Weekly Vulnerabilities Reports > December 8 to 14, 2008
Overview
145 new vulnerabilities reported during this period, including 67 critical vulnerabilities and 24 high severity vulnerabilities. This weekly summary report vulnerabilities in 154 products from 93 vendors including Microsoft, IBM, SUN, Adobe, and Symantec. Vulnerabilities are notably categorized as "Improper Input Validation", "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Link Following", and "SQL Injection".
- 118 reported vulnerabilities are remotely exploitables.
- 26 reported vulnerabilities have public exploit available.
- 27 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 137 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 56 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 44 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
67 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-12-11 | CVE-2008-5415 | Broadcom CA | The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure. | 10.0 |
2008-12-10 | CVE-2008-5419 | EMC | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Control Center 5.2/6.0 Stack-based buffer overflow in SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center 5.2 SP5 and 6.0 allows remote attackers to execute arbitrary code via multiple SST_CTGTRANS requests. | 10.0 |
2008-12-10 | CVE-2008-3010 | Microsoft | Information Exposure vulnerability in Microsoft Windows Media Player 6.4 Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." | 10.0 |
2008-12-10 | CVE-2008-5404 | Grid2000 | Unspecified vulnerability in Grid2000 Flexcell Grid Control 5.7.0.1 Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the HttpDownloadFile method. | 10.0 |
2008-12-10 | CVE-2008-5403 | Cerulean Studios Ceruleanstudios | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. | 10.0 |
2008-12-10 | CVE-2008-5402 | Cerulean Studios Ceruleanstudios | Resource Management Errors vulnerability in multiple products Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." | 10.0 |
2008-12-10 | CVE-2008-5401 | Cerulean Studios Ceruleanstudios | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." | 10.0 |
2008-12-10 | CVE-2008-5414 | IBM | Multiple Unspecified vulnerability in IBM Websphere Application Server 7.0 Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken." | 10.0 |
2008-12-10 | CVE-2008-5412 | Microsoft IBM | Multiple Unspecified vulnerability in IBM WebSphere Application Server Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. | 10.0 |
2008-12-10 | CVE-2008-5305 | Twiki | Code Injection vulnerability in Twiki Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable. | 10.0 |
2008-12-09 | CVE-2008-5393 | Privacy CD | Permissions, Privileges, and Access Controls vulnerability in Privacy-Cd Unbuntu Privacy Remix UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kernel support for mounting RAID arrays, which might allow remote attackers to bypass intended isolation mechanisms by (1) reading from or (2) writing to these arrays. | 10.0 |
2008-12-10 | CVE-2008-5407 | Symantec | Improper Authentication vulnerability in Symantec Backup Exec for Windows Server 11D/12.0/12.5 Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. | 9.4 |
2008-12-12 | CVE-2008-5548 | Virusbuster Microsoft | Improper Input Validation vulnerability in Virusbuster 4.5.11.0 VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5547 | Hauri | Improper Input Validation vulnerability in Hauri Virobot 2008.12.4.1499/2008.9.12.1375 HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5546 | Virusblokada Microsoft | Improper Input Validation vulnerability in Virusblokada Vba32 Antivirus 3.12.8.5 VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5545 | Trend Micro Microsoft | Improper Input Validation vulnerability in Trend Micro Trend Micro Antivirus 8.700.0.1004 Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5544 | Hacksoft Microsoft | Improper Input Validation vulnerability in Hacksoft the Hacker 6.3.0.9.081/6.3.1.2.174 Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5543 | Symantec Microsoft | Improper Input Validation vulnerability in Symantec Antivirus 10.0 Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5542 | Sunbeltsoftware Microsoft | Improper Input Validation vulnerability in Sunbeltsoftware Vipre 3.1.1633.1/3.1.1832.2 Sunbelt VIPRE 3.1.1832.2 and possibly 3.1.1633.