Weekly Vulnerabilities Reports > February 16 to 22, 2009

Overview

159 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 71 high severity vulnerabilities. This weekly summary report vulnerabilities in 152 products from 119 vendors including Joomla, Drupal, Ravenphpscripts, Linux, and VIM. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Code Injection", "Path Traversal", and "Improper Input Validation".

  • 146 reported vulnerabilities are remotely exploitables.
  • 85 reported vulnerabilities have public exploit available.
  • 92 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 142 reported vulnerabilities are exploitable by an anonymous user.
  • Joomla has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • VIM has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

10 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-02-20 CVE-2009-0650 Tptest Buffer Errors vulnerability in Tptest 5.0.2

Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 and earlier, and possibly 5.02, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a STATS line with a long pwd field.

10.0
2009-02-17 CVE-2008-6158 W3Bcms Remote Security vulnerability in W3Bcms W3B>Cms 3.0.5

Multiple unspecified vulnerabilities in the admin backend in w3b>cms (aka w3blabor CMS) before 3.2.0 have unknown impact and remote attack vectors.

10.0
2009-02-21 CVE-2008-6235 VIM OS Command Injection vulnerability in VIM 7.0/7.1

The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.

9.3
2009-02-21 CVE-2008-3076 VIM OS Command Injection vulnerability in VIM 7.2A.10

The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases.

9.3
2009-02-21 CVE-2008-3075 VIM Code Injection vulnerability in VIM and Zipplugin.Vim

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases.

9.3
2009-02-21 CVE-2008-3074 VIM OS Command Injection vulnerability in VIM Tar.Vim and VIM

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases.

9.3
2009-02-20 CVE-2009-0658 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.

9.3
2009-02-20 CVE-2009-0641 Freebsd Permissions, Privileges, and Access Controls vulnerability in Freebsd

sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library.

9.3
2009-02-19 CVE-2008-6171 Drupal Improper Input Validation vulnerability in Drupal

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.

9.3
2009-02-19 CVE-2008-6186 Raidenftpd Buffer Errors vulnerability in Raidenftpd 2.4

Stack-based buffer overflow in RaidenFTPD 2.4 build 3620 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via long (1) CWD and (2) MLST commands.

9.0

71 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-02-20 CVE-2008-6207 Phpg Upload Improper Input Validation vulnerability in PHPg Upload PHPg Upload 1.0

Unrestricted file upload vulnerability in form_upload.php in PHPG Upload 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.

8.5
2009-02-22 CVE-2009-0680 Netgear Path Traversal vulnerability in Netgear Ssl312

cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences.

7.8
2009-02-20 CVE-2009-0649 Nokia Denial of Service vulnerability in Nokia N95 'setAttributeNode()'

The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method.

7.8
2009-02-20 CVE-2008-6219 EMC Resource Management Errors vulnerability in EMC products

nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.

7.8
2009-02-20 CVE-2008-6195 Landesk Path Traversal vulnerability in Landesk Management Suite 8.7/8.8

Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.80.1.1 and earlier allows remote attackers to read arbitrary files via a subdirectory name followed by ".." sequences, a different vulnerability than CVE-2008-1643.

7.8
2009-02-19 CVE-2008-6194 Microsoft Resource Management Errors vulnerability in Microsoft Windows

Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets.

7.8
2009-02-19 CVE-2008-6183 Myphpindexer Path Traversal vulnerability in Myphpindexer MY PHP Indexer 1.0

Multiple directory traversal vulnerabilities in index.php in My PHP Indexer 1.0 allow remote attackers to read arbitrary files via a ..

7.8
2009-02-17 CVE-2009-0609 SUN Improper Input Validation vulnerability in SUN Java System Directory Server

Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests.

7.8
2009-02-21 CVE-2008-6236 Cafuego SQL Injection vulnerability in Cafuego Simple Document Management System 1.1.4/1.1.5

SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the login parameter.

