Weekly Vulnerabilities Reports > December 15 to 21, 2008

Overview

157 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 65 high severity vulnerabilities. This weekly summary report vulnerabilities in 121 products from 87 vendors including Apple, Mozilla, Activewebsoftwares, Canonical, and Debian. Vulnerabilities are notably categorized as "SQL Injection", "Permissions, Privileges, and Access Controls", "Resource Management Errors", "Improper Input Validation", and "Path Traversal".

  • 152 reported vulnerabilities are remotely exploitables.
  • 87 reported vulnerabilities have public exploit available.
  • 69 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 144 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

20 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-12-19 CVE-2008-5685 SUN Unspecified vulnerability in SUN Scapp

Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun Fire and Netra platforms allows remote attackers to access the System Controller (SC), the system console, and possibly the host OS, and cause a denial of service (shutdown or reboot), via spoofed IP packets.

10.0
2008-12-19 CVE-2008-5675 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal

Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI."

10.0
2008-12-17 CVE-2008-5500 Mozilla
Canonical
Debian
Resource Management Errors vulnerability in multiple products

The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.

10.0
2008-12-17 CVE-2008-5649 Alstrasoft SQL Injection vulnerability in Alstrasoft Article Manager PRO 1.6

SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter.

10.0
2008-12-17 CVE-2008-5619 Roundcube Code Injection vulnerability in Roundcube Webmail 0.2.1/0.2.3

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.

10.0
2008-12-17 CVE-2008-5616 Mplayer Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mplayer

Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.

10.0
2008-12-17 CVE-2008-4237 Apple Multiple Security vulnerability in RETIRED: Apple Mac OS X 2008-008

Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting.

10.0
2008-12-17 CVE-2008-4223 Apple Improper Authentication vulnerability in Apple mac OS X Server

Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors.

10.0
2008-12-17 CVE-2008-4221 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation.

10.0
2008-12-17 CVE-2008-4220 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

10.0
2008-12-19 CVE-2008-5674 Darkwet Improper Input Validation vulnerability in Darkwet Webcam XP

Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component.

9.4
2008-12-19 CVE-2008-5696 Novell Credentials Management vulnerability in Novell Netware 6.5

Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.

9.3
2008-12-19 CVE-2008-5691 Phonecian Casino Buffer Errors vulnerability in Phonecian Casino Flashax 1.0.0.7

Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX control 1.0.0.7 allows remote attackers to execute arbitrary code via a long argument to the SetID method.

9.3
2008-12-19 CVE-2008-5680 Opera Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Opera Browser

Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL.

9.3
2008-12-19 CVE-2008-5679 Opera Resource Management Errors vulnerability in Opera

The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption.

9.3
2008-12-18 CVE-2008-5499 Adobe
Linux
Code Injection vulnerability in Adobe Flash Player FOR Linux

Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.

9.3
2008-12-17 CVE-2008-5662 SUN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN Java Wireless Toolkit FOR Cldc

Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC 2.5.2 and earlier allow downloaded programs to execute arbitrary code via unknown vectors.

9.3
2008-12-17 CVE-2008-4234 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message.

9.3
2008-12-17 CVE-2008-4217 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.

9.3
2008-12-19 CVE-2008-5663 Kusaba Improper Input Validation vulnerability in Kusaba

Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory.

9.0

65 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-12-19 CVE-2008-5695 Wordpress Improper Input Validation vulnerability in Wordpress and Wordpress MU

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.

8.5
2008-12-19 CVE-2008-5686 IBM Improper Authentication vulnerability in IBM Tivoli Provisioning Manager

IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows.

8.5
2008-12-17 CVE-2008-5617 Rsyslog Permissions, Privileges, and Access Controls vulnerability in Rsyslog

The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.

8.5
2008-12-19 CVE-2008-5683 Opera Information Exposure vulnerability in Opera Browser

Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.