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5541 | Sophos Microsoft | Improper Input Validation vulnerability in Sophos Anti-Virus 4.33.0 Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5540 | Secure Computing Microsoft | Improper Input Validation vulnerability in Secure Computing Secure web Gateway and Webwasher Secure Computing Secure Web Gateway (aka Webwasher), when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5539 | Rising Global Microsoft | Improper Input Validation vulnerability in Rising-Global Rising Antivirus 20.61.42.00/21.06.31.00 RISING Antivirus 21.06.31.00 and possibly 20.61.42.00, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5538 | Prevx Microsoft | Improper Input Validation vulnerability in Prevx Prevx1 2 Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5537 | Pctools Microsoft | Improper Input Validation vulnerability in Pctools Antivirus 4.4.2.0 PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5536 | Pandasecurity Microsoft | Improper Input Validation vulnerability in Pandasecurity Panda Antivirus 9.0.0.4 Panda Antivirus 9.0.0.4, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5535 | Norman Microsoft | Improper Input Validation vulnerability in Norman Antivirus & Antispyware 5.80.02 Norman Antivirus 5.80.02, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5534 | Eset Microsoft | Improper Input Validation vulnerability in Eset Nod32 Antivirus 3440/3662 ESET NOD32 Antivirus 3662 and possibly 3440, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5533 | K7Computing Microsoft | Improper Input Validation vulnerability in K7Computing Antivirus 7.10.454/7.10.541 K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5532 | Ikarus Microsoft | Improper Input Validation vulnerability in Ikarus Antivirus T3.1.1.34.0/T3.1.1.45.0 Ikarus Virus Utilities T3.1.1.45.0 and possibly T3.1.1.34.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5531 | Fortinet Microsoft | Improper Input Validation vulnerability in Fortinet Fortiguard Antivirus 3.113.0.0 Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5530 | AVG Ewido Microsoft | Improper Input Validation vulnerability in multiple products Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5529 | CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 | |
2008-12-12 | CVE-2008-5528 | Aladdin Microsoft | Improper Input Validation vulnerability in Aladdin Esafe 7.0.17.0 Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5527 | Eset Microsoft | Improper Input Validation vulnerability in Eset Smart Security 3.0 ESET Smart Security, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5526 | Drweb Microsoft | Improper Input Validation vulnerability in Drweb Anti-Virus 4.44.0.09170 DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5525 | Clamav Microsoft | Improper Input Validation vulnerability in Clamav 0.93.1/0.94.1 ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5524 | Quickheal Microsoft | Improper Input Validation vulnerability in Quickheal CAT Quickheal 10.00/9.50 CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5523 | Avast Microsoft | Improper Input Validation vulnerability in Avast Antivirus 4.8.1281.0 avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5522 | AVG Microsoft | Improper Input Validation vulnerability in AVG Antivirus 8.0.0.161 AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5521 | Free AV Microsoft | Improper Input Validation vulnerability in Free-Av Antivir 7.8.1.28/7.9.0.36 Avira AntiVir 7.9.0.36 and possibly 7.8.1.28, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5520 | Ahnlab Microsoft | Improper Input Validation vulnerability in Ahnlab V3 Internet Security 2008.12.4.1/2008.9.13.0 AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-12 | CVE-2008-5495 | Gungho | Unspecified vulnerability in GungHo LoadPrgAx ActiveX Control Unspecified vulnerability in the GungHo LoadPrgAx ActiveX control 1.0.0.6 and earlier allows remote attackers to execute arbitrary Java applications via unknown vectors. | 9.3 |
2008-12-12 | CVE-2008-5492 | Verypdf | Buffer Errors vulnerability in Verypdf Verydoc PDF Viewer 2.0.0.1 Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. | 9.3 |
2008-12-11 | CVE-2008-4844 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 5.01/6/7 Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008. | 9.3 |
2008-12-10 | CVE-2008-4841 | Microsoft | Resource Management Errors vulnerability in Microsoft Wordpad Unknown The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. | 9.3 |
2008-12-10 | CVE-2008-4837 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." | 9.3 |
2008-12-10 | CVE-2008-4266 | Microsoft | Resource Management Errors vulnerability in Microsoft products Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME record that contains an invalid index value, which triggers stack corruption, aka "Excel Global Array Memory Corruption Vulnerability." http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx Excel Global Array Memory Corruption Vulnerability - CVE-2008-4266 A remote code execution vulnerability exists in Microsoft Office Excel as a result of stack corruption when loading Excel records. | 9.3 |