7.5
2009-02-21 CVE-2008-6234 Joomla
Mambo Foundation
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

7.5
2009-02-20 CVE-2008-6233 Fivedollarscripts SQL Injection vulnerability in Fivedollarscripts Drinks

SQL injection vulnerability in index.php in Five Dollar Scripts Drinks script allows remote attackers to execute arbitrary SQL commands via the recid parameter.

7.5
2009-02-20 CVE-2008-6232 Preprojects Credentials Management vulnerability in Preprojects PRE Shopping Mall

Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".

7.5
2009-02-20 CVE-2008-6231 Preprojects Credentials Management vulnerability in Preprojects PRE Classified Listings

Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".

7.5
2009-02-20 CVE-2008-6230 Preprojects SQL Injection vulnerability in Preprojects PRE Podcast Portal

SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-02-20 CVE-2008-6228 Preproject Credentials Management vulnerability in Preproject PRE Multi-Vendor Shopping Malls

Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".

7.5
2009-02-20 CVE-2008-6227 Preproject SQL Injection vulnerability in Preproject PRE Multi-Vendor Shopping Malls

SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor Shopping Malls allows remote attackers to execute arbitrary SQL commands via the (1) sid and (2) cid parameters.

7.5
2009-02-20 CVE-2008-6225 Mole Group SQL Injection vulnerability in Mole-Group Airline Ticket Sale Script

** DISPUTED ** SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter.

7.5
2009-02-20 CVE-2008-6224 Samelinux Path Traversal vulnerability in Samelinux WAY of the Warrior

Directory traversal vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to read arbitrary files via a ..

7.5
2009-02-20 CVE-2008-6223 Wotw Code Injection vulnerability in Wotw WAY of the Warrior 5.0

PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php.

7.5
2009-02-20 CVE-2008-6221 Dadamailproject
Joomla
Code Injection vulnerability in Dadamailproject Dada Mail Manager 2.6

PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.

7.5
2009-02-20 CVE-2008-6220 Cafuego SQL Injection vulnerability in Cafuego Simple Document Management System 1.1.4/1.1.5

SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the pass parameter.

7.5
2009-02-20 CVE-2009-0653 Openssl Improper Authentication vulnerability in Openssl 0.9.6

OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.

7.5
2009-02-20 CVE-2008-6216 Bookingcentre SQL Injection vulnerability in Bookingcentre Booking System FOR Hotels Group

SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to execute arbitrary SQL commands via the OfertaID parameter.

7.5
2009-02-20 CVE-2008-6214 Harlandscripts SQL Injection vulnerability in Harlandscripts PRO Traffic ONE

SQL injection vulnerability in poll_results.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-02-20 CVE-2008-6213 Harlandscripts SQL Injection vulnerability in Harlandscripts PRO Traffic ONE

SQL injection vulnerability in mypage.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the trg parameter.

7.5
2009-02-20 CVE-2008-6163 Openx SQL Injection vulnerability in Openx 2.6.1

SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter.

7.5
2009-02-20 CVE-2008-6162 BUX Improper Authentication vulnerability in BUX Bux.To Clone Script

Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin.

7.5
2009-02-20 CVE-2008-6210 Dream4 SQL Injection vulnerability in Dream4 Koobi 4.4/5.4

SQL injection vulnerability in index.php in dream4 Koobi 4.4 and 5.4 allows remote attackers to execute arbitrary SQL commands via the img_id parameter in the gallerypic page.

7.5
2009-02-20 CVE-2008-6209 Vastal SQL Injection vulnerability in Vastal Software Zone

SQL injection vulnerability in view_product.php in Vastal I-Tech Software Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

7.5
2009-02-20 CVE-2008-6206 Robotstats Code Injection vulnerability in Robotstats 0.1

Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) graph.php and (2) robotstats.inc.php.

7.5
2009-02-20 CVE-2008-6204 Supernet SQL Injection vulnerability in Supernet Shop

Multiple SQL injection vulnerabilities in SuperNET Shop 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to secure/admin/guncelle.asp, (2) kulad and sifre parameters to secure/admin/giris.asp, and (3) username and password to secure/admin/default.asp.