7.8
2008-12-17 CVE-2008-5645 ORB Networks Path Traversal vulnerability in ORB Networks ORB

Directory traversal vulnerability in the media server in Orb Networks Orb before 2.01.0022 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP GET request.

7.8
2008-12-17 CVE-2008-5620 Roundcube Resource Management Errors vulnerability in Roundcube Webmail 0.1/0.1.1/0.2

RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.

7.8
2008-12-15 CVE-2008-5563 Aruba Networks
Arubanetworks
Resource Management Errors vulnerability in multiple products

Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, and 3.3.2.x allows remote attackers to cause a denial of service (device crash) via a malformed Extensible Authentication Protocol (EAP) frame.

7.8
2008-12-19 CVE-2008-4122 Joomla Cleartext Transmission of Sensitive Information vulnerability in Joomla Joomla! 1.5.8

Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

7.5
2008-12-19 CVE-2008-5671 Joomla Code Injection vulnerability in Joomla 1.0.11/1.0.12/1.0.13

PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2008-12-19 CVE-2008-5665 Xoops SQL Injection vulnerability in Xoops

SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.

7.5
2008-12-17 CVE-2008-5659 GNU Cryptographic Issues vulnerability in GNU Classpath

The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.

7.5
2008-12-17 CVE-2008-5658 PHP Path Traversal vulnerability in PHP

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains ..

7.5
2008-12-17 CVE-2008-5657 Quassel Improper Input Validation vulnerability in Quassel Core

CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows remote attackers to spoof IRC messages as other users via a crafted CTCP message.

7.5
2008-12-17 CVE-2008-5655 Myiosoft SQL Injection vulnerability in Myiosoft Easybookmarker 4.0

Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) delete_folder and (2) delete_link parameters to unspecified vectors, possibly to (a) plugins/bookmarker/bookmarker_backend.php or (b) ajaxp.php, different vectors than CVE-2008-5654.

7.5
2008-12-17 CVE-2008-5654 Myiosoft SQL Injection vulnerability in Myiosoft Easycalendar 4.0

SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyCalendar 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter, a different vector than CVE-2008-1344.

7.5
2008-12-17 CVE-2008-5653 Myiosoft COM SQL Injection vulnerability in Myiosoft.Com Ajaxportal 3.0

SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter.

7.5
2008-12-17 CVE-2008-5652 Myiosoft SQL Injection vulnerability in Myiosoft Easybookmarker 4.0

SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter.

7.5
2008-12-17 CVE-2008-5651 Myiosoft SQL Injection vulnerability in Myiosoft Easybookmarker 4.0

SQL injection vulnerability in plugins/bookmarker/bookmarker_backend.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the Parent parameter.

7.5
2008-12-17 CVE-2008-5650 Alstrasoft SQL Injection vulnerability in Alstrasoft Webhost Directory NIL

SQL injection vulnerability in the login directory in AlstraSoft Web Host Directory allows remote attackers to execute arbitrary SQL commands via the pwd parameter.

7.5
2008-12-17 CVE-2008-5648 Deltascripts SQL Injection vulnerability in Deltascripts PHP Shop 1.0

SQL injection vulnerability in admin/login.php in DeltaScripts PHP Shop 1.0 allows remote attackers to execute arbitrary SQL commands via the admin_username parameter.

7.5
2008-12-17 CVE-2008-5646 Trac Denial of Service And Phishing vulnerability in Trac

Unspecified vulnerability in Trac before 0.11.2 allows attackers to cause a denial of service via unknown attack vectors related to "certain wiki markup."

7.5
2008-12-17 CVE-2008-5643 Joomla
Mambo
SQL Injection vulnerability in Joomla COM Books

SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.

7.5
2008-12-17 CVE-2008-5641 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Active Photo Gallery 6.2

SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

7.5
2008-12-17 CVE-2008-5640 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Active Bids 3.5

SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.

