Weekly Vulnerabilities Reports > November 24 to 30, 2008

Overview

81 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 22 high severity vulnerabilities. This weekly summary report vulnerabilities in 63 products from 49 vendors including Xine, Apple, Novell, AJ Square, and IBM. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "Numeric Errors".

  • 74 reported vulnerabilities are remotely exploitables.
  • 24 reported vulnerabilities have public exploit available.
  • 31 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 78 reported vulnerabilities are exploitable by an anonymous user.
  • Xine has the most reported vulnerabilities, with 16 reported vulnerabilities.
  • Xine has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

20 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-11-29 CVE-2008-5284 IEA Software Numeric Errors vulnerability in IEA Software products

The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8, and Radius test client (aka Radlogin) 4.0.20 and earlier, allows remote attackers to cause a denial of service (crash) via an HTTP Content-Length header with a negative value, which triggers a single byte overwrite of memory using a NULL terminator.

10.0
2008-11-29 CVE-2008-5282 W3C Buffer Errors vulnerability in W3C Amaya web Browser 10.0.1

Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.

10.0
2008-11-29 CVE-2008-5281 South River Technologies Buffer Errors vulnerability in South River Technologies Titan FTP Server 6.05

Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command.

10.0
2008-11-29 CVE-2008-5279 Zilab Buffer Errors vulnerability in Zilab ZIM Server 2.0

The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source account, and (2) a stack-based buffer overflow with a long username in an information request.

10.0
2008-11-26 CVE-2008-5244 Xine Remote Security vulnerability in xine-lib

Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad.

10.0
2008-11-26 CVE-2008-5237 Xine Numeric Errors vulnerability in Xine

Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string.

10.0
2008-11-25 CVE-2008-5227 Phpcow Code Injection vulnerability in PHPcow

Unspecified vulnerability in PHPCow allows remote attackers to execute arbitrary code via unknown vectors, related to a "file inclusion vulnerability," as exploited in the wild in November 2008.

10.0
2008-11-25 CVE-2008-4226 Xmlsoft Resource Management Errors vulnerability in Xmlsoft Libxml 2.7.2

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.

10.0
2008-11-25 CVE-2008-5220 Wportfolio Improper Input Validation vulnerability in Wportfolio 0.2

Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.

10.0
2008-11-26 CVE-2008-5246 Xine Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib

Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c.

9.3
2008-11-26 CVE-2008-5245 Xine Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib

xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c.

9.3
2008-11-26 CVE-2008-5236 Xine Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine

Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c.

9.3
2008-11-26 CVE-2008-5235 Xine Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine

Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file.

9.3
2008-11-26 CVE-2008-5234 Xine Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib

Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c.

9.3
2008-11-26 CVE-2008-5232 Microsoft Out-Of-Bounds Write vulnerability in Microsoft Windows 2000 and Windows NT

Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument.

9.3
2008-11-26 CVE-2008-5231 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint

Stack-based buffer overflow in the ExecuteRequest method in the Novell iPrint ActiveX control in ienipp.ocx in Novell iPrint Client 5.06 and earlier allows remote attackers to execute arbitrary code via a long target-frame option value, a different vulnerability than CVE-2008-2431.

9.3
2008-11-26 CVE-2008-2431 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint

Multiple buffer overflows in Novell iPrint Client before 5.06 allow remote attackers to execute arbitrary code by calling the Novell iPrint ActiveX control (aka ienipp.ocx) with (1) a long third argument to the GetDriverFile method; a long first argument to the (2) GetPrinterURLList or (3) GetPrinterURLList2 method; (4) a long argument to the GetFileList method; a long argument to the (5) GetServerVersion, (6) GetResourceList, or (7) DeleteResource method, related to nipplib.dll; a long uploadPath argument to the (8) UploadPrinterDriver or (9) UploadResource method, related to URIs; (10) a long seventh argument to the UploadResource method; a long string in the (11) second, (12) third, or (13) fourth argument to the GetDriverSettings method, related to the IppGetDriverSettings function in nipplib.dll; or (14) a long eighth argument to the UploadResourceToRMS method.

9.3
2008-11-25 CVE-2008-4829 Streamripper Buffer Errors vulnerability in Streamripper 1.63.5

Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via (1) a long "Zwitterion v" HTTP header, related to the http_parse_sc_header function; (2) a crafted pls playlist with a long entry, related to the http_get_pls function; or (3) a crafted m3u playlist with a long File entry, related to the http_get_m3u function.

9.3
2008-11-25 CVE-2008-4231 Apple Resource Management Errors vulnerability in Apple Iphone OS and Safari

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

9.3
2008-11-24 CVE-2008-5210 Phpblock Code Injection vulnerability in PHPblock A8.5

Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter to (1) script/init/createallimagecache.php, (2) allincludefortick.php and (3) test.php in script/tick/, and (4) modules/dungeon/tick/allincludefortick.php, different vectors than CVE-2008-1776.

