Weekly Vulnerabilities Reports > November 10 to 16, 2008

Overview

101 new vulnerabilities reported during this period, including 33 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 103 products from 62 vendors including Mozilla, Debian, Canonical, Microsoft, and Adobe. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Resource Management Errors", and "Code Injection".

  • 91 reported vulnerabilities are remotely exploitables.
  • 32 reported vulnerabilities have public exploit available.
  • 41 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 97 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 15 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

33 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-11-14 CVE-2008-5094 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Edirectory

Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors.

10.0
2008-11-14 CVE-2008-5092 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Edirectory

Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header.

10.0
2008-11-14 CVE-2008-5091 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Edirectory

Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter."

10.0
2008-11-14 CVE-2008-5090 Anelectron Code Injection vulnerability in Anelectron Advanced Electron Forum

Electron Inc.

10.0
2008-11-13 CVE-2008-5066 Agaresmedia Code Injection vulnerability in Agaresmedia Themesitescript 1.0

PHP remote file inclusion vulnerability in upload/admin/frontpage_right.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.

10.0
2008-11-13 CVE-2008-5063 Otmanager Code Injection vulnerability in Otmanager 2.4

PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter.

10.0
2008-11-13 CVE-2008-5060 Modernbill Code Injection vulnerability in Modernbill

Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) run_auto_suspend.cron.php, and (3) send_email_cache.php in include/scripts/; (4) include/misc/mod_2checkout/2checkout_return.inc.php; and (5) include/html/nettools.popup.php, different vectors than CVE-2006-4034 and CVE-2005-1054.

10.0
2008-11-13 CVE-2008-5053 Joomla Code Injection vulnerability in Joomla COM Rssreader 1.0

PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

10.0
2008-11-13 CVE-2008-5052 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.

10.0
2008-11-13 CVE-2008-5018 Mozilla
Debian
Canonical
Resource Management Errors vulnerability in multiple products

The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.

10.0
2008-11-13 CVE-2008-5017 Mozilla
Debian
Canonical
Numeric Errors vulnerability in multiple products

Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.

10.0
2008-11-13 CVE-2008-5014 Mozilla
Debian
Canonical
Improper Input Validation vulnerability in multiple products

jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.

10.0
2008-11-13 CVE-2008-5045 Network Client COM Buffer Errors vulnerability in Network-Client.Com FTP NOW 2.6

Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly other versions, allows remote FTP servers to cause a denial of service (crash) via a 200 server response that is exactly 1024 characters long.

10.0
2008-11-12 CVE-2008-5038 Novell Resource Management Errors vulnerability in Novell Edirectory

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.

10.0
2008-11-10 CVE-2008-5031 Python Numeric Errors vulnerability in Python

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c.

10.0
2008-11-10 CVE-2008-5030 Libcaudio Buffer Errors vulnerability in Libcaudio 0.99.12P2

Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote CDDB servers to execute arbitrary code via long CDDB data.

10.0
2008-11-10 CVE-2008-5010 SUN Remote Code Execution vulnerability in SUN Opensolaris and Solaris

in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.

10.0
2008-11-10 CVE-2008-5005 University OF Washington Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in University of Washington Alpine and Imap Toolkit

Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.

10.0
2008-11-14 CVE-2008-5089 Datadynamics Insecure Method vulnerability in Datadynamics Activereports 2.5.0.1314

Multiple insecure method vulnerabilities in the DDActiveReportsViewer2.ARViewer2 ActiveX control (arview2.ocx) in Data Dynamics ActiveReports 2.5.0.1314 allow remote attackers to overwrite arbitrary files via a call to the (1) Pages.Save, (2) PrintReport, or (3) Canvas.Save method.

9.3
2008-11-14 CVE-2008-5073 Novell Buffer Errors vulnerability in Novell Zenworks Desktop Management 6.5

Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method.

9.3
2008-11-13 CVE-2008-5021 Mozilla
Debian
Canonical
Resource Management Errors vulnerability in multiple products

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.

9.3
2008-11-13 CVE-2008-5013 Mozilla Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.

9.3
2008-11-13 CVE-2008-0017 Mozilla
Canonical
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.

9.3
2008-11-13 CVE-2008-5050 Clam Anti Virus Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Clam Anti-Virus Clamav

Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.

9.3
2008-11-12 CVE-2008-4037 Microsoft Improper Authentication vulnerability in Microsoft products

Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.

9.3
2008-11-10 CVE-2008-5036 Videolan Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player

Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c.