7.5
2008-12-17 CVE-2008-5638 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Active Price Comparison 4.0

Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter to reviews.aspx or the (2) linkid parameter to links.asp.

7.5
2008-12-17 CVE-2008-5637 Parsblogger SQL Injection vulnerability in Parsblogger NIL

SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows remote attackers to execute arbitrary SQL commands via the wr parameter.

7.5
2008-12-17 CVE-2008-5635 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Active Membership 2.0

SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp.

7.5
2008-12-17 CVE-2008-5634 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Active Force Matrix 2.0

SQL injection vulnerability in account.asp in Active Force Matrix 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp.

7.5
2008-12-17 CVE-2008-5633 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Activevotes 2.2

SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp.

7.5
2008-12-17 CVE-2008-5632 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Active Time Billing 3.2

SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp.

7.5
2008-12-17 CVE-2008-5631 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Active Ewebquiz 8.0

SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter.

7.5
2008-12-17 CVE-2008-5629 Turnkeyarcade SQL Injection vulnerability in Turnkeyarcade Turnkey Arcade Script NIL

SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action.

7.5
2008-12-17 CVE-2008-5627 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Active Trade 2.0

SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter.

7.5
2008-12-17 CVE-2008-5625 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file.

7.5
2008-12-17 CVE-2008-5624 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting of /etc for the error_log variable.

7.5
2008-12-17 CVE-2008-5609 Typo3 SQL Injection vulnerability in Typo3 Commerce Extension

SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-12-16 CVE-2008-5607 Joomitaly
Joomla
SQL Injection vulnerability in Joomitaly Jmovies 1.1

SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

7.5
2008-12-16 CVE-2008-5605 Aspapps SQL Injection vulnerability in Aspapps Aspportal NIL

Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.

7.5
2008-12-16 CVE-2008-5599 Merlix SQL Injection vulnerability in Merlix Teamworx Server NIL

SQL injection vulnerability in default.asp in Merlix Teamworx Server allows remote attackers to execute arbitrary SQL commands via the password parameter (aka passwd field) in a login action.

7.5
2008-12-16 CVE-2008-5595 Aspapps SQL Injection vulnerability in Aspapps ASP Autodealer NIL

SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2008-12-16 CVE-2008-5594 Bpowerhouse Path Traversal vulnerability in Bpowerhouse Mini Blog 1.0.1

Multiple directory traversal vulnerabilities in index.php in Mini Blog 1.0.1 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2008-12-16 CVE-2008-5593 Bpowerhouse Path Traversal vulnerability in Bpowerhouse Mini CMS 1.0.1

Multiple directory traversal vulnerabilities in index.php in Mini CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2008-12-16 CVE-2008-5590 Kalptaru Infotech SQL Injection vulnerability in Kalptaru Infotech Product Sale Framework 0.1

SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter.

7.5
2008-12-16 CVE-2008-5589 Katywhitton SQL Injection vulnerability in Katywhitton Rankem

SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field).

7.5
2008-12-16 CVE-2008-5588 Katywhitton SQL Injection vulnerability in Katywhitton Rankem

SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the siteID parameter.

7.5
2008-12-16 CVE-2008-5585 Lcxbbportal Code Injection vulnerability in Lcxbbportal 0.1

Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 Alpha 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) portal/includes/portal_block.php and (2) includes/acp/acp_lcxbbportal.php.

7.5
2008-12-15 CVE-2008-5582 Nukedit SQL Injection vulnerability in Nukedit

SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the email parameter.

7.5
2008-12-15 CVE-2008-5581 Mini PUB Improper Input Validation vulnerability in Mini-Pub 0.3

PHP remote file inclusion vulnerability in mini-pub.php/front-end/img.php in mini-pub 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the sFileName parameter.

7.5
2008-12-15 CVE-2008-5580 Mini PUB Improper Input Validation vulnerability in Mini-Pub 0.3

mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the sFileName argument.

