vulnerability in HP System Management Homepage Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users to gain "unauthorized access" via unknown vectors, possibly related to temporary file permissions. | 6.2 |
2008-11-04 | CVE-2008-4904 | Typosphere | SQL Injection vulnerability in Typosphere Typo SQL injection vulnerability in the "Manage pages" feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with "blog publisher" rights to execute arbitrary SQL commands via the search[published_at] parameter. | 6.0 |
2008-11-04 | CVE-2008-4894 | Tribiq | Path Traversal vulnerability in Tribiq CMS 5.0.10A Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the template_path parameter. | 5.1 |
2008-11-04 | CVE-2008-4930 | Mybb | Improper Input Validation vulnerability in Mybb 1.4.2 MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks. | 5.0 |
2008-11-04 | CVE-2008-4929 | Mybb | Cryptographic Issues vulnerability in Mybb 1.4.2 MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames. | 5.0 |
2008-11-04 | CVE-2008-4905 | Typosphere | Cryptographic Issues vulnerability in Typosphere Typo Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it easier for attackers to guess passwords via a brute force attack. | 5.0 |
2008-11-04 | CVE-2008-4913 | Lokicms | Path Traversal vulnerability in Lokicms Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to delete arbitrary files via a .. | 5.0 |
2008-11-07 | CVE-2008-4992 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN products The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and 7.1.3 through 7.1.3.e on UltraSPARC T1, T2, and T2+ processors allows logical domain users to access memory in other logical domains via unknown vectors. | 4.6 |
2008-11-05 | CVE-2008-4931 | Firmchannel | Cross-Site Scripting vulnerability in Firmchannel Digital Signage 3.24 Cross-site scripting (XSS) vulnerability in the account module in firmCHANNEL Digital Signage 3.24, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php. | 4.3 |
2008-11-05 | CVE-2008-4816 | Microsoft Adobe | Unspecified vulnerability in Adobe Acrobat and Acrobat Reader Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors. | 4.3 |
2008-11-04 | CVE-2008-4928 | Mybb | Cross-Site Scripting vulnerability in Mybb 1.4.2 Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. | 4.3 |
2008-11-04 | CVE-2008-4927 | Microsoft | Improper Input Validation vulnerability in Microsoft Windows Media Player 10/11/9 Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 4.3 |
2008-11-04 | CVE-2008-4918 | Sonicwall | Cross-site Scripting vulnerability in Sonicwall Sonicos Enhanced Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking." | 4.3 |
2008-11-04 | CVE-2008-4907 | Dovecot | Improper Input Validation vulnerability in Dovecot 1.1.4/1.1.5 The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug." | 4.3 |
2008-11-04 | CVE-2008-4903 | Typosphere | Cross-Site Scripting vulnerability in Typosphere Typo Cross-site scripting (XSS) vulnerability in the leave comment (feedback) feature in Typo 5.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) comment[author] (Name) and (2) comment[url] (Website) parameters. | 4.3 |
2008-11-04 | CVE-2008-4898 | Planetluc | Cross-Site Scripting vulnerability in Planetluc Rateme 1.3.3 Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the rate parameter in a submit rate action. | 4.3 |
2008-11-04 | CVE-2008-4896 | Logz | Cross-Site Scripting vulnerability in Logz 1.3.1 Cross-site scripting (XSS) vulnerability in fichiers/add_url.php in Logz CMS 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the art parameter. | 4.3 |
2008-11-04 | CVE-2008-4892 | Planetluc | Cross-Site Scripting vulnerability in Planetluc Mygallery 1.7.2 Cross-site scripting (XSS) vulnerability in gallery.inc.php in Planetluc MyGallery 1.7.2 and earlier, and possibly other versions before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via the mghash parameter. | 4.3 |
2008-11-04 | CVE-2008-4891 | Planetluc | Cross-Site Scripting vulnerability in Planetluc Signme 1.5 Cross-site scripting (XSS) vulnerability in signme.inc.php in Planetluc SignMe 1.5 before 1.55 allows remote attackers to inject arbitrary web script or HTML via the hash parameter. | 4.3 |
2008-11-04 | CVE-2008-4909 | Compact CMS | Cross-Site Scripting vulnerability in Compact CMS Compact CMS Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and earlier allows remote attackers to perform unauthorized actions as legitimate users via unspecified vectors. | 4.3 |
2008-11-04 | CVE-2008-4888 | Netrisk | Cross-Site Scripting vulnerability in Netrisk 1.9.7 Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter to index.php. | 4.3 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-11-04 | CVE-2008-4908 | Crossfire Debian | Link Following vulnerability in Crossfire 1.11.0 maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | 3.3 |
2008-11-05 | CVE-2008-4937 | Openoffice | Link Following vulnerability in Openoffice Openoffice.Org 2.4.1 senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file. | 2.6 |
2008-11-04 | CVE-2008-4893 | Tribiq | Cross-Site Scripting vulnerability in Tribiq CMS 5.0.10A Cross-site scripting (XSS) vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the template_path parameter. | 2.6 |