2008-12-10 | CVE-2008-4265 | Microsoft | Resource Management Errors vulnerability in Microsoft products Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability." http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx File Format Parsing Vulnerability - CVE-2008-4265 A remote code execution vulnerability exists in Microsoft Office Excel as a result of memory corruption when loading Excel records. | 9.3 |
2008-12-10 | CVE-2008-4264 | Microsoft | Resource Management Errors vulnerability in Microsoft products Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability." http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx File Format Parsing Vulnerability - CVE-2008-4264 A remote code execution vulnerability exists in Microsoft Office Excel as a result of pointer corruption when loading Excel formulas. | 9.3 |
2008-12-10 | CVE-2008-4255 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." | 9.3 |
2008-12-10 | CVE-2008-4031 | Microsoft | Resource Management Errors vulnerability in Microsoft products Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability." | 9.3 |
2008-12-10 | CVE-2008-4030 | Microsoft | Resource Management Errors vulnerability in Microsoft products Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028. | 9.3 |
2008-12-10 | CVE-2008-4028 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030. | 9.3 |
2008-12-10 | CVE-2008-4027 | Microsoft | Resource Management Errors vulnerability in Microsoft products Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object ("\do") tags, which triggers a "memory calculation error" and memory corruption, aka "Word RTF Object Parsing Vulnerability." | 9.3 |
2008-12-10 | CVE-2008-4026 | Microsoft | Resource Management Errors vulnerability in Microsoft products Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." | 9.3 |
2008-12-10 | CVE-2008-4025 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via (1) an RTF file or (2) a rich text e-mail message containing an invalid number of points for a polyline or polygon, which triggers a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability." | 9.3 |
2008-12-10 | CVE-2008-4024 | Microsoft | Code Injection vulnerability in Microsoft products Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability." | 9.3 |
2008-12-10 | CVE-2008-5409 | Bitdefender Bullguard Software602 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. | 9.3 |
2008-12-10 | CVE-2008-5406 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Quicktime Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow." | 9.3 |
2008-12-10 | CVE-2008-5405 | Oxid | Buffer Errors vulnerability in Oxid Cain and Abel 4.9.23/4.9.24 Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string. | 9.3 |
2008-12-09 | CVE-2008-5398 | TOR | Permissions, Privileges, and Access Controls vulnerability in TOR Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream. | 9.3 |
2008-12-09 | CVE-2008-5383 | National Instruments | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in National Instruments Electronics Workbench Stack-based buffer overflow in National Instruments Electronics Workbench allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .ewb file. | 9.3 |
2008-12-09 | CVE-2008-5381 | Ffdshow Tryout | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffdshow-Tryout Ffdshow Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) before SVN revision 2347 allows remote attackers to execute arbitrary code via a long URL. | 9.3 |
2008-12-09 | CVE-2008-4391 | Cisco | Buffer Errors vulnerability in Cisco Wvc54Gc 1.15 Stack-based buffer overflow in the SetSource method in the NetCamPlayerWeb11gv2 ActiveX control in NetCamPlayerWeb11gv2.ocx on the Cisco Linksys WVC54GC wireless video camera before firmware 1.25 allows remote attackers to execute arbitrary code via long invalid arguments. | 9.3 |
2008-12-08 | CVE-2008-5364 | NOS Microsystems Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in NOS Microsystems Getplus Download Manager Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1.2.2.50 in NOS Microsystems getPlus Download Manager, as used for the Adobe Reader 8.1 installation process and other downloads, allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2008-4817. | 9.3 |
2008-12-10 | CVE-2008-5416 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft SQL Server 2000/2005 Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability." | 9.0 |
2008-12-10 | CVE-2008-5408 | Symantec | Buffer Errors vulnerability in Symantec Backup Exec for Windows Server 11D/12.0/12.5 Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. | 9.0 |
