Weekly Vulnerabilities Reports > December 29, 2008 to January 4, 2009

Overview

88 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 39 high severity vulnerabilities. This weekly summary report vulnerabilities in 87 products from 62 vendors including Microsoft, Typo3, Joomla, Nokia, and Recly. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Code Injection", "Path Traversal", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 86 reported vulnerabilities are remotely exploitables.
  • 55 reported vulnerabilities have public exploit available.
  • 55 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 87 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • Invisible Island has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-01-02 CVE-2008-5812 Spip Multiple Unspecified vulnerability in SPIP Versions Prior to 2.0.2

Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors.

10.0
2009-01-02 CVE-2008-5810 Fujitsu Siemens Improper Input Validation vulnerability in Fujitsu-Siemens Webtransactions 7.0/7.1

WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs.

10.0
2008-12-31 CVE-2008-5801 Typo3 Code Injection vulnerability in Typo3 Dictionary Extension

Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.

10.0
2008-12-31 CVE-2008-5791 Prestashop Security vulnerability in PrestaShop Prior to 1.1 Beta 2

Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and attack vectors, related to the (1) bankwire module, (2) cheque module, and other components.

10.0
2009-01-02 CVE-2008-2383 Invisible Island Code Injection vulnerability in Invisible-Island Xterm NIL

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.

9.3
2009-01-02 CVE-2006-7236 Invisible Island
Debian
Ubuntu
Configuration vulnerability in Invisible-Island Xterm NIL

The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.

9.3
2008-12-30 CVE-2008-5764 2500Mhz Code Injection vulnerability in 2500Mhz Worksimple 1.2.1

PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.

9.3
2008-12-30 CVE-2008-5756 Bpsoft Buffer Errors vulnerability in Bpsoft HEX Workshop 5.1.4

Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file.

9.3
2008-12-30 CVE-2008-5755 Intellitamper Buffer Errors vulnerability in Intellitamper 2.07/2.08

Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494.

9.3
2008-12-30 CVE-2008-5754 Bpftp Buffer Errors vulnerability in Bpftp Bulletproof FTP Client NIL

Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753.

9.3
2008-12-30 CVE-2008-5753 Bpftp Buffer Errors vulnerability in Bpftp Bulletproof FTP Client 2.63

Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar.

9.3

39 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-01-02 CVE-2008-5826 Nokia Improper Input Validation vulnerability in Nokia 6131 NFC 05.12

The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI.

7.8
2009-01-02 CVE-2008-5827 Nokia Configuration vulnerability in Nokia 6131 NFC 05.12

The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag.

7.5
2009-01-02 CVE-2008-2381 Gforge SQL Injection vulnerability in Gforge 4.5/4.6

SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.

7.5
2009-01-02 CVE-2008-5820 Edreamers SQL Injection vulnerability in Edreamers Ednews 2.0

SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

7.5
2009-01-02 CVE-2008-5816 Ilias SQL Injection vulnerability in Ilias

SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter.

7.5
2009-01-02 CVE-2008-5815 Phpalumni SQL Injection vulnerability in PHPalumni NIL

SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-01-02 CVE-2008-5813 Spip SQL Injection vulnerability in Spip

SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2009-01-02 CVE-2008-5811 Joomla SQL Injection vulnerability in Joomla COM Paxgallery 0.1

SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php.

7.5
2008-12-31 CVE-2008-5806 Deltascripts SQL Injection vulnerability in Deltascripts PHP Classifieds

SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field).

7.5
2008-12-31 CVE-2008-5805 Deltascripts SQL Injection vulnerability in Deltascripts PHP Classifieds

SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828.

7.5
2008-12-31 CVE-2008-5804 E Topbiz SQL Injection vulnerability in E-Topbiz Number Links 1 PHP Script NIL

SQL injection vulnerability in admin/admin_catalog.php in e-topbiz Number Links 1 Php Script allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.

7.5
2008-12-31 CVE-2008-5803 E Topbiz SQL Injection vulnerability in E-Topbiz Online Store 1.0

SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field).

7.5
2008-12-31 CVE-2008-5802 E Topbiz SQL Injection vulnerability in E-Topbiz Online Store 1.0

SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

7.5
2008-12-31 CVE-2008-5800 Typo3 SQL Injection vulnerability in Typo3 Fsmi People and WIR BER UNS Extension

SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-12-31 CVE-2008-5798 Typo3 SQL Injection vulnerability in Typo3 CMS Poll System Extension

SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-12-31 CVE-2008-5797 Typo3 SQL Injection vulnerability in Typo3 Advcalendar Extension

SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-12-31 CVE-2008-5796 Typo3 SQL Injection vulnerability in Typo3 Eluna Page Comments Extension

SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2008-12-31 CVE-2008-5790 Recly
Joomla
Code Injection vulnerability in Recly Competitions 1.0

Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php.

