Weekly Vulnerabilities Reports > November 17 to 23, 2008
Overview
116 new vulnerabilities reported during this period, including 25 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 116 products from 79 vendors including SUN, Trend Micro, Microsoft, Apple, and Easysitenetwork. Vulnerabilities are notably categorized as "Link Following", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", and "Permissions, Privileges, and Access Controls".
- 86 reported vulnerabilities are remotely exploitables.
- 31 reported vulnerabilities have public exploit available.
- 39 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 113 reported vulnerabilities are exploitable by an anonymous user.
- SUN has the most reported vulnerabilities, with 9 reported vulnerabilities.
- Trend Micro has the most reported critical vulnerabilities, with 8 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
25 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-11-21 | CVE-2008-5184 | Apple | Credentials Management vulnerability in Apple Cups The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. | 10.0 |
| 2008-11-18 | CVE-2008-5159 | Clientsoftware | Numeric Errors vulnerability in Clientsoftware Wincome MPD Total Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption. | 10.0 |
| 2008-11-18 | CVE-2008-5120 | HP | Buffer Errors vulnerability in HP Openvms 8.3 Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string. | 10.0 |
| 2008-11-17 | CVE-2008-0014 | Trend Micro | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect 5.58/5.7 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013. | 10.0 |
| 2008-11-17 | CVE-2008-0013 | Trend Micro | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect 5.58/5.7 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014. | 10.0 |
| 2008-11-17 | CVE-2008-0012 | Trend Micro | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect 5.58/5.7 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014. | 10.0 |
| 2008-11-17 | CVE-2007-0074 | Trend Micro | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect 5.58/5.7 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC. | 10.0 |
| 2008-11-17 | CVE-2007-0073 | Trend Micro | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect 5.58/5.7 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read operation over RPC. | 10.0 |
| 2008-11-17 | CVE-2007-0072 | Trend Micro | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect 5.58/5.7 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC. | 10.0 |
| 2008-11-17 | CVE-2006-5269 | Trend Micro | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect 5.58/5.7 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, probably related to an RPC interface. | 10.0 |
| 2008-11-17 | CVE-2006-5268 | Trend Micro | Remote vulnerability in Trend Micro Serverprotect 5.58/5.7 Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface." | 10.0 |
| 2008-11-17 | CVE-2008-5106 | Karjasoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Karjasoft Sami FTP Server 2.0.0/2.0.1/2.0.2 Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to an arbitrary command, which triggers the overflow when the SamyFtp.binlog log file is viewed in the management console. | 10.0 |
| 2008-11-17 | CVE-2008-5100 | Microsoft | Cryptographic Issues vulnerability in Microsoft .Net Framework 2.0.50727 The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs. | 10.0 |
| 2008-11-20 | CVE-2008-5178 | Opera Microsoft | Buffer Errors vulnerability in Opera 9.62 Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. | 9.3 |
| 2008-11-20 | CVE-2008-5176 | Clientsoftware | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Clientsoftware Wincom MPD Total Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.623 and earlier allow remote attackers to execute arbitrary code via (1) a long 0x02 command to the remote administration service on TCP port 13500 or (2) a long invalid control filename to LPDService.exe on TCP port 515. | 9.3 |
| 2008-11-19 | CVE-2008-5175 | Visicommedia | Path Traversal vulnerability in Visicommedia Aceftp 3.80.3 Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. | 9.3 |
| 2008-11-19 | CVE-2008-5171 | Phpblaster | Path Traversal vulnerability in PHPblaster CMS 1.0 Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) DB, (2) lang, and (3) skin parameters. | 9.3 |
| 2008-11-19 | CVE-2008-5167 | Boonex | Code Injection vulnerability in Boonex Orca 2.0/2.0.2 PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter. | 9.3 |