9.3

22 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-11-25 CVE-2008-4225 Xmlsoft Numeric Errors vulnerability in Xmlsoft Libxml 2.7.2

Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.

7.8
2008-11-28 CVE-2008-5275 Net2Ftp Path Traversal vulnerability in Net2Ftp 0.96/0.97

Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a ..

7.5
2008-11-28 CVE-2008-5273 Toddwoolums SQL Injection vulnerability in Toddwoolums Todd Woolums ASP News Management 2.2

SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter.

7.5
2008-11-28 CVE-2008-5270 Wareziz SQL Injection vulnerability in Wareziz Yuhhu Superstar 2008 NIL

SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 allows remote attackers to execute arbitrary SQL commands via the board parameter.

7.5
2008-11-28 CVE-2008-5269 Powie SQL Injection vulnerability in Powie Psys 0.7.0

SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter.

7.5
2008-11-28 CVE-2008-5268 Aspportal SQL Injection vulnerability in Aspportal Free

SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter.

7.5
2008-11-26 CVE-2008-2429 Calendarix SQL Injection vulnerability in Calendarix Basic 0.8.20071118

Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php.

7.5
2008-11-25 CVE-2008-4227 Apple Cryptographic Issues vulnerability in Apple Iphone OS

Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic.

7.5
2008-11-25 CVE-2008-5226 Mambads
Joomla
Mambo
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.

7.5
2008-11-25 CVE-2008-5223 Airvae SQL Injection vulnerability in Airvae Commerce 3.0

SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.

7.5
2008-11-25 CVE-2008-5222 Dvbbs SQL Injection vulnerability in Dvbbs 8.2.0

SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2008-11-25 CVE-2008-5221 Wportfolio Improper Authentication vulnerability in Wportfolio 0.2

The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.

7.5
2008-11-25 CVE-2008-5219 Videoscript Improper Authentication vulnerability in Videoscript

The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters.

7.5
2008-11-24 CVE-2008-5216 AJ Square SQL Injection vulnerability in AJ Square Zeuscart

SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2008-11-24 CVE-2008-5215 Clanlite SQL Injection vulnerability in Clanlite 2.2006.05.20

SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter.

7.5
2008-11-24 CVE-2008-5213 AJ Square SQL Injection vulnerability in AJ Square AJ Article 1.0

SQL injection vulnerability in featured_article.php in AJ Article 1.0 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a search detail action.

7.5
2008-11-24 CVE-2008-5212 AJ Square SQL Injection vulnerability in AJ Square AJ Auction 1.0/Web2.0

SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter.

7.5
2008-11-24 CVE-2008-5208 Joomla
Mambo
SQL Injection vulnerability in Joomla COM Datsogallery 1.6

SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.

7.5
2008-11-26 CVE-2008-2378 HF Permissions, Privileges, and Access Controls vulnerability in HF 0.7.3/0.8

Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling of the -k option.

7.2
2008-11-26 CVE-2008-5238 Xine Numeric Errors vulnerability in Xine

Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field.

7.1
2008-11-25 CVE-2008-1586 Apple Resource Management Errors vulnerability in Apple Iphone OS

ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image.

7.1
2008-11-26 CVE-2008-5162 Freebsd Use of Insufficiently Random Values vulnerability in Freebsd

The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.

7.0

33 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-11-25 CVE-2008-5229 Microsoft Buffer Errors vulnerability in Microsoft Windows Vista Gold

Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command.

6.9
2008-11-28 CVE-2008-5267 Experts SQL Injection vulnerability in Experts 1.0.0

SQL injection vulnerability in answer.php in Experts 1.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the question_id parameter.

6.8
2008-11-28 CVE-2008-5265 Tntforum Path Traversal vulnerability in Tntforum TNT Forum 0.9.4

Directory traversal vulnerability in index.php in TNT Forum 0.9.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the modulo parameter.

6.8
2008-11-27 CVE-2008-4315 Redhat
Openpegasus
Remote Security vulnerability in Enterprise Linux Desktop

tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.

6.8
2008-11-26 CVE-2008-5242 Xine Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib

demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.

6.8
2008-11-25 CVE-2008-5230 Cisco Cryptographic Issues vulnerability in Cisco IOS

The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng.

6.8
2008-11-29 CVE-2008-5283 GHH Permissions, Privileges, and Access Controls vulnerability in GHH Google Hack Honeypot File Upload Manager 1.3

Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php.

6.4
2008-11-27 CVE-2008-4313 Redhat
Openpegasus
Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop

A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.

6.0
2008-11-24 CVE-2008-5217 Phpc0D3R Path Traversal vulnerability in PHPc0D3R Txtcms 0.3

Directory traversal vulnerability in index.php in txtCMS 0.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

5.1
2008-11-29 CVE-2008-5280 Zilab Resource Management Errors vulnerability in Zilab ZIM Server 2.0

The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM) Server 2.0 and 2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted requests without required parameters.