7.5
2008-12-31 CVE-2008-5789 Recly
Joomla
Code Injection vulnerability in Recly Interactive Feederator 1.0.5

Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php.

7.5
2008-12-31 CVE-2008-5788 Domainsellerpro SQL Injection vulnerability in Domainsellerpro Domain Seller PRO 1.5

SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-12-31 CVE-2008-5785 V3Chat SQL Injection vulnerability in V3Chat V3 Chat Profiles Dating Script 3.0.2

SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.

7.5
2008-12-31 CVE-2008-5784 V3Chat Improper Authentication vulnerability in V3Chat V3 Chat Profiles Dating Script 3.0.2

V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.

7.5
2008-12-31 CVE-2008-5783 V3Chat Improper Authentication vulnerability in V3Chat V3 Chat Live Support 3.0.4

admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.

7.5
2008-12-31 CVE-2008-5782 Zeeways SQL Injection vulnerability in Zeeways Zeematri 3.0

SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.

7.5
2008-12-30 CVE-2008-5781 Cfagcms SQL Injection vulnerability in Cfagcms 1.0

SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter.

7.5
2008-12-30 CVE-2008-5779 Flds Script SQL Injection vulnerability in Flds Script Flds 1.2A

SQL injection vulnerability in lpro.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-12-30 CVE-2008-5778 Flds Script SQL Injection vulnerability in Flds Script Flds 1.2A

SQL injection vulnerability in report.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the linkid parameter.

7.5
2008-12-30 CVE-2008-5777 Cadenix SQL Injection vulnerability in Cadenix NIL

SQL injection vulnerability in index.php in CadeNix allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2008-12-30 CVE-2008-5776 Apertoblog Path Traversal vulnerability in Apertoblog 0.1.1

Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to admin.php and the (2) get parameter to index.php.

7.5
2008-12-30 CVE-2008-5775 Apertoblog SQL Injection vulnerability in Apertoblog 0.1.1

SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-12-30 CVE-2008-5774 Aspsiteware SQL Injection vulnerability in Aspsiteware Homebuilder 1.0/2.0

Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to (a) type.asp and (b) type2.asp and the (2) iPro parameter to (c) detail.asp.

7.5
2008-12-30 CVE-2008-5772 Aspsiteware SQL Injection vulnerability in Aspsiteware Realtylistings 1.0/2.0

Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp.

7.5
2008-12-30 CVE-2008-5771 Phpweather Path Traversal vulnerability in PHPweather 2.2.2

Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.

7.5
2008-12-30 CVE-2008-5768 Sirium
Xoops
SQL Injection vulnerability in Sirium AM Events Module 0.22

SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-12-30 CVE-2008-5767 Gazatem SQL Injection vulnerability in Gazatem Gnews Publisher NIL

SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter.

7.5
2008-12-30 CVE-2008-5766 Fascript SQL Injection vulnerability in Fascript Faupload NIL

SQL injection vulnerability in download.php in Farsi Script Faupload allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-12-30 CVE-2008-5763 Mariovaldez Code Injection vulnerability in Mariovaldez Simple Text-File Login Script 1.0.6

PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path parameter.

7.5
2008-12-30 CVE-2008-5751 Alstrasoft SQL Injection vulnerability in Alstrasoft web Email Script Enterprise NIL

SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action.

7.5
2008-12-29 CVE-2008-4539 KVM Qumranet
Qemu
Debian
Ubuntu
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow.

7.2

35 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-12-29 CVE-2008-5746 SUN Link Following vulnerability in SUN Snmp Management Agent 1.4/1.5.3/1.5.4

Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files.

6.9
2009-01-02 CVE-2008-5824 68K Buffer Errors vulnerability in 68K Audiofile 0.2.6

Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file.

6.8
2009-01-02 CVE-2008-5819 Edreamers Path Traversal vulnerability in Edreamers Ednews 2.0

Directory traversal vulnerability in eDNews_archive.php in eDreamers eDNews 2, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-01-02 CVE-2008-5818 Edreamers Path Traversal vulnerability in Edreamers Edcontainer 2.22

Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-01-02 CVE-2008-5817 WEB Scribble Solutions SQL Injection vulnerability in web Scribble Solutions Webclassifieds 2005

Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action.

6.8
2008-12-31 CVE-2008-5793 Recly
Joomla
Code Injection vulnerability in Recly Clickheat-Heatmap 1.0.1

Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php.

6.8
2008-12-31 CVE-2008-5792 Indisguise Code Injection vulnerability in Indisguise Indiscripts Enthusiast

PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

6.8
2008-12-30 CVE-2008-5758 Phparanoid Cross-Site Request Forgery (CSRF) vulnerability in PHParanoid 0.1/0.2/0.3

Cross-site request forgery (CSRF) vulnerability in PHParanoid before 0.5 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors related to private messages.