24 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-12-10 | CVE-2008-4256 | Microsoft | Resource Management Errors vulnerability in Microsoft products The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability." | 8.5 |
2008-12-10 | CVE-2008-4254 | Microsoft | Numeric Errors vulnerability in Microsoft products Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability." | 8.5 |
2008-12-10 | CVE-2008-4253 | Microsoft | Resource Management Errors vulnerability in Microsoft products The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability." | 8.5 |
2008-12-10 | CVE-2008-4252 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability." | 8.5 |
2008-12-11 | CVE-2008-4418 | HP | Remote Denial Of Service vulnerability in HP Hp-Ux B.11.11/B.11.23/B.11.31 Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors. | 7.8 |
2008-12-10 | CVE-2008-5420 | EMC | Information Exposure vulnerability in EMC Control Center 5.2/6.0 The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files. | 7.8 |
2008-12-10 | CVE-2008-5410 | SUN | Cryptographic Issues vulnerability in SUN Solaris 10.0 The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions. | 7.8 |
2008-12-12 | CVE-2008-5497 | Bandsitecms | Improper Authentication vulnerability in Bandsitecms Bandsite CMS 1.1.4 BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true. | 7.5 |
2008-12-12 | CVE-2008-5496 | Pozscripts | SQL Injection vulnerability in Pozscripts Business Directory Script SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
2008-12-12 | CVE-2008-5494 | Digitalgreys Joomla | SQL Injection vulnerability in Digitalgreys COM Contactinfo 1.0 SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 7.5 |
2008-12-12 | CVE-2008-5493 | Phpstore | SQL Injection vulnerability in PHPstore Wholesale and Wholesales SQL injection vulnerability in track.php in PHPStore Wholesales (aka Wholesale) allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-12-12 | CVE-2008-5491 | Slimcms | SQL Injection vulnerability in Slimcms SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter. | 7.5 |
2008-12-12 | CVE-2008-5490 | Phpstore | SQL Injection vulnerability in PHPstore Yahoo Answers SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-12-12 | CVE-2008-5489 | Clip Share | SQL Injection vulnerability in Clip-Share Clipshare 4 SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter. | 7.5 |
2008-12-12 | CVE-2008-5488 | E Topbiz | SQL Injection vulnerability in E-Topbiz Domain Shop 2 SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 allows remote attackers to execute arbitrary SQL commands via the passfromform parameter. | 7.5 |
2008-12-12 | CVE-2008-5486 | Turnkeyforms | SQL Injection vulnerability in Turnkeyforms Text Link Sales SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-12-11 | CVE-2008-5422 | SUN Novell Redhat | Permissions, Privileges, and Access Controls vulnerability in SUN RAY Server Software Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. | 7.5 |
2008-12-10 | CVE-2008-4032 | Microsoft | Improper Authentication vulnerability in Microsoft Office Sharepoint Server and Search Server Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." | 7.5 |
2008-12-09 | CVE-2008-4390 | Cisco | Cleartext Transmission of Sensitive Information vulnerability in Cisco Linksys Wvc54Gc Firmware The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network. | 7.5 |
2008-12-08 | CVE-2008-5365 | Activewebsoftwares | SQL Injection vulnerability in Activewebsoftwares Activevotes 2.2 SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter. | 7.5 |
2008-12-09 | CVE-2008-5397 | TOR | Permissions, Privileges, and Access Controls vulnerability in TOR Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process. | 7.2 |
2008-12-09 | CVE-2008-5396 | Asterisk | Numeric Errors vulnerability in Asterisk Zaptel 1.2/1.2.27/1.4 Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZT_SPANCONFIG ioctl. | 7.2 |
2008-12-09 | CVE-2008-5394 | Debian | Link Following vulnerability in Debian Shadow 4.0.18.1 /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. | 7.2 |
2008-12-09 | CVE-2008-4917 | Vmware | Resource Management Errors vulnerability in VMWare products Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption. | 7.2 |
53 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-12-09 | CVE-2008-5386 | IBM | Buffer Errors vulnerability in IBM AIX 6.1/6.1.1/6.1.2 Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors. | 6.9 |
2008-12-09 | CVE-2008-5385 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 6.1/6.1.1/6.1.2 enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors. | 6.9 |