5.0
2008-11-28 CVE-2008-5274 Toddwoolums Permissions, Privileges, and Access Controls vulnerability in Toddwoolums Todd Woolums ASP News Management 2.2

Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp.

5.0
2008-11-26 CVE-2008-2432 Novell Information Exposure vulnerability in Novell Iprint

Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument.

5.0
2008-11-25 CVE-2008-5109 Adobe Configuration vulnerability in Adobe Flash Media Server 3.0/3.5

The default configuration of Adobe Flash Media Server (FMS) 3.0 does not enable SWF Verification for (1) RTMPE and (2) RTMPTE sessions, which makes it easier for remote attackers to make copies of video content via stream-capture software.

5.0
2008-11-25 CVE-2008-4232 Apple Unspecified vulnerability in Apple Iphone OS and Safari

Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.

5.0
2008-11-25 CVE-2008-5218 Scriptsez Permissions, Privileges, and Access Controls vulnerability in Scriptsez Freeze Greetings 1.0

ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords.

5.0
2008-11-24 CVE-2008-5209 Admidio Path Traversal vulnerability in Admidio 1.4.8

Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a ..

5.0
2008-11-27 CVE-2008-5256 Virtualox Link Following vulnerability in Virtualox

The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file.

4.4
2008-11-28 CVE-2008-5278 Wordpress Cross-Site Scripting vulnerability in Wordpress

Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).

4.3
2008-11-28 CVE-2008-5271 Syndeocms Cross-Site Scripting vulnerability in Syndeocms 2.6.0

Cross-site scripting (XSS) vulnerability in index.php in Fred Stuurman SyndeoCMS 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter.

4.3
2008-11-28 CVE-2008-5266 SUN
Oracle
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751.

4.3
2008-11-28 CVE-2008-5264 Tornado Cross-Site Scripting vulnerability in Tornado Knowledge Retrieval System

Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action.

4.3
2008-11-27 CVE-2008-5257 IBM Improper Input Validation vulnerability in IBM Tivoli Access Manager for E-Business 6.0.0.17

webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-business allows remote attackers to cause a denial of service (crash or hang) via HTTP requests, as demonstrated by a McAfee vulnerability scan.

4.3
2008-11-26 CVE-2008-5248 Xine Improper Input Validation vulnerability in Xine Xine-Lib

xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."

4.3
2008-11-26 CVE-2008-5247 Xine Numeric Errors vulnerability in Xine Xine-Lib

The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value.

4.3
2008-11-26 CVE-2008-5243 Xine Improper Input Validation vulnerability in Xine Xine-Lib

The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error.

4.3
2008-11-26 CVE-2008-5241 Xine Numeric Errors vulnerability in Xine Xine-Lib

Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM).

4.3
2008-11-26 CVE-2008-5240 Xine Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib

xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value.

4.3
2008-11-26 CVE-2008-5239 Xine Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib

xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows.

4.3
2008-11-26 CVE-2008-5233 Xine Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib

xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.

4.3
2008-11-25 CVE-2008-5225 Xerox Cross-Site Scripting vulnerability in Xerox Docushare

Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories.

4.3
2008-11-25 CVE-2008-5224 Kent WEB Cross-Site Scripting vulnerability in Kent-Web Mart

Cross-site scripting (XSS) vulnerability in Kent Web Mart 1.61 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-11-24 CVE-2008-5214 Clanlite Cross-Site Scripting vulnerability in Clanlite 2.2006.05.20

Cross-site scripting (XSS) vulnerability in service/calendrier.php in ClanLite 2.2006.05.20 allows remote attackers to inject arbitrary web script or HTML via the annee parameter.

4.3
2008-11-28 CVE-2008-5272 Syndeocms Path Traversal vulnerability in Syndeocms 2.6.0

Multiple directory traversal vulnerabilities in Fred Stuurman SyndeoCMS 2.6.0 allow remote authenticated users to read arbitrary files via a ..

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-11-25 CVE-2008-4229 Apple Race Condition vulnerability in Apple Iphone OS

Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.

3.7
2008-11-25 CVE-2008-4228 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number.

3.6
2008-11-25 CVE-2008-5228 IBM Cross-Site Scripting vulnerability in IBM Workplace Content Management 6.0/6.1

Cross-site scripting (XSS) vulnerability in IBM Workplace Content Management (WCM) 6.0G and 6.1 before CF8, when a Page Navigation Component shows menu entries, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in the URI, related to parameters "not being encoded."

2.6
2008-11-25 CVE-2008-4233 Apple Unspecified vulnerability in Apple Iphone OS and Safari

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.

2.6
2008-11-24 CVE-2008-5211 Sphider Cross-Site Scripting vulnerability in Sphider 1.3.4

Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506.

2.6
2008-11-25 CVE-2008-4230 Apple Information Exposure vulnerability in Apple Iphone OS

The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages.

1.9