7.5
2009-02-20 CVE-2008-6203 Jakob Persson SQL Injection vulnerability in Jakob-Persson Cobalt 2.0

SQL injection vulnerability in adminler.asp in CoBaLT 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-02-20 CVE-2008-6202 Jakob Persson SQL Injection vulnerability in Jakob-Persson Cobalt 1.0

SQL injection vulnerability in CoBaLT 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) urun.asp, (2) admin/bayi_listele.asp, (3) admin/urun_grup_listele.asp, and (4) admin/urun_listele.asp.

7.5
2009-02-20 CVE-2008-6198 Mybboard SQL Injection vulnerability in Mybboard Custom Pages Plugin 1.0

SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin for MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2009-02-20 CVE-2008-6197 Kwsphp SQL Injection vulnerability in Kwsphp Galerie Module

SQL injection vulnerability in index.php in the galerie module for KwsPHP 1.3.456 allows remote attackers to execute arbitrary SQL commands via the id_gal parameter in a gal action.

7.5
2009-02-20 CVE-2008-6196 Philippe Crochat Code Injection vulnerability in Philippe Crochat Easysite 2.0

Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT EasySite 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the EASYSITE_BASE parameter to (1) browser.php, (2) image_editor.php and (3) skin_chooser.php in configuration/.

7.5
2009-02-19 CVE-2008-6189 Gforge SQL Injection vulnerability in Gforge 4.5.19

SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php.

7.5
2009-02-19 CVE-2008-6188 Gforge SQL Injection vulnerability in Gforge

SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter.

7.5
2009-02-19 CVE-2008-6187 Gforge SQL Injection vulnerability in Gforge

SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter.

7.5
2009-02-19 CVE-2008-6184 Medialab Karlsruhe
Joomla
SQL Injection vulnerability in Medialab-Karlsruhe Ownbiblio 1.5.3

SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php.

7.5
2009-02-19 CVE-2008-6182 Joomla SQL Injection vulnerability in Joomla Ignitegallery

SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php.

7.5
2009-02-19 CVE-2008-6181 Joomla
Mad4Media
SQL Injection vulnerability in Mad4Media COM Mad4Joomla

SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php.

7.5
2009-02-19 CVE-2008-6180 Newlife Blogger SQL Injection vulnerability in Newlife Blogger Newlife Blogger 3.3.1

SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie.

7.5
2009-02-19 CVE-2008-6179 Indexscript SQL Injection vulnerability in Indexscript 3.0

SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter, a different vector than CVE-2007-4069.

7.5
2009-02-19 CVE-2008-6178 Fckeditor
Phplist
Code Injection vulnerability in multiple products

Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094.

7.5
2009-02-19 CVE-2008-6167 Miniportail Path Traversal vulnerability in Miniportail

Directory traversal vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-02-19 CVE-2008-6166 Joomla
Jmds
SQL Injection vulnerability in Jmds COM Kbase 1.2

SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.

7.5
2009-02-18 CVE-2009-0646 4Site SQL Injection vulnerability in 4Site CMS

Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml.

7.5
2009-02-18 CVE-2009-0639 Phpyabs Code Injection vulnerability in PHPyabs 0.1.2

PHP remote file inclusion vulnerability in moduli/libri/index.php in phpyabs 0.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the Azione parameter.

7.5
2009-02-17 CVE-2009-0610 Dminnich Code Injection vulnerability in Dminnich Simple PHP News 1.0

Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php.

7.5
2009-02-17 CVE-2009-0363 Barnowl
Ktools
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.

7.5
2009-02-16 CVE-2009-0604 PHP Director SQL Injection vulnerability in PHP Director PHP Director 0.2

SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter.

7.5
2009-02-16 CVE-2009-0602 Wikkitikkitavi Improper Input Validation vulnerability in Wikkitikkitavi 1.11

Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi 1.11 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/.