| 2008-11-18 | CVE-2008-5155 | Smsclient | Link Following vulnerability in Smsclient 2.0.8Z mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/header.##### or (2) /tmp/body.##### temporary file, or append data to arbitrary files via a symlink attack on the (3) /tmp/sms.log temporary file. | 9.3 |
| 2008-11-17 | CVE-2008-5110 | Oneidentity | Unspecified vulnerability in Oneidentity Syslog-Ng syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. | 9.3 |
| 2008-11-17 | CVE-2008-4824 | Adobe | Improper Input Validation vulnerability in Adobe Flash Player Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors." | 9.3 |
| 2008-11-17 | CVE-2008-5101 | Optipng | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Optipng 0.6/0.6.1 Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow." | 9.3 |
| 2008-11-17 | CVE-2008-3623 | Microsoft Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces. | 9.3 |
| 2008-11-19 | CVE-2008-5173 | Testmaker | Code Injection vulnerability in Testmaker Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors. | 9.0 |
| 2008-11-17 | CVE-2008-4415 | HP | Permissions, Privileges, and Access Controls vulnerability in HP Service Manager Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors. | 9.0 |
30 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-11-18 | CVE-2008-5116 | SUN | Path Traversal vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter. | 7.8 |
| 2008-11-21 | CVE-2008-5206 | Mosxml | Code Injection vulnerability in Mosxml 1 PHP remote file inclusion vulnerability in modules/mod_mainmenu.php in MosXML 1 Alpha allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
| 2008-11-21 | CVE-2008-5201 | Otmanager | Path Traversal vulnerability in Otmanager CMS 24A Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2008-11-21 | CVE-2008-5200 | Joomla Mambo | SQL Injection vulnerability in Joomla COM Xewebtv SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | 7.5 |
| 2008-11-21 | CVE-2008-5199 | Phpoutsourcing | Code Injection vulnerability in PHPoutsourcing Ideabox 1.1 PHP remote file inclusion vulnerability in include.php in PHPOutsourcing IdeaBox (aka IdeBox) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the gorumDir parameter. | 7.5 |
| 2008-11-21 | CVE-2008-5198 | Vizzed | SQL Injection vulnerability in Vizzed Acmlmboard 1.A2 SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter. | 7.5 |
| 2008-11-21 | CVE-2008-5197 | PHP Fusion | SQL Injection vulnerability in PHP-Fusion SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action. | 7.5 |
| 2008-11-21 | CVE-2008-5196 | PHP Fusion | SQL Injection vulnerability in PHP-Fusion the Kroax Module SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter. | 7.5 |
| 2008-11-21 | CVE-2008-5195 | Sebrac | SQL Injection vulnerability in Sebrac Sebraccms 0.4 Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors. | 7.5 |
| 2008-11-21 | CVE-2008-5194 | Softvisions Software | SQL Injection vulnerability in Softvisions Software Online Booking Manager 2.2 SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-11-21 | CVE-2008-5192 | Philboard | SQL Injection vulnerability in Philboard 1.14/1.2 SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | 7.5 |
| 2008-11-21 | CVE-2008-5191 | Seportal | SQL Injection vulnerability in Seportal 2.4 Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php. | 7.5 |
| 2008-11-21 | CVE-2008-5190 | Eshop100 | SQL Injection vulnerability in Eshop100 NIL SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter. | 7.5 |
| 2008-11-21 | CVE-2008-5187 | Enlightenment | Buffer Errors vulnerability in Enlightenment Imlib2 1.4.2 The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426. | 7.5 |
| 2008-11-21 | CVE-2008-5183 | Apple Opensuse Debian | NULL Pointer Dereference vulnerability in multiple products cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. | 7.5 |
| 2008-11-19 | CVE-2008-5174 | Easysitenetwork | SQL Injection vulnerability in Easysitenetwork Jokes Complete Website 2.1.3 SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid parameter. | 7.5 |
| 2008-11-19 | CVE-2008-5170 | Easysitenetwork | SQL Injection vulnerability in Easysitenetwork Cheats Complete Website 1.1.1 SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | 7.5 |
| 2008-11-19 | CVE-2008-5169 | Easysitenetwork | SQL Injection vulnerability in Easysitenetwork Drinks Complete Website 2.1.0 SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter. | 7.5 |
| 2008-11-19 | CVE-2008-5168 | Easysitenetwork | SQL Injection vulnerability in Easysitenetwork Tips Complete Website 1.2.0 SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 allows remote attackers to execute arbitrary SQL commands via the tipid parameter. | 7.5 |
