Weekly Vulnerabilities Reports > November 24 to 30, 2008
Overview
81 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 22 high severity vulnerabilities. This weekly summary report vulnerabilities in 63 products from 49 vendors including Xine, Apple, Novell, AJ Square, and Microsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "Numeric Errors".
- 74 reported vulnerabilities are remotely exploitables.
- 24 reported vulnerabilities have public exploit available.
- 31 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 78 reported vulnerabilities are exploitable by an anonymous user.
- Xine has the most reported vulnerabilities, with 16 reported vulnerabilities.
- Xine has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
20 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-11-29 | CVE-2008-5284 | IEA Software | Numeric Errors vulnerability in IEA Software products The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8, and Radius test client (aka Radlogin) 4.0.20 and earlier, allows remote attackers to cause a denial of service (crash) via an HTTP Content-Length header with a negative value, which triggers a single byte overwrite of memory using a NULL terminator. | 10.0 |
2008-11-29 | CVE-2008-5282 | W3C | Buffer Errors vulnerability in W3C Amaya web Browser 10.0.1 Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute. | 10.0 |
2008-11-29 | CVE-2008-5281 | South River Technologies | Buffer Errors vulnerability in South River Technologies Titan FTP Server 6.05 Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command. | 10.0 |
2008-11-29 | CVE-2008-5279 | Zilab | Buffer Errors vulnerability in Zilab ZIM Server 2.0 The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source account, and (2) a stack-based buffer overflow with a long username in an information request. | 10.0 |
2008-11-26 | CVE-2008-5244 | Xine | Remote Security vulnerability in xine-lib Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. | 10.0 |
2008-11-26 | CVE-2008-5237 | Xine | Numeric Errors vulnerability in Xine Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string. | 10.0 |
2008-11-25 | CVE-2008-5227 | Phpcow | Code Injection vulnerability in PHPcow Unspecified vulnerability in PHPCow allows remote attackers to execute arbitrary code via unknown vectors, related to a "file inclusion vulnerability," as exploited in the wild in November 2008. | 10.0 |
2008-11-25 | CVE-2008-4226 | Xmlsoft | Resource Management Errors vulnerability in Xmlsoft Libxml 2.7.2 Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. | 10.0 |
2008-11-25 | CVE-2008-5220 | Wportfolio | Improper Input Validation vulnerability in Wportfolio 0.2 Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/. | 10.0 |
2008-11-26 | CVE-2008-5246 | Xine | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. | 9.3 |
2008-11-26 | CVE-2008-5245 | Xine | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c. | 9.3 |
2008-11-26 | CVE-2008-5236 | Xine | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. | 9.3 |
2008-11-26 | CVE-2008-5235 | Xine | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. | 9.3 |
2008-11-26 | CVE-2008-5234 | Xine | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. | 9.3 |
2008-11-26 | CVE-2008-5232 | Microsoft | Out-Of-Bounds Write vulnerability in Microsoft Windows 2000 and Windows NT Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. | 9.3 |
2008-11-26 | CVE-2008-5231 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Stack-based buffer overflow in the ExecuteRequest method in the Novell iPrint ActiveX control in ienipp.ocx in Novell iPrint Client 5.06 and earlier allows remote attackers to execute arbitrary code via a long target-frame option value, a different vulnerability than CVE-2008-2431. | 9.3 |