7.5
2008-12-15 CVE-2008-5578 Scssboard SQL Injection vulnerability in Scssboard

Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allow remote attackers to execute arbitrary SQL commands via (1) the f parameter in a showforum action, (2) the u parameter in a profile action, (3) the viewcat parameter, or (4) a combination of scb_uid and scb_ident cookie values.

7.5
2008-12-15 CVE-2008-5577 Scssboard Code Injection vulnerability in Scssboard

PHP remote file inclusion vulnerability in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to execute arbitrary PHP code via a URL in the inc_function parameter.

7.5
2008-12-15 CVE-2008-5576 Scssboard Improper Authentication vulnerability in Scssboard

admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the current_user[users_level] parameter.

7.5
2008-12-15 CVE-2008-5575 Proclanmanager Improper Authentication vulnerability in Proclanmanager PRO Clan Manager

Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

7.5
2008-12-15 CVE-2008-5574 Unscripts SQL Injection vulnerability in Unscripts Webmaster Marketplace NIL

SQL injection vulnerability in member.php in Webmaster Marketplace allows remote attackers to execute arbitrary SQL commands via the u parameter.

7.5
2008-12-15 CVE-2008-5573 Adcomplete SQL Injection vulnerability in Adcomplete Poll PRO 2.0

SQL injection vulnerability in the login feature in Poll Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) Password and (2) username parameters.

7.5
2008-12-15 CVE-2008-5571 Dotnetindex SQL Injection vulnerability in Dotnetindex Professional Download Assistant 0.1

SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field).

7.5
2008-12-15 CVE-2008-5561 Netref SQL Injection vulnerability in Netref 4.0

SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php.

7.5
2008-12-15 CVE-2008-5559 Dazzlindonna SQL Injection vulnerability in Dazzlindonna Postecards

SQL injection vulnerability in sendcard.cfm in PostEcards allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2008-12-19 CVE-2008-5689 SUN Resource Management Errors vulnerability in SUN Opensolaris and Solaris

tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.

7.2
2008-12-19 CVE-2008-5086 Libvirt Local Security Bypass vulnerability in libvirt

Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.

7.2
2008-12-17 CVE-2008-4218 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt.

7.2
2008-12-19 CVE-2008-5677 Kwalbum Improper Input Validation vulnerability in Kwalbum

Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the ReplaceBadFilenameChars function in include/ItemAdder.php.

7.1
2008-12-17 CVE-2008-4236 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file.

7.1
2008-12-17 CVE-2008-4224 Apple Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server

UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file.

7.1
2008-12-17 CVE-2008-4222 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet.

7.1

67 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-12-19 CVE-2008-5078 GNU Buffer Errors vulnerability in GNU Escript 1.6.1

Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename.

6.8
2008-12-19 CVE-2008-5672 Phparanoid Cross-Site Request Forgery (CSRF) vulnerability in PHParanoid 0.1/0.2

Multiple cross-site request forgery (CSRF) vulnerabilities in PHParanoid before 0.4 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) admin.php or (2) private messages.

6.8
2008-12-19 CVE-2008-5670 Textpattern Credentials Management vulnerability in Textpattern 4.0.5

Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session.

6.8
2008-12-17 CVE-2008-5512 Mozilla
Canonical
Debian
Permissions, Privileges, and Access Controls vulnerability in multiple products

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers."

6.8
2008-12-17 CVE-2008-5506 Mozilla
Canonical
Debian
Permissions, Privileges, and Access Controls vulnerability in multiple products

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."

6.8
2008-12-17 CVE-2008-5660 Gnome USE of Externally-Controlled Format String vulnerability in Gnome Vinagre

Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.

6.8
2008-12-17 CVE-2008-5636 Lovedesigner SQL Injection vulnerability in Lovedesigner Lito Lite CMS NIL

SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.