7.5
2009-02-16 CVE-2008-6155 Hispah SQL Injection vulnerability in Hispah Text Links ADS 1.1

SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idtl parameter in a buy action.

7.5
2009-02-16 CVE-2008-6154 Hispah SQL Injection vulnerability in Hispah Text Links ADS 1.1

SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idcat parameter.

7.5
2009-02-16 CVE-2009-0598 Phpmesfilms SQL Injection vulnerability in PHPmesfilms 1.0/1.8

SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-02-16 CVE-2009-0592 Pnphpbb Path Traversal vulnerability in Pnphpbb Pnphpbb2

Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earlier allow remote attackers to include and execute arbitrary local files via a ..

7.5
2009-02-16 CVE-2008-6153 Jayeshp SQL Injection vulnerability in Jayeshp Pixel8 web Photo Album 3.0

SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo Album 3.0 allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter.

7.5
2009-02-16 CVE-2008-6152 Sepcity SQL Injection vulnerability in Sepcity Faculty Portal

SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Portal allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2009-02-16 CVE-2008-6151 Sepcity SQL Injection vulnerability in Sepcity Shopping Mall

SQL injection vulnerability in shpdetails.asp in SepCity Shopping Mall allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2009-02-16 CVE-2008-6150 Sepcity SQL Injection vulnerability in Sepcity Classified ADS

SQL injection vulnerability in classdis.asp in SepCity Classified Ads allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2009-02-16 CVE-2008-6149 Joomlaapps
Joomla
SQL Injection vulnerability in Joomlaapps COM Mdigg 2.2.8

SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cagtegory parameter in a story_lists action to index.php.

7.5
2009-02-16 CVE-2008-6148 Raven Worx
Joomla
SQL Injection vulnerability in Raven-Worx Liveticker 1.0

SQL injection vulnerability in the Live Ticker (com_liveticker) module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a viewticker action to index.php.

7.5
2009-02-16 CVE-2008-6145 Typo3 SQL Injection vulnerability in Typo3 WEC Discussion Forum

Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-02-16 CVE-2008-6143 Owentechkenya Improper Authentication vulnerability in Owentechkenya Owenpoll 1.0

OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie.

7.5
2009-02-16 CVE-2008-6142 China ON Site SQL Injection vulnerability in China-On-Site Flexphpic 0.0.3/0.0.4

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.

7.5
2009-02-18 CVE-2009-0310 Opensuse Buffer Errors vulnerability in Opensuse 10.3/11.0

Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to "incoming data and authentication-strings." Following information confirms LOCAL Access Vector reported in Hyperlink Record 1058524: http://xforce.iss.net/xforce/xfdb/48797 The SUSE blinux (sbl) package is vulnerable to a buffer overflow.

7.2
2009-02-17 CVE-2009-0608 Android Numeric Errors vulnerability in Android SDK 1.0

Integer overflow in the showLog function in fake_log_device.c in liblog in Open Handset Alliance Android 1.0 allows attackers to trigger a buffer overflow and possibly have unspecified other impact by sending a large number of input lines.

7.2
2009-02-17 CVE-2009-0607 Openhandsetalliance Numeric Errors vulnerability in Openhandsetalliance Android SDK 1.0

Multiple integer overflows in malloc_leak.c in Bionic in Open Handset Alliance Android 1.0 have unknown impact and attack vectors, related to the (1) chk_calloc and (2) leak_calloc functions.

7.2
2009-02-17 CVE-2009-0606 Openhandsetalliance Improper Input Validation vulnerability in Openhandsetalliance Android SDK 1.0

The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by certain groups, possibly a related issue to CVE-2002-0820.

7.2
2009-02-20 CVE-2008-6218 Libpng Resource Management Errors vulnerability in Libpng

Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.

7.1

69 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-02-20 CVE-2009-0657 Toshiba Credentials Management vulnerability in Toshiba Face Recognition 2.0.2.32

Toshiba Face Recognition 2.0.2.32 allows physically proximate attackers to obtain notebook access by presenting a large number of images for which the viewpoint and lighting have been modified to match a stored image of the authorized notebook user.