| 2008-11-19 | CVE-2008-5166 | Easysitenetwork | SQL Injection vulnerability in Easysitenetwork Riddles Website 1.2.1 SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter. | 7.5 |
| 2008-11-19 | CVE-2008-5165 | Eticket | SQL Injection vulnerability in Eticket 1.5.7 Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php. | 7.5 |
| 2008-11-19 | CVE-2008-5163 | Theratstudios | SQL Injection vulnerability in Theratstudios the RAT CMS 2 Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewarticle.php and (2) viewarticle2.php. | 7.5 |
| 2008-11-18 | CVE-2008-5158 | Clientsoftware | Improper Authentication vulnerability in Clientsoftware Wincome MPD Total Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving "simply skipping the auth stage." | 7.5 |
| 2008-11-18 | CVE-2008-5132 | Memht | SQL Injection vulnerability in Memht Portal 4.0.1 SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header. | 7.5 |
| 2008-11-18 | CVE-2008-5131 | Develop IT Easy | SQL Injection vulnerability in Develop IT Easy News and Article System 1.4 Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel (admin/index.php). | 7.5 |
| 2008-11-18 | CVE-2008-5124 | Jscape | Improper Authentication vulnerability in Jscape Secure FTP Applet JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks. | 7.5 |
| 2008-11-18 | CVE-2008-5122 | Ektron | SQL Injection vulnerability in Ektron Cms4000.Net SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter. | 7.5 |
| 2008-11-18 | CVE-2008-5121 | Citrix Bluecoat Cisco Safenet | Permissions, Privileges, and Access Controls vulnerability in Citrix Deterministic Network Enhancer 2.21.7.223/3.21.7.17464 dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. | 7.2 |
| 2008-11-17 | CVE-2008-5104 | Dcgrendel Ubuntu | Credentials Management vulnerability in Dcgrendel Vmbuilder 0.9 Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions. | 7.2 |
| 2008-11-17 | CVE-2008-5103 | Dcgrendel Ubuntu | Credentials Management vulnerability in Dcgrendel Vmbuilder 0.9 The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions. | 7.2 |
58 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-11-21 | CVE-2008-5182 | Linux | Race Condition vulnerability in Linux Kernel The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. | 6.9 |
| 2008-11-18 | CVE-2008-5157 | Uoregon | Link Following vulnerability in Uoregon TAU 2.16.4 tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts. | 6.9 |
| 2008-11-18 | CVE-2008-5156 | Dann Frazier | Link Following vulnerability in Dann Frazier Systemimager-Server 3.6.3 si_mkbootserver in systemimager-server 3.6.3 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.inetd.conf or (2) /tmp/pxe.conf.*.tmp temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5154 | Koeniglich | Link Following vulnerability in Koeniglich P3Nfs 5.19 bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5153 | Moodle | Link Following vulnerability in Moodle 1.8.2 spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5152 | Peter S Galbraith | Link Following vulnerability in Peter S Galbraith Mh-Book 2000605 inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5151 | Abottoms | Link Following vulnerability in Abottoms Mayavi 1.5 test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5150 | Jose Carlos Medeiros | Link Following vulnerability in Jose Carlos Medeiros Maildirsync 1.1 sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5149 | Aucko | Link Following vulnerability in Aucko Libncbi6 6.1.20080302 fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5148 | Geda | Link Following vulnerability in Geda Gnetlist 1.4.0 sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5147 | Holloway | Link Following vulnerability in Holloway Docvert 2.4 test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/outer.odt temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5146 | ERL Wustl | Link Following vulnerability in ERL Wustl CTN 3.0.6 add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5145 | Debian | Link Following vulnerability in Debian LTP 20060918 ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5144 | Federico DI Gregorio | Link Following vulnerability in Federico DI Gregorio Nvidia-Cg-Toolkit 2.0.0015 nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5143 | Mohammed Sameer | Link Following vulnerability in Mohammed Sameer Multi-Gnome-Terminal 1.6.2 mgt-helper in multi-gnome-terminal 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.debug or (2) /tmp/*.env temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5142 | Freebsd | Link Following vulnerability in Freebsd Freebsd-Sendpr 3.113+5.3 sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pr.##### temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5141 | Dann Frazier | Link Following vulnerability in Dann Frazier Flamethrower 0.1.8 flamethrower in flamethrower 0.1.8 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/multicast.tar.##### temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5140 | Debian | Link Following vulnerability in Debian Mailscanner 4.55.10 trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5139 | Javier Fernandez | Link Following vulnerability in Javier Fernandez Jailer 0.4 updatejail in jailer 0.4 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5138 | Bkleineidam | Link Following vulnerability in Bkleineidam Libpam Mount 0.43 passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5137 | Tkman | Link Following vulnerability in Tkman 2.2 tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file. | 6.9 |
| 2008-11-18 | CVE-2008-5136 | Ldrolez | Link Following vulnerability in Ldrolez Tkusr 0.82 tkusr in tkusr 0.82 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/tkusr.pgm temporary file. | 6.9 |
| 2008-11-17 | CVE-2008-4832 | Rpath | Link Following vulnerability in Rpath Initscripts 8.128.21/8.56.150.1 rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. | 6.9 |
| 2008-11-21 | CVE-2008-5207 | Jonascms | Path Traversal vulnerability in Jonascms 1.2 Multiple directory traversal vulnerabilities in Jonascms 1.2 allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2008-11-21 | CVE-2008-5204 | Poweraward | Path Traversal vulnerability in Poweraward 1.1.0 Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php. | 6.8 |
| 2008-11-18 | CVE-2008-5125 | Castillocentral | Improper Authentication vulnerability in Castillocentral Ccleague 1.2 admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin. | 6.8 |
| 2008-11-18 | CVE-2008-5123 | Castillocentral | SQL Injection vulnerability in Castillocentral Ccleague 1.2 SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter. | 6.8 |
| 2008-11-18 | CVE-2008-5115 | SUN | Cross-Site Request Forgery (CSRF) vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp. | 6.8 |
| 2008-11-17 | CVE-2008-5108 | Adobe | Code Injection vulnerability in Adobe AIR Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context-dependent attackers to execute untrusted JavaScript in an AIR application via unknown attack vectors. | 6.8 |
| 2008-11-18 | CVE-2008-5117 | SUN | Improper Input Validation vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.4 |
| 2008-11-18 | CVE-2008-5133 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Opensolaris and Solaris ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named. | 5.8 |
| 2008-11-21 | CVE-2008-5189 | Rubyonrails | Cross-Site Request Forgery (CSRF) vulnerability in Rubyonrails Rails and Ruby ON Rails CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function. | 5.0 |
| 2008-11-21 | CVE-2008-5185 | Geshi | Resource Management Errors vulnerability in Geshi The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using "<". | 5.0 |
| 2008-11-20 | CVE-2008-5181 | Microsoft | Resource Management Errors vulnerability in Microsoft Office Communicator Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons. | 5.0 |
| 2008-11-20 | CVE-2008-5179 | Microsoft | Remote Denial of Service vulnerability in Microsoft products Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. | 5.0 |
| 2008-11-18 | CVE-2008-5160 | Myserver | Remote Denial of Service vulnerability in Myserver 0.8.11 Unspecified vulnerability in MyServer 0.8.11 allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests with the HTTP GET, DELETE, OPTIONS, and possibly other methods, related to a "204 No Content error." | 5.0 |
| 2008-11-18 | CVE-2008-5130 | Ocean12 Technologies | Permissions, Privileges, and Access Controls vulnerability in Ocean12 Technologies Calendar Manager 2.04 Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb. | 5.0 |
| 2008-11-18 | CVE-2008-5129 | Ocean12 Technologies | Permissions, Privileges, and Access Controls vulnerability in Ocean12 Technologies Poll Manager 1.00 Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb. | 5.0 |
| 2008-11-18 | CVE-2008-5128 | Ocean12 Technologies | Permissions, Privileges, and Access Controls vulnerability in Ocean12 Technologies Membership Manager PRO Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb. | 5.0 |