2008-12-09 | CVE-2008-5384 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 6.1/6.1.1/6.1.2 crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor. | 6.9 |
2008-12-08 | CVE-2008-5380 | Gpsdrive | Link Following vulnerability in Gpsdrive 2.09 gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959. | 6.9 |
2008-12-08 | CVE-2008-5379 | Oliver Gorwits | Link Following vulnerability in Oliver Gorwits Netdisco Mibs Installer 1.0 netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts. | 6.9 |
2008-12-08 | CVE-2008-5378 | Lehrstuhl FUR Mikrobiologie | Link Following vulnerability in Lehrstuhl FUR Mikrobiologie ARB 0.0.20071207.1 arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file. | 6.9 |
2008-12-08 | CVE-2008-5377 | Apple | Link Following vulnerability in Apple Cups 1.3.8 pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333. | 6.9 |
2008-12-08 | CVE-2008-5376 | Crip | Link Following vulnerability in Crip 3.7 editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file. | 6.9 |
2008-12-08 | CVE-2008-5375 | Cmus | Link Following vulnerability in Cmus 2.2.0 cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file. | 6.9 |
2008-12-08 | CVE-2008-5374 | Matthias Klose | Link Following vulnerability in Matthias Klose Bash-Doc 3.2 bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts. | 6.9 |
2008-12-08 | CVE-2008-5373 | Bacula | Link Following vulnerability in Bacula 2.4.2 mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995. | 6.9 |
2008-12-08 | CVE-2008-5372 | Jonas Smedegaard | Link Following vulnerability in Jonas Smedegaard Sdm-Terminal 0.4.0B sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sdm.autologin.once temporary file. | 6.9 |
2008-12-08 | CVE-2008-5371 | Marc Gloor | Link Following vulnerability in Marc Gloor Screenie 1.30.0 screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file. | 6.9 |
2008-12-08 | CVE-2008-5370 | Pvpgn | Link Following vulnerability in Pvpgn 1.8.1 pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file. | 6.9 |
2008-12-08 | CVE-2008-5369 | NO IP | Link Following vulnerability in No-Ip No-Ip2 2.1.7 noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file. | 6.9 |
2008-12-08 | CVE-2008-5368 | Lukas RUF | Link Following vulnerability in Lukas RUF Muttprint 0.72D muttprint in muttprint 0.72d allows local users to overwrite arbitrary files via a symlink attack on the /tmp/muttprint.log temporary file. | 6.9 |
2008-12-08 | CVE-2008-5367 | Marco D Itri | Link Following vulnerability in Marco D'Itri Ppp-Udeb 2.4.4 ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file. | 6.9 |
2008-12-08 | CVE-2008-5366 | Marco D Itri | Link Following vulnerability in Marco D'Itri PPP 2.4.4 The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file. | 6.9 |
2008-12-09 | CVE-2008-5382 | I O Data | Cross-Site Request Forgery (CSRF) vulnerability in I-O Data products Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to (1) change a configuration or (2) delete files as an authenticated user via unknown vectors. | 6.8 |
2008-12-11 | CVE-2008-5434 | Punbb | SQL Injection vulnerability in Punbb 1.3/1.3.1 Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php. | 6.5 |
2008-12-09 | CVE-2008-5387 | IBM | Buffer Errors vulnerability in IBM AIX 6.1/6.1.1/6.1.2 Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors. | 6.2 |
2008-12-10 | CVE-2008-5418 | Justin ROY Punbb | Path Traversal vulnerability in Justin ROY Punportal Module 1.0 Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. | 5.1 |
2008-12-12 | CVE-2008-5549 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Java System Portal Server 7.1/7.2 Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet." | 5.0 |
2008-12-11 | CVE-2008-5431 | 5E5 | Improper Input Validation vulnerability in 5E5 Teamtek Universal FTP Server 1.0.44/1.0.50 Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command. | 5.0 |
2008-12-11 | CVE-2008-5421 | Netwin | Resource Management Errors vulnerability in Netwin Smsgate The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service (hang) via (1) a large integer in the Content-Length HTTP header; (2) an invalid value in the Content-Length HTTP header, as demonstrated by a negative integer; or (3) a missing Content-Length HTTP header. | 5.0 |
2008-12-11 | CVE-2006-7235 | 5E5 | Improper Input Validation vulnerability in 5E5 Teamtek Universal FTP Server 1.0.44/1.0.50 Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a denial of service (daemon crash or hang) via (1) multiple STOR (aka PUT) commands, or an MKD command followed by (2) a '*' argument, (3) a '|' argument, (4) spaces, or (5) a long string. | 5.0 |
2008-12-10 | CVE-2008-5413 | IBM | Information Exposure vulnerability in IBM Websphere Application Server PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. | 5.0 |