6.9
2009-02-20 CVE-2009-0656 Asus Credentials Management vulnerability in Asus Smartlogon 1.0.0005

Asus SmartLogon 1.0.0005 allows physically proximate attackers to bypass "security functions" by presenting an image with a modified viewpoint that matches the posture of a stored image of the authorized notebook user.

6.9
2009-02-20 CVE-2009-0655 Lenovo Improper Authentication vulnerability in Lenovo Veriface III

Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user.

6.9
2009-02-22 CVE-2009-0040 Libpng Code Injection vulnerability in Libpng

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.

6.8
2009-02-20 CVE-2008-6226 Preproject SQL Injection vulnerability in Preproject PHP Auto Listings Script NIL

SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter.

6.8
2009-02-20 CVE-2009-0577 Apple
Redhat
Numeric Errors vulnerability in Apple Cups 1.1.17

Integer overflow in the WriteProlog function in texttops in CUPS 1.1.17 on Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.

6.8
2009-02-20 CVE-2009-0642 Ruby Lang Improper Authentication vulnerability in Ruby-Lang Ruby 1.8/1.9

ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.

6.8
2009-02-20 CVE-2008-6201 Kwsphp Path Traversal vulnerability in Kwsphp 1.3.456

Directory traversal vulnerability in help.php in the eskuel module in KwsPHP 1.3.456, as available before 20080416, allows remote attackers to execute arbitrary commands via the action parameter.

6.8
2009-02-19 CVE-2009-0648 Falt4 Cross-Site Request Forgery (CSRF) vulnerability in Falt4 Extreme RC4

Multiple cross-site request forgery (CSRF) vulnerabilities in the manage_users handler in admin/index.php in Falt4 CMS (aka Falt4 Extreme) RC4 allow remote attackers to hijack the authentication of administrators for requests that change passwords via the (1) edit and (2) edit_now actions.

6.8
2009-02-19 CVE-2008-6177 Publicwarehouse Path Traversal vulnerability in Publicwarehouse Lightblog 9.8

Multiple directory traversal vulnerabilities in LightBlog 9.8, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..

6.8
2009-02-19 CVE-2008-6172 Weberr
Joomla
Path Traversal vulnerability in Weberr Rwcards 3.0.11

Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.

6.8
2009-02-19 CVE-2008-6169 Drupal Cross-Site Request Forgery (CSRF) vulnerability in Drupal Localization Client and Localization Server

Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as administrators via unspecified vectors related to the "local translation submission interface."

6.8
2009-02-19 CVE-2008-6165 Easy Script SQL Injection vulnerability in Easy-Script Cspartner 0.1

SQL injection vulnerability in gestion.php in CSPartner 0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) pseudo and (2) passe parameters.

6.8
2009-02-16 CVE-2009-0597 W3B CMS SQL Injection vulnerability in W3B CMS AKA W3Blabor CMS

SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action.

6.8
2009-02-16 CVE-2009-0596 Phpskelsite Path Traversal vulnerability in PHPskelsite 1.4

Directory traversal vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the TplSuffix parameter.

6.8
2009-02-16 CVE-2008-6146 Deluxebb SQL Injection vulnerability in Deluxebb

SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989.

6.8
2009-02-22 CVE-2009-0677 Ravenphpscripts Code Injection vulnerability in Ravenphpscripts Ravennuke 2.30

avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with the eval switch, as specified in an element of the patterns array.

6.5
2009-02-22 CVE-2009-0673 Ravenphpscripts Code Injection vulnerability in Ravenphpscripts Ravennuke 2.30

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php.

6.5
2009-02-22 CVE-2009-0672 Ravenphpscripts SQL Injection vulnerability in Ravenphpscripts Ravennuke 2.30

SQL injection vulnerability in the Resend_Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user_prefix parameter to modules.php.

6.5
2009-02-22 CVE-2009-0440 IBM Improper Authentication vulnerability in IBM Websphere Partner Gateway

IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print."