6.8
2008-12-29 CVE-2008-5750 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 8

Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.

6.8
2008-12-29 CVE-2008-5749 Google
Microsoft
Code Injection vulnerability in Google Chrome 1.0.154.36

** DISPUTED ** Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.

6.8
2009-01-02 CVE-2008-5809 Futomi Improper Authentication vulnerability in Futomi Access Analyzer CGI

futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id.

5.8
2008-12-31 CVE-2008-5787 Arabportal
Microsoft
Path Traversal vulnerability in Arabportal Arab Portal 2.1

Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a ..

5.4
2009-01-02 CVE-2008-5828 Microsoft Information Exposure vulnerability in Microsoft Windows Live Messenger

Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.

5.0
2009-01-02 CVE-2008-5822 Mozilla Resource Management Errors vulnerability in Mozilla Libxul

Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service (memory consumption and browser hang) via a long CLASS attribute in an HR element in an HTML document.

5.0
2009-01-02 CVE-2008-5821 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari 3.2

Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.

5.0
2008-12-31 CVE-2008-5794 Lovecms Path Traversal vulnerability in Lovecms 1.6.2

Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a ..

5.0
2008-12-30 CVE-2008-5780 Hostforest Permissions, Privileges, and Access Controls vulnerability in Hostforest Forest Blog 1.3.2

Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.

5.0
2008-12-30 CVE-2008-5773 Nukedit Permissions, Privileges, and Access Controls vulnerability in Nukedit 4.9.8

Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb.

5.0
2008-12-30 CVE-2008-5765 2500Mhz Permissions, Privileges, and Access Controls vulnerability in 2500Mhz Worksimple 1.2.1

WorkSimple 1.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for data/usr.txt.

5.0
2008-12-30 CVE-2008-5762 Mariovaldez Permissions, Privileges, and Access Controls vulnerability in Mariovaldez Simple Text-File Login Script 1.0.6

Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt.

5.0
2008-12-29 CVE-2008-5747 F Prot Resource Management Errors vulnerability in F-Prot Antivirus 4.6.8

F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass anti-virus protection via a crafted ELF program with a "corrupted" header that still allows the program to be executed.

5.0
2009-01-02 CVE-2008-5823 Microsoft Numeric Errors vulnerability in Microsoft Money 2006

An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.

4.3
2009-01-02 CVE-2008-5808 SIX Apart
Sixapart
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to "application management."

4.3
2008-12-31 CVE-2008-5807 Teamst Cross-Site Scripting vulnerability in Teamst Testlink

Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl.

4.3
2008-12-31 CVE-2008-5799 Typo3 Cross-Site Scripting vulnerability in Typo3 WIR BER UNS Extension 0.0.23

Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-12-31 CVE-2008-5795 Typo3 Cross-Site Scripting vulnerability in Typo3 Eluna Page Comments Extension

Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2008-12-31 CVE-2008-5786 Infrae Cross-Site Scripting vulnerability in Infrae Silva and Silva Find

Cross-site scripting (XSS) vulnerability in the Silva Find extension 1.1.5 and earlier in Silva 1.x before 1.6.3.2, Silva 2.0 before 2.0.12.2, and Silva 2.1 before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the fulltext parameter.

4.3
2008-12-30 CVE-2008-5770 Phpweather Cross-Site Scripting vulnerability in PHPweather 2.2.2

Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2008-12-30 CVE-2008-5769 Kerio Cross-Site Scripting vulnerability in Kerio Mailserver

Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php.

4.3
2008-12-30 CVE-2008-5761 Flatnux Cross-Site Scripting vulnerability in Flatnux 20081211

Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name parameter in an insertrecord action to index.php in the 08_Files module, as demonstrated by injection within a SRC attribute of an IFRAME element.

4.3
2008-12-30 CVE-2008-5760 Kerio Cross-Site Scripting vulnerability in Kerio Mailserver

Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter.

4.3
2008-12-30 CVE-2008-5759 Flatnux Cross-Site Scripting vulnerability in Flatnux 20081211

Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to index.php in the 08_Files module.

4.3
2008-12-30 CVE-2008-5752 Wordpress Path Traversal vulnerability in Wordpress Page Flip Image Gallery Plugin

Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..

4.3
2008-12-29 CVE-2008-5748 Bloofox Path Traversal vulnerability in Bloofox Bloofoxcms 0.3.4

Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.

4.3
2008-12-29 CVE-2008-5745 Microsoft Numeric Errors vulnerability in Microsoft Windows Media Player 10/11/9

Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-12-30 CVE-2008-5757 Textpattern Cross-Site Scripting vulnerability in Textpattern

Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action.

3.5
2009-01-02 CVE-2008-5825 Nokia Link Following vulnerability in Nokia 6131 NFC 05.12

The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and .

2.6
2009-01-02 CVE-2008-5814 PHP Cross-Site Scripting vulnerability in PHP

Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

2.6