9.3
2008-11-10 CVE-2008-5032 Videolan Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player

Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c.

9.3
2008-11-10 CVE-2008-4387 SAP
Simba Technologies
Microsoft
Code Injection vulnerability in multiple products

Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer.

9.3
2008-11-10 CVE-2008-5008 Mega Nerd Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mega-Nerd Secret Rabbit Code

Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or libsamplerate) before 0.1.4, when "extreme low conversion ratios" are used, allows user-assisted attackers to have an unknown impact via a crafted audio file.

9.3
2008-11-10 CVE-2008-5002 Chilkat Software Improper Input Validation vulnerability in Chilkat Software Chilkat Crypt Activex Control 2.1

Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method.

9.3
2008-11-10 CVE-2008-5001 Ultravnc Buffer Errors vulnerability in Ultravnc 1.0.2/1.0.4

Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified parameters, a different issue than CVE-2008-0610.

9.3
2008-11-10 CVE-2008-4281 Vmware Path Traversal vulnerability in VMWare ESX and Esxi

Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors.

9.3
2008-11-14 CVE-2008-5071 Yoxel Code Injection vulnerability in Yoxel

Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.

9.0

29 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-11-10 CVE-2008-5033 Linux Resource Management Errors vulnerability in Linux Kernel

The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service (NULL function pointer dereference and OOPS) via unknown vectors.

7.8
2008-11-14 CVE-2008-5097 Myfwb SQL Injection vulnerability in Myfwb 1.0

SQL injection vulnerability in index.php in MyFWB 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2008-11-14 CVE-2008-5088 Knowledgebase Script SQL Injection vulnerability in Knowledgebase-Script PHPkb Knowledge Base Software 1.5

Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than CVE-2008-1909.

7.5
2008-11-14 CVE-2008-5087 Typo3 SQL Injection vulnerability in Typo3 Another Backend Login 0.0.1/0.0.2

SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-11-14 CVE-2008-5074 PHP Fusion SQL Injection vulnerability in PHP-Fusion Freshlinks Module 1.0

SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter.

7.5
2008-11-14 CVE-2008-5070 PRO Chat Rooms SQL Injection vulnerability in PRO Chat Rooms PRO Chat Rooms 3.0.3

SQL injection vulnerability in Pro Chat Rooms 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the gud parameter to (1) profiles/index.php and (2) profiles/admin.php.

7.5
2008-11-14 CVE-2008-5069 Deeserver SQL Injection vulnerability in Deeserver Panuwat Promoteweb Mysql

SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-11-13 CVE-2008-5065 Easy Script Improper Authentication vulnerability in Easy-Script Tlguesbook 1.2

TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin.

7.5
2008-11-13 CVE-2008-5064 H H SQL Injection vulnerability in H&H Websoccer 2.80

SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-11-13 CVE-2008-5058 Preproject SQL Injection vulnerability in Preproject PRE Simple CMS

SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php.

7.5
2008-11-13 CVE-2008-5057 Aspindir SQL Injection vulnerability in Aspindir Dizi Portali

SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the film parameter.

7.5
2008-11-13 CVE-2008-5055 Activecampaign SQL Injection vulnerability in Activecampaign Triolive

SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to execute arbitrary SQL commands via the department_id parameter to index.php.

7.5
2008-11-13 CVE-2008-5054 Develop IT Easy SQL Injection vulnerability in Develop IT Easy Membership System 1.3

Multiple SQL injection vulnerabilities in Develop It Easy Membership System 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters to customer_login.php and the (3) user_name and (4) user_pass parameters to admin/index.php.

7.5
2008-11-13 CVE-2008-5024 Mozilla
Debian
Canonical
XML Injection (Aka Blind Xpath Injection) vulnerability in multiple products

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.

7.5
2008-11-13 CVE-2008-5023 Mozilla
Debian
Canonical
Improper Input Validation vulnerability in multiple products

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.

7.5
2008-11-13 CVE-2008-5022 Mozilla
Debian
Canonical
Improper Authentication vulnerability in multiple products

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.

7.5
2008-11-13 CVE-2008-5051 Jooblog
Joomla
SQL Injection vulnerability in Jooblog 1.1

SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.

7.5
2008-11-13 CVE-2008-5047 Mole Group SQL Injection vulnerability in Mole Group Rental Script

SQL injection vulnerability in admin/index.php in Mole Group Rental Script allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2008-11-13 CVE-2008-5046 Mole Group SQL Injection vulnerability in Mole Group Pizza Script

SQL injection vulnerability in index.php in Mole Group Pizza Script allows remote attackers to execute arbitrary SQL commands via the manufacturers_id parameter.