6.8
2008-12-17 CVE-2008-5630 Qualityunit SQL Injection vulnerability in Qualityunit Post Affiliate PRO 3.0/3.1.4

SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter.

6.8
2008-12-17 CVE-2008-5628 Little CMS SQL Injection vulnerability in Little CMS Little CMS 0.0.1

SQL injection vulnerability in index.php in CMS little 0.0.1 allows remote attackers to execute arbitrary SQL commands via the term parameter.

6.8
2008-12-16 CVE-2008-5604 Drennansoft Path Traversal vulnerability in Drennansoft MY Simple Forum 3.0/4.1

Directory traversal vulnerability in index.php in My Simple Forum 3.0 and 4.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-12-16 CVE-2008-5586 Check UP SQL Injection vulnerability in Check UP Check NEW 4.52

SQL injection vulnerability in findoffice.php in Check Up New Generation (aka Check New) 4.52, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter.

6.8
2008-12-15 CVE-2008-5570 PHP Multiple Newsletters Path Traversal vulnerability in PHP multiple Newsletters PHP multiple Newsletters 2.7

Directory traversal vulnerability in index.php in PHP Multiple Newsletters 2.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2008-12-15 CVE-2008-5568 IPN Mate Cross-Site Request Forgery (CSRF) vulnerability in Ipn-Mate IPN PRO 3

Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the admin_id, newpass_1, and newpass_2 parameters.

6.8
2008-12-15 CVE-2008-5567 Bonzacart Cross-Site Request Forgery (CSRF) vulnerability in Bonzacart Bonza Cart

Cross-site request forgery (CSRF) vulnerability in admin/ad_settings.php in Bonza Cart 1.10 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters.

6.8
2008-12-15 CVE-2008-5565 Dinkumsoft Cross-Site Request Forgery (CSRF) vulnerability in Dinkumsoft DL Paycart 1.01

Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters.

6.8
2008-12-19 CVE-2008-1094 Barracuda Networks SQL Injection vulnerability in Barracuda Networks Barracuda Spam Firewall

SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.

6.5
2008-12-19 CVE-2008-5673 Phparanoid Permissions, Privileges, and Access Controls vulnerability in PHParanoid 0.1/0.2

PHParanoid before 0.4 does not properly restrict access to the members area by unauthenticated users, which has unknown impact and remote attack vectors.

6.5
2008-12-17 CVE-2008-5507 Mozilla
Canonical
Debian
Information Exposure vulnerability in multiple products

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.

6.0
2008-12-17 CVE-2008-5621 Phpmyadmin Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter.

6.0
2008-12-19 CVE-2008-5252 Mediawiki Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki

Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors.

5.8
2008-12-17 CVE-2008-5661 SUN Resource Management Errors vulnerability in SUN Opensolaris and Solaris

The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 through snv_82, with certain patches installed, allows remote attackers to cause a denial of service (panic) via unknown vectors that trigger a NULL pointer dereference.

5.4
2008-12-19 CVE-2008-5693 Ipswitch Improper Input Validation vulnerability in Ipswitch WS FTP

Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character.

5.0
2008-12-19 CVE-2008-5692 Ipswitch Improper Authentication vulnerability in Ipswitch WS FTP

Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.

5.0
2008-12-19 CVE-2008-5687 Mediawiki Permissions, Privileges, and Access Controls vulnerability in Mediawiki

MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.

5.0
2008-12-19 CVE-2008-5684 SUN Resource Management Errors vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the Gnome session manager (aka gnome-session).

5.0
2008-12-19 CVE-2008-5676 Breach Unspecified vulnerability in Breach Modsecurity

Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."

5.0
2008-12-19 CVE-2008-5669 Textpattern Improper Input Validation vulnerability in Textpattern 4.0.5

index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter.