2008-11-26 | CVE-2008-2431 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Multiple buffer overflows in Novell iPrint Client before 5.06 allow remote attackers to execute arbitrary code by calling the Novell iPrint ActiveX control (aka ienipp.ocx) with (1) a long third argument to the GetDriverFile method; a long first argument to the (2) GetPrinterURLList or (3) GetPrinterURLList2 method; (4) a long argument to the GetFileList method; a long argument to the (5) GetServerVersion, (6) GetResourceList, or (7) DeleteResource method, related to nipplib.dll; a long uploadPath argument to the (8) UploadPrinterDriver or (9) UploadResource method, related to URIs; (10) a long seventh argument to the UploadResource method; a long string in the (11) second, (12) third, or (13) fourth argument to the GetDriverSettings method, related to the IppGetDriverSettings function in nipplib.dll; or (14) a long eighth argument to the UploadResourceToRMS method. | 9.3 |
2008-11-25 | CVE-2008-4829 | Streamripper | Buffer Errors vulnerability in Streamripper 1.63.5 Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via (1) a long "Zwitterion v" HTTP header, related to the http_parse_sc_header function; (2) a crafted pls playlist with a long entry, related to the http_get_pls function; or (3) a crafted m3u playlist with a long File entry, related to the http_get_m3u function. | 9.3 |
2008-11-25 | CVE-2008-4231 | Apple | Resource Management Errors vulnerability in Apple Iphone OS and Safari Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | 9.3 |
2008-11-24 | CVE-2008-5210 | Phpblock | Code Injection vulnerability in PHPblock A8.5 Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter to (1) script/init/createallimagecache.php, (2) allincludefortick.php and (3) test.php in script/tick/, and (4) modules/dungeon/tick/allincludefortick.php, different vectors than CVE-2008-1776. | 9.3 |
22 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-11-25 | CVE-2008-4225 | Xmlsoft | Numeric Errors vulnerability in Xmlsoft Libxml 2.7.2 Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document. | 7.8 |
2008-11-28 | CVE-2008-5275 | Net2Ftp | Path Traversal vulnerability in Net2Ftp 0.96/0.97 Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. | 7.5 |
2008-11-28 | CVE-2008-5273 | Toddwoolums | SQL Injection vulnerability in Toddwoolums Todd Woolums ASP News Management 2.2 SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter. | 7.5 |
2008-11-28 | CVE-2008-5270 | Wareziz | SQL Injection vulnerability in Wareziz Yuhhu Superstar 2008 NIL SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 allows remote attackers to execute arbitrary SQL commands via the board parameter. | 7.5 |
2008-11-28 | CVE-2008-5269 | Powie | SQL Injection vulnerability in Powie Psys 0.7.0 SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter. | 7.5 |
2008-11-28 | CVE-2008-5268 | Aspportal | SQL Injection vulnerability in Aspportal Free SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter. | 7.5 |
2008-11-26 | CVE-2008-2429 | Calendarix | SQL Injection vulnerability in Calendarix Basic 0.8.20071118 Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php. | 7.5 |
2008-11-25 | CVE-2008-4227 | Apple | Cryptographic Issues vulnerability in Apple Iphone OS Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic. | 7.5 |
2008-11-25 | CVE-2008-5226 | Mambads Joomla Mambo | SQL Injection vulnerability in multiple products SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177. | 7.5 |
2008-11-25 | CVE-2008-5223 | Airvae | SQL Injection vulnerability in Airvae Commerce 3.0 SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | 7.5 |
2008-11-25 | CVE-2008-5222 | Dvbbs | SQL Injection vulnerability in Dvbbs 8.2.0 SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2008-11-25 | CVE-2008-5221 | Wportfolio | Improper Authentication vulnerability in Wportfolio 0.2 The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters. | 7.5 |
2008-11-25 | CVE-2008-5219 | Videoscript | Improper Authentication vulnerability in Videoscript The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters. | 7.5 |
2008-11-24 | CVE-2008-5216 | AJ Square | SQL Injection vulnerability in AJ Square Zeuscart SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
2008-11-24 | CVE-2008-5215 | Clanlite | SQL Injection vulnerability in Clanlite 2.2006.05.20 SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter. | 7.5 |
2008-11-24 | CVE-2008-5213 | AJ Square | SQL Injection vulnerability in AJ Square AJ Article 1.0 SQL injection vulnerability in featured_article.php in AJ Article 1.0 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a search detail action. | 7.5 |