| 2008-11-18 | CVE-2008-5127 | Ocean12 Technologies | Permissions, Privileges, and Access Controls vulnerability in Ocean12 Technologies Contact Manager 1.02 Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb. | 5.0 |
| 2008-11-17 | CVE-2008-5112 | Microsoft | Information Exposure vulnerability in Microsoft Windows and Windows 2000 The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum. | 5.0 |
| 2008-11-17 | CVE-2008-5105 | Karjasoft | Improper Input Validation vulnerability in Karjasoft Sami FTP Server 2.0.0/2.0.1/2.0.2 KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash or hang) via certain (1) APPE, (2) CWD, (3) DELE, (4) MKD, (5) RMD, (6) RETR, (7) RNFR, (8) RNTO, (9) SIZE, and (10) STOR commands. | 5.0 |
| 2008-11-17 | CVE-2008-5111 | SUN | Local Denial Of Service vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in the socket function in Sun Solaris 10 and OpenSolaris snv_57 through snv_91, when InfiniBand hardware is not installed, allows local users to cause a denial of service (panic) via unknown vectors, related to the socksdpv_close function. | 4.7 |
| 2008-11-17 | CVE-2008-5099 | SUN | Information Exposure vulnerability in SUN Logical Domain Manager Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l" command, a different vulnerability than CVE-2008-4992. | 4.6 |
| 2008-11-21 | CVE-2008-5205 | Wellyblog | Cross-Site Scripting vulnerability in Wellyblog NIL Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allows remote attackers to inject arbitrary web script or HTML via the articleid parameter in an add action. | 4.3 |
| 2008-11-21 | CVE-2008-5203 | Poweraward | Cross-Site Scripting vulnerability in Poweraward 1.1.0 Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter. | 4.3 |
| 2008-11-21 | CVE-2008-5202 | Otmanager | Cross-Site Scripting vulnerability in Otmanager CMS 24A Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS 24a allows remote attackers to inject arbitrary web script or HTML via the conteudo parameter. | 4.3 |
| 2008-11-21 | CVE-2008-5193 | Philboard | Cross-Site Scripting vulnerability in Philboard 1.14/1.2 Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. | 4.3 |
| 2008-11-19 | CVE-2008-5172 | Forumsoftware | Cross-Site Scripting vulnerability in Forumsoftware Yazd Forum Software 3.0 Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Software 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to (a) search.jsp, and the (2) msg parameter to (b) error.jsp and (c) userAccount.jsp. | 4.3 |
| 2008-11-19 | CVE-2008-5164 | Theratstudios | Cross-Site Scripting vulnerability in Theratstudios the RAT CMS 2 Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) viewarticle.php and (b) viewarticle2.php and the (2) PATH_INFO to viewarticle.php. | 4.3 |
| 2008-11-18 | CVE-2008-5126 | Boutikone | Cross-Site Scripting vulnerability in Boutikone CMS Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. | 4.3 |
| 2008-11-18 | CVE-2008-5119 | Scripts4Profit | Cross-Site Scripting vulnerability in Scripts4Profit Dxshopcart 4.30Mc Cross-site scripting (XSS) vulnerability in search.php in Scripts4Profit DXShopCart 4.30mc allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | 4.3 |
| 2008-11-18 | CVE-2008-5118 | SUN | Multiple vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection." | 4.3 |
| 2008-11-18 | CVE-2008-5114 | SUN | Cross-Site Scripting vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-11-17 | CVE-2008-5098 | SUN | Cross-Site Scripting vulnerability in SUN Java System Messaging Server 6.2/6.3 Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-2904. | 4.3 |
| 2008-11-17 | CVE-2008-4216 | Apple | Information Exposure vulnerability in Apple Safari The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files." | 4.3 |
| 2008-11-17 | CVE-2008-5113 | Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress 2.6.3 WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). | 4.0 |
| 2008-11-17 | CVE-2008-5102 | Zope | Resource Management Errors vulnerability in Zope PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements. | 4.0 |
3 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-11-19 | CVE-2008-5161 | Openbsd SSH | Information Exposure vulnerability in multiple products Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors. | 2.6 |
| 2008-11-17 | CVE-2008-5107 | Citrix | Information Exposure vulnerability in Citrix Desktop Server and Presentation Server The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files. | 1.9 |
| 2008-11-17 | CVE-2008-3644 | Apple | Information Exposure vulnerability in Apple Safari Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache. | 1.9 |