5.0
2008-12-19 CVE-2008-5667 Virusblokada Resource Management Errors vulnerability in Virusblokada Vba32 Personal Antivirus 3.12.8

The scanning engine in VirusBlokAda VBA32 Personal Antivirus 3.12.8.x allows remote attackers to cause a denial of service (memory corruption and application crash) via a malformed RAR archive.

5.0
2008-12-17 CVE-2008-5510 Mozilla
Canonical
Debian
Remote vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey

The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.

5.0
2008-12-17 CVE-2008-5505 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.

5.0
2008-12-17 CVE-2008-5502 Mozilla
Canonical
Resource Management Errors vulnerability in multiple products

The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions.

5.0
2008-12-17 CVE-2008-5501 Mozilla
Canonical
Remote vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey

The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure.

5.0
2008-12-17 CVE-2008-5647 Trac Denial of Service And Phishing vulnerability in Trac

Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors.

5.0
2008-12-17 CVE-2008-5642 Cmsmadesimple Path Traversal vulnerability in Cmsmadesimple CMS Made Simple 1.4.1

Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a ..

5.0
2008-12-17 CVE-2008-5618 Rsyslog Denial-Of-Service vulnerability in RSyslog

imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages.

5.0
2008-12-17 CVE-2008-5081 Avahi Resource Management Errors vulnerability in Avahi

The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.

5.0
2008-12-16 CVE-2008-5608 Aspapps Permissions, Privileges, and Access Controls vulnerability in Aspapps ASP Autodealer NIL

ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.

5.0
2008-12-16 CVE-2008-5606 Gazatem Technologies Permissions, Privileges, and Access Controls vulnerability in Gazatem Technologies Qmail Mailing List Manager 1.2

Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb.

5.0
2008-12-16 CVE-2008-5603 Aspapps Permissions, Privileges, and Access Controls vulnerability in Aspapps Aspticker 1.0

ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.

5.0
2008-12-16 CVE-2008-5602 Natterchat Permissions, Privileges, and Access Controls vulnerability in Natterchat 1.12

Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb.

5.0
2008-12-16 CVE-2008-5601 Robs Projects Permissions, Privileges, and Access Controls vulnerability in Robs-Projects ASP User Engine NIL

User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb.

5.0
2008-12-16 CVE-2008-5600 Merlix Permissions, Privileges, and Access Controls vulnerability in Merlix Teamworx Server NIL

Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb.

5.0
2008-12-16 CVE-2008-5598 Phpmygallery Path Traversal vulnerability in PHPmygallery 1.51

Directory traversal vulnerability in index.php in PHPmyGallery 1.51 gold allows remote attackers to list arbitrary directories via a ..

5.0
2008-12-16 CVE-2008-5597 Cold BBS Permissions, Privileges, and Access Controls vulnerability in Cold BBS Cold BBS NIL

Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb.

5.0
2008-12-16 CVE-2008-5596 Dotnetindex Permissions, Privileges, and Access Controls vulnerability in Dotnetindex Ikon Admanager

Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb.

5.0
2008-12-16 CVE-2008-5592 Iwrite Permissions, Privileges, and Access Controls vulnerability in Iwrite Nightfall Personal Diary 1.0

Nightfall Personal Diary 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users-zza21.mdb.

5.0
2008-12-15 CVE-2008-5579 Mini PUB Path Traversal vulnerability in Mini-Pub 0.3

Absolute path traversal vulnerability in mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to read arbitrary files via a full pathname in the sFileName parameter.

5.0
2008-12-15 CVE-2008-5572 Dotnetindex Permissions, Privileges, and Access Controls vulnerability in Dotnetindex Professional Download Assistant 0.1

Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb.

5.0
2008-12-15 CVE-2008-5564 ORB Networks Remote Denial Of Service vulnerability in Orb Networks Orb

Unspecified vulnerability in the media server in Orb Networks Orb before 2.01.0025 allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request.

5.0
2008-12-15 CVE-2008-5562 Aspapps Permissions, Privileges, and Access Controls vulnerability in Aspapps Aspportal NIL

ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.