2008-12-10 | CVE-2008-5411 | IBM | Cryptographic Issues vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
2008-12-09 | CVE-2008-5079 | Linux | Resource Management Errors vulnerability in Linux Kernel net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table. | 4.9 |
2008-12-10 | CVE-2008-4311 | Freedesktop | Configuration vulnerability in Freedesktop Dbus The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. | 4.6 |
2008-12-13 | CVE-2008-5430 | Mozilla | Resource Management Errors vulnerability in Mozilla Thunderbird 2.0.0.14 Mozilla Thunderbird 2.0.14 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which might allow remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | 4.3 |
2008-12-12 | CVE-2008-5555 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8 Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." | 4.3 |
2008-12-12 | CVE-2008-5554 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8 The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. | 4.3 |
2008-12-12 | CVE-2008-5553 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8 The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. | 4.3 |
2008-12-12 | CVE-2008-5552 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8 The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. | 4.3 |
2008-12-12 | CVE-2008-5551 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8 The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection." | 4.3 |
2008-12-12 | CVE-2008-5550 | SUN | URI Redirection vulnerability in SUN Java web Console, Solaris and Sunos Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter. | 4.3 |
2008-12-12 | CVE-2008-5487 | Turnkeyforms | Cross-Site Scripting vulnerability in Turnkeyforms Text Link Sales Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2008-12-11 | CVE-2008-5435 | Punbb | Cross-Site Scripting vulnerability in Punbb Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject. | 4.3 |
2008-12-11 | CVE-2008-5433 | Punbb | Cross-Site Scripting vulnerability in Punbb 1.3/1.3.1 Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field. | 4.3 |
2008-12-11 | CVE-2008-5432 | Moodle | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title). | 4.3 |
2008-12-11 | CVE-2008-5429 | Incredimail | Resource Management Errors vulnerability in Incredimail 5.85 Incredimail build 5853710 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | 4.3 |
2008-12-11 | CVE-2008-5428 | Opera Microsoft | Resource Management Errors vulnerability in Opera 9.51 Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | 4.3 |
2008-12-11 | CVE-2008-5427 | Symantec | Resource Management Errors vulnerability in Symantec Norton Internet Security 2008 15.5.0.23 Norton Antivirus in Norton Internet Security 15.5.0.23 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | 4.3 |
2008-12-11 | CVE-2008-5426 | Kaspersky LAB | Resource Management Errors vulnerability in Kaspersky LAB Kaspersky Internet Security Suite 2009 Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | 4.3 |
2008-12-11 | CVE-2008-5425 | Eset | Resource Management Errors vulnerability in Eset Nod32 Antivirus 2.70.0039.0000 ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | 4.3 |
2008-12-11 | CVE-2008-5424 | Microsoft | Resource Management Errors vulnerability in Microsoft Outlook Express 6.00.2900.5512 The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173. | 4.3 |
2008-12-11 | CVE-2008-5423 | SUN Novell Redhat | Information Exposure vulnerability in SUN RAY Server Software and RAY Windows Connector Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector. | 4.3 |
2008-12-10 | CVE-2008-5304 | Twiki | Cross-Site Scripting vulnerability in Twiki Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable. | 4.3 |
2008-12-09 | CVE-2008-5277 | Powerdns | Configuration vulnerability in Powerdns PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query. | 4.3 |
2008-12-08 | CVE-2008-5363 | Adobe | Resource Management Errors vulnerability in Adobe AIR and Flash Player The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file. | 4.3 |
2008-12-08 | CVE-2008-5362 | Adobe | Improper Input Validation vulnerability in Adobe AIR and Flash Player The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory via a crafted PDF file. | 4.3 |
2008-12-08 | CVE-2008-5361 | Adobe | Resource Management Errors vulnerability in Adobe AIR and Flash Player The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file. | 4.3 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-12-10 | CVE-2008-5417 | HP | Permissions, Privileges, and Access Controls vulnerability in HP Decnet Plus for Openvms 8.3 HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services. | 2.1 |