2008-11-24 | CVE-2008-5212 | AJ Square | SQL Injection vulnerability in AJ Square AJ Auction 1.0/Web2.0 SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | 7.5 |
2008-11-24 | CVE-2008-5208 | Joomla Mambo | SQL Injection vulnerability in Joomla COM Datsogallery 1.6 SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | 7.5 |
2008-11-26 | CVE-2008-2378 | HF | Permissions, Privileges, and Access Controls vulnerability in HF 0.7.3/0.8 Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling of the -k option. | 7.2 |
2008-11-26 | CVE-2008-5238 | Xine | Numeric Errors vulnerability in Xine Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field. | 7.1 |
2008-11-25 | CVE-2008-1586 | Apple | Resource Management Errors vulnerability in Apple Iphone OS ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image. | 7.1 |
2008-11-26 | CVE-2008-5162 | Freebsd | Use of Insufficiently Random Values vulnerability in Freebsd The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator. | 7.0 |
33 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-11-25 | CVE-2008-5229 | Microsoft | Buffer Errors vulnerability in Microsoft Windows Vista Gold Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. | 6.9 |
2008-11-28 | CVE-2008-5267 | Experts | SQL Injection vulnerability in Experts 1.0.0 SQL injection vulnerability in answer.php in Experts 1.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the question_id parameter. | 6.8 |
2008-11-28 | CVE-2008-5265 | Tntforum | Path Traversal vulnerability in Tntforum TNT Forum 0.9.4 Directory traversal vulnerability in index.php in TNT Forum 0.9.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the modulo parameter. | 6.8 |
2008-11-27 | CVE-2008-4315 | Redhat Openpegasus | Remote Security vulnerability in Enterprise Linux Desktop tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks. | 6.8 |
2008-11-26 | CVE-2008-5242 | Xine | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. | 6.8 |
2008-11-25 | CVE-2008-5230 | Cisco | Cryptographic Issues vulnerability in Cisco IOS The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng. | 6.8 |
2008-11-29 | CVE-2008-5283 | GHH | Permissions, Privileges, and Access Controls vulnerability in GHH Google Hack Honeypot File Upload Manager 1.3 Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. | 6.4 |
2008-11-27 | CVE-2008-4313 | Redhat Openpegasus | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services. | 6.0 |
2008-11-24 | CVE-2008-5217 | Phpc0D3R | Path Traversal vulnerability in PHPc0D3R Txtcms 0.3 Directory traversal vulnerability in index.php in txtCMS 0.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 5.1 |
2008-11-29 | CVE-2008-5280 | Zilab | Resource Management Errors vulnerability in Zilab ZIM Server 2.0 The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM) Server 2.0 and 2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted requests without required parameters. | 5.0 |
2008-11-28 | CVE-2008-5274 | Toddwoolums | Permissions, Privileges, and Access Controls vulnerability in Toddwoolums Todd Woolums ASP News Management 2.2 Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. | 5.0 |
2008-11-26 | CVE-2008-2432 | Novell | Information Exposure vulnerability in Novell Iprint Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument. | 5.0 |
2008-11-25 | CVE-2008-5109 | Adobe | Configuration vulnerability in Adobe Flash Media Server 3.0/3.5 The default configuration of Adobe Flash Media Server (FMS) 3.0 does not enable SWF Verification for (1) RTMPE and (2) RTMPTE sessions, which makes it easier for remote attackers to make copies of video content via stream-capture software. | 5.0 |
2008-11-25 | CVE-2008-4232 | Apple | Unspecified vulnerability in Apple Iphone OS and Safari Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document. | 5.0 |
2008-11-25 | CVE-2008-5218 | Scriptsez | Permissions, Privileges, and Access Controls vulnerability in Scriptsez Freeze Greetings 1.0 ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords. | 5.0 |
2008-11-24 | CVE-2008-5209 | Admidio | Path Traversal vulnerability in Admidio 1.4.8 Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. | 5.0 |