7.5
2008-11-12 CVE-2008-5042 Zeeways Improper Authentication vulnerability in Zeeways Photovideotube

Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php.

7.5
2008-11-12 CVE-2008-5041 Sweex Permissions, Privileges, and Access Controls vulnerability in Sweex Ro002 Router Ts03072

Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default password for the "rdc123" account, which makes it easier for remote attackers to obtain access.

7.5
2008-11-12 CVE-2008-5040 Graphiks Improper Authentication vulnerability in Graphiks Myforum 1.3

Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1.

7.5
2008-11-12 CVE-2008-5037 Elkagroup SQL Injection vulnerability in Elkagroup Image Gallery 1.0

SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2008-11-10 CVE-2008-5004 Mywebland SQL Injection vulnerability in Mywebland Bloggie Lite 0.0.2

SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie.

7.5
2008-11-10 CVE-2008-5003 Shahrood SQL Injection vulnerability in Shahrood

SQL injection vulnerability in ndetail.php in Shahrood allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-11-13 CVE-2008-5049 Isecsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Isecsoft Anti-Keylogger Elite

Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft Anti-Keylogger Elite 3.3.0 and earlier, and possibly other versions including 3.3.3, allows local users to gain privileges via long inputs to the (1) 0x002224A4, (2) 0x002224C0, and (3) 0x002224CC IOCTL.

7.2
2008-11-13 CVE-2008-5048 Isecsoft Buffer Errors vulnerability in Isecsoft Anti-Trojan Elite 4.1.9/4.2.0/4.2.1

Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and earlier, and possibly 4.2.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long inputs to the 0x00222494 IOCTL.

7.2
2008-11-10 CVE-2008-4831 Adobe Permissions, Privileges, and Access Controls vulnerability in Adobe Coldfusion 7.2/8.0/8.0.1

Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors.

7.2
2008-11-10 CVE-2008-4820 Microsoft
Adobe
Information Exposure vulnerability in Adobe Flash Player

Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors.

7.1

37 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-11-10 CVE-2008-5034 A Mennucc1 Link Following vulnerability in A Mennucc1 Printfilters-Ppd 2.13

** DISPUTED ** master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file.

6.9
2008-11-10 CVE-2008-5007 Lazarus Link Following vulnerability in Lazarus 0.9.24

create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory.

6.9
2008-11-10 CVE-2008-4915 Vmware Permissions, Privileges, and Access Controls vulnerability in VMWare products

The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS.

6.9
2008-11-14 CVE-2008-5075 Scriptsfrenzy SQL Injection vulnerability in Scriptsfrenzy E-Uploader PRO 1.0

Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the view parameter to (g) browser.php.

6.8
2008-11-10 CVE-2008-5028 Nagios
OP5
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.

6.8
2008-11-10 CVE-2008-5000 Phpx SQL Injection vulnerability in PHPx 3.5.16

SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via uppercase characters in the news_id parameter.

6.8
2008-11-10 CVE-2008-4822 Adobe Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player

Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.

6.8
2008-11-10 CVE-2008-4819 Adobe Multiple Security vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.

6.8
2008-11-10 CVE-2008-5027 Nagios
OP5
Permissions, Privileges, and Access Controls vulnerability in multiple products

The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.

6.5
2008-11-13 CVE-2008-5015 Mozilla Code Injection vulnerability in Mozilla Firefox

Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.

5.1
2008-11-14 CVE-2008-5096 Typo3 Information Exposure vulnerability in Typo3 File List Extension

Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.

5.0
2008-11-13 CVE-2008-5062 Smolinari Path Traversal vulnerability in Smolinari Mini web Calendar 1.2

Directory traversal vulnerability in php/cal_pdf.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to read arbitrary files via directory traversal sequences in the thefile parameter.

5.0
2008-11-13 CVE-2008-5016 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.

5.0
2008-11-13 CVE-2008-5012 Mozilla Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker.

5.0
2008-11-10 CVE-2008-5035 IBM Resource Management Errors vulnerability in IBM Hardware Management Console 3.2.0/3.3.0

The Resource Monitoring and Control (RMC) daemon in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 and 3.3.0 SP2 allows remote attackers to cause a denial of service (daemon crash or hang) via a packet with an invalid length.