5.0
2008-12-15 CVE-2008-5560 Dazzlindonna Permissions, Privileges, and Access Controls vulnerability in Dazzlindonna Postecards

PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb.

5.0
2008-12-17 CVE-2008-4219 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application.

4.9
2008-12-19 CVE-2008-5249 Mediawiki Cross-Site Scripting vulnerability in Mediawiki 1.13.0/1.13.1/1.13.2

Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-12-19 CVE-2008-5682 Opera Cross-Site Scripting vulnerability in Opera Browser

Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates.

4.3
2008-12-19 CVE-2008-5681 Opera Unspecified vulnerability in Opera Browser

Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.

4.3
2008-12-19 CVE-2008-5668 Textpattern Cross-Site Scripting vulnerability in Textpattern 4.0.5

Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section.

4.3
2008-12-17 CVE-2008-5508 Mozilla
Canonical
Debian
Improper Input Validation vulnerability in multiple products

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.

4.3
2008-12-17 CVE-2008-5656 Typo3 Cross-Site Scripting vulnerability in Typo3 4.2.0/4.2.1/4.2.2

Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2008-12-17 CVE-2008-5644 Typo3 Cross-Site Scripting vulnerability in Typo3 4.2.2

Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2008-12-17 CVE-2008-5639 Txtblogcms Path Traversal vulnerability in Txtblogcms Txtblog 1.0

Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha allows remote attackers to read arbitrary files via a ..

4.3
2008-12-17 CVE-2008-5558 Asterisk Improper Authentication vulnerability in Asterisk Business Edition and Open Source

Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.

4.3
2008-12-16 CVE-2008-5591 Iwrite Cross-Site Scripting vulnerability in Iwrite Nightfall Personal Diary 1.0

Cross-site scripting (XSS) vulnerability in login.asp in Nightfall Personal Diary 1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter and possibly other "login fields." NOTE: some of these details are obtained from third party information.

4.3
2008-12-16 CVE-2008-5587 Phppgadmin Path Traversal vulnerability in PHPpgadmin

Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a ..

4.3
2008-12-15 CVE-2008-5569 Phpeppershop Cross-Site Scripting vulnerability in PHPeppershop 1.4

Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.

4.3
2008-12-15 CVE-2008-5566 Phpmultiplenewsletters Cross-Site Scripting vulnerability in PHPmultiplenewsletters 2.7

Cross-site scripting (XSS) vulnerability in index.php in Triangle Solutions PHP Multiple Newsletters 2.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2008-12-19 CVE-2008-5678 Fdgroup Improper Input Validation vulnerability in Fdgroup Olib7 Webview 2.5.1.1

Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the (1) get_settings.ini, (2) setup.ini, and (3) text.ini files.

4.0
2008-12-17 CVE-2008-5626 Dxmsoft Resource Management Errors vulnerability in Dxmsoft XM Easy Personal FTP Server 5.6.0

XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-12-19 CVE-2008-5250 Mediawiki Cross-Site Scripting vulnerability in Mediawiki

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.

3.5
2008-12-19 CVE-2008-0971 Barracuda Networks Cross-Site Scripting vulnerability in Barracuda Networks products

Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retention Policy, and (6) GroupWise Sync components in Message Archiver; (7) input to search operations in Web Filter; and (8) input used in error messages and (9) hidden INPUT elements in (a) Spam Firewall, (b) IM Firewall, and (c) Web Filter.

3.5
2008-12-19 CVE-2008-5666 Wftpserver Resource Management Errors vulnerability in Wftpserver Winftp FTP Server 2.3.0

WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid "NLST -1" command.

3.5
2008-12-17 CVE-2008-5503 Mozilla Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.

2.6
2008-12-19 CVE-2008-5690 SUN Credentials Management vulnerability in SUN Opensolaris and Solaris

The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5.

2.1