2008-11-27 | CVE-2008-5256 | Virtualox | Link Following vulnerability in Virtualox The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file. | 4.4 |
2008-11-28 | CVE-2008-5278 | Wordpress | Cross-Site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable). | 4.3 |
2008-11-28 | CVE-2008-5271 | Syndeocms | Cross-Site Scripting vulnerability in Syndeocms 2.6.0 Cross-site scripting (XSS) vulnerability in index.php in Fred Stuurman SyndeoCMS 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. | 4.3 |
2008-11-28 | CVE-2008-5266 | SUN Oracle | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751. | 4.3 |
2008-11-28 | CVE-2008-5264 | Tornado | Cross-Site Scripting vulnerability in Tornado Knowledge Retrieval System Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action. | 4.3 |
2008-11-27 | CVE-2008-5257 | IBM | Improper Input Validation vulnerability in IBM Tivoli Access Manager for E-Business 6.0.0.17 webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-business allows remote attackers to cause a denial of service (crash or hang) via HTTP requests, as demonstrated by a McAfee vulnerability scan. | 4.3 |
2008-11-26 | CVE-2008-5248 | Xine | Improper Input Validation vulnerability in Xine Xine-Lib xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators." | 4.3 |
2008-11-26 | CVE-2008-5247 | Xine | Numeric Errors vulnerability in Xine Xine-Lib The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value. | 4.3 |
2008-11-26 | CVE-2008-5243 | Xine | Improper Input Validation vulnerability in Xine Xine-Lib The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error. | 4.3 |
2008-11-26 | CVE-2008-5241 | Xine | Numeric Errors vulnerability in Xine Xine-Lib Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM). | 4.3 |
2008-11-26 | CVE-2008-5240 | Xine | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value. | 4.3 |
2008-11-26 | CVE-2008-5239 | Xine | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows. | 4.3 |
2008-11-26 | CVE-2008-5233 | Xine | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. | 4.3 |
2008-11-25 | CVE-2008-5225 | Xerox | Cross-Site Scripting vulnerability in Xerox Docushare Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories. | 4.3 |
2008-11-25 | CVE-2008-5224 | Kent WEB | Cross-Site Scripting vulnerability in Kent-Web Mart Cross-site scripting (XSS) vulnerability in Kent Web Mart 1.61 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-11-24 | CVE-2008-5214 | Clanlite | Cross-Site Scripting vulnerability in Clanlite 2.2006.05.20 Cross-site scripting (XSS) vulnerability in service/calendrier.php in ClanLite 2.2006.05.20 allows remote attackers to inject arbitrary web script or HTML via the annee parameter. | 4.3 |
2008-11-28 | CVE-2008-5272 | Syndeocms | Path Traversal vulnerability in Syndeocms 2.6.0 Multiple directory traversal vulnerabilities in Fred Stuurman SyndeoCMS 2.6.0 allow remote authenticated users to read arbitrary files via a .. | 4.0 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-11-25 | CVE-2008-4229 | Apple | Race Condition vulnerability in Apple Iphone OS Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup. | 3.7 |
2008-11-25 | CVE-2008-4228 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number. | 3.6 |
2008-11-25 | CVE-2008-5228 | IBM | Cross-Site Scripting vulnerability in IBM Workplace Content Management 6.0/6.1 Cross-site scripting (XSS) vulnerability in IBM Workplace Content Management (WCM) 6.0G and 6.1 before CF8, when a Page Navigation Component shows menu entries, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in the URI, related to parameters "not being encoded." | 2.6 |
2008-11-25 | CVE-2008-4233 | Apple | Unspecified vulnerability in Apple Iphone OS and Safari Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document. | 2.6 |
2008-11-24 | CVE-2008-5211 | Sphider | Cross-Site Scripting vulnerability in Sphider 1.3.4 Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506. | 2.6 |
2008-11-25 | CVE-2008-4230 | Apple | Information Exposure vulnerability in Apple Iphone OS The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. | 1.9 |