5.0
2008-11-10 CVE-2008-5006 University OF Washington Resource Management Errors vulnerability in University of Washington Imap Toolkit 2007B

smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.

5.0
2008-11-10 CVE-2008-5029 Linux Local Denial of Service vulnerability in Linux Kernel '__scm_destroy()'

The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.

4.9
2008-11-14 CVE-2008-5076 Htop Information Exposure vulnerability in Htop 0.7

htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings."

4.6
2008-11-14 CVE-2008-5095 Novell Cross-Site Scripting vulnerability in Novell products

Cross-site scripting (XSS) vulnerability in the Novell User Application 3.0.1, 3.5.0, and 3.5.1; and Identity Manager Roles Based Provisioning Module 3.6.0 and 3.6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2008-11-14 CVE-2008-5093 Novell Cross-Site Scripting vulnerability in Novell Edirectory

Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2008-11-14 CVE-2008-5072 K Lite Denial Of Service vulnerability in K-Lite Mega Codec Pack 3.5.7.0

vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers to cause a denial of service (application crash) via a malformed FLV file.

4.3
2008-11-13 CVE-2008-5068 Kkeim Cross-Site Scripting vulnerability in Kkeim Kmita Gallery

Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter to index.php and the (2) searchtext parameter to search.php.

4.3
2008-11-13 CVE-2008-5067 Kkeim Cross-Site Scripting vulnerability in Kkeim Kmita Catalogue 2.0

Cross-site scripting (XSS) vulnerability in search.php in Kmita Catalogue 2.x allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2008-11-13 CVE-2008-5061 Smolinari Cross-Site Scripting vulnerability in Smolinari Mini web Calendar 1.2

Cross-site scripting (XSS) vulnerability in php/cal_default.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL.

4.3
2008-11-13 CVE-2008-5059 Modernbill Cross-Site Scripting vulnerability in Modernbill

Cross-site scripting (XSS) vulnerability in index.php in ModernBill 4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the new_language parameter in a login action.

4.3
2008-11-13 CVE-2008-5056 Activecampaign Cross-Site Scripting vulnerability in Activecampaign Triolive

Cross-site scripting (XSS) vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to inject arbitrary web script or HTML via the department_id parameter to index.php.

4.3
2008-11-13 CVE-2008-5019 Mozilla
Debian
Canonical
Cross-Site Scripting vulnerability in multiple products

The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors.

4.3
2008-11-13 CVE-2008-4989 GNU Credentials Management vulnerability in GNU Gnutls

The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).

4.3
2008-11-12 CVE-2008-4033 Microsoft Information Exposure vulnerability in Microsoft XML Core Services

Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."

4.3
2008-11-12 CVE-2008-4029 Microsoft Information Exposure vulnerability in Microsoft Internet Explorer

Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability."

4.3
2008-11-12 CVE-2008-5039 Phpnuke
PHP Nuke
Cross-Site Scripting vulnerability in PHP-Nuke League Module 2.4

Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php.

4.3
2008-11-10 CVE-2008-5011 IBM Cross-Site Scripting vulnerability in IBM Lotus Quickr

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860.

4.3
2008-11-10 CVE-2008-4823 Adobe Cross-Site Scripting vulnerability in Adobe Flash Player

Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute.

4.3
2008-11-10 CVE-2008-4821 Mozilla
Adobe
Information Exposure vulnerability in Adobe Flash Player

Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors.

4.3
2008-11-10 CVE-2008-4818 Adobe Cross-Site Scripting vulnerability in Adobe Flash Player

Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers.

4.3
2008-11-12 CVE-2008-5044 Microsoft Race Condition vulnerability in Microsoft Windows Server 2003 and Windows Vista

Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.

4.0
2008-11-10 CVE-2008-5009 SUN Race Condition vulnerability in SUN Solstice X.25 9.2

Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file.

4.0

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-11-12 CVE-2008-5043 IBM Cross-Site Scripting vulnerability in IBM Metrica Service Assurance Framework

Multiple cross-site scripting (XSS) vulnerabilities in the web-based interface in IBM Metrica Service Assurance Framework allow remote authenticated users to inject arbitrary web script or HTML via (1) the elementid parameter in a generatedreportresults action to the ReportTree program, (2) the jnlpname parameter to the Launch program, or (3) the :tasklabel parameter to the ReportRequest program, related to the name of a report.

3.5
2008-11-10 CVE-2008-5026 Microsoft Cross-Site Scripting vulnerability in Microsoft Sharepoint Server

Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents.

3.5