6.5
2009-02-20 CVE-2009-0651 Symantec Improper Input Validation vulnerability in Symantec Veritas Netbackup Server /Enterprise Server 5.1/6.0/6.5

Unspecified vulnerability in the Veritas network daemon (aka vnetd) in Symantec Veritas NetBackup Server / Enterprise Server 5.x, 6.0 before MP7 SP1, and 6.5 before 6.5.3.1 allows remote attackers to execute arbitrary code via unknown vectors related to "initial communications setup."

6.5
2009-02-18 CVE-2009-0645 Jaws Path Traversal vulnerability in Jaws 0.8.8

Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a ..

6.5
2009-02-16 CVE-2008-6156 Formfields SQL Injection vulnerability in Formfields Adman 1.1.20070907

SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 allows remote authenticated users to execute arbitrary SQL commands via the campaignId parameter.

6.5
2009-02-16 CVE-2009-0593 Plxwebdev SQL Injection vulnerability in Plxwebdev PLX Auto Reminder 3.7

SQL injection vulnerability in members.php in plx Auto Reminder 3.7 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a newar action.

6.5
2009-02-19 CVE-2008-4392 D J Bernstein Race Condition vulnerability in D.J.Bernstein Djbdns 1.05

dnscache in Daniel J.

6.4
2009-02-22 CVE-2009-0674 Ravenphpscripts Code Injection vulnerability in Ravenphpscripts Ravennuke 2.30

images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote attackers to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the error messages, which differ between existing and nonexistent pathnames.

6.0
2009-02-17 CVE-2009-0613 Trendmicro Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Suite 3.1

Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages.

6.0
2009-02-20 CVE-2009-0652 Mozilla Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233.

5.8
2009-02-20 CVE-2009-0654 TOR Remote Security vulnerability in Tor

Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router.

5.1
2009-02-20 CVE-2009-0643 Dminnich Code Injection vulnerability in Dminnich Simple PHP News 1.0

Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php.

5.1
2009-02-16 CVE-2009-0595 Phpskelsite Code Injection vulnerability in PHPskelsite 1.4

PHP remote file inclusion vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.

5.1
2009-02-22 CVE-2009-0678 Ravenphpscripts Information Exposure vulnerability in Ravenphpscripts Ravennuke 2.30

images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message.

5.0
2009-02-20 CVE-2008-6222 Joomlashowroom
Joomla
Path Traversal vulnerability in Joomlashowroom PRO Desk Support Center 1.0/1.2

Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a ..

5.0
2009-02-20 CVE-2009-0659 Tptest Buffer Errors vulnerability in Tptest 3.1.7

Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 allows remote attackers to have an unknown impact via a STATS line with a long email field.

5.0
2009-02-20 CVE-2009-0640 Swannsecurity Path Traversal vulnerability in Swannsecurity Dvr4-Securanet

Directory traversal vulnerability in the administrative web server in Swann DVR4-SecuraNet allows remote attackers to read arbitrary files via a ..

5.0
2009-02-19 CVE-2008-6193 Myblog Cryptographic Issues vulnerability in Myblog

Sam Crew MyBlog stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.

5.0
2009-02-19 CVE-2008-6185 Noticeware Improper Input Validation vulnerability in Noticeware Email Server NG 5.1.2.2

NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a denial of service (crash) via multiple POP3 requests with a long PASS command.

5.0
2009-02-19 CVE-2009-0647 Microsoft Improper Input Validation vulnerability in Microsoft Windows Live Messenger 2009

msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line.

5.0
2009-02-19 CVE-2008-6175 K2Sxs Improper Input Validation vulnerability in K2Sxs Silvershield 1.0.2.34

SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of service (application crash) via a crafted argument to the opendir SFTP command.

5.0
2009-02-18 CVE-2009-0644 Swannsecurity Credentials Management vulnerability in Swannsecurity Dvr4-Securanet

The HTTP interface in Swann DVR4-SecuraNet has a certain default administrative username and password, which makes it easier for remote attackers to obtain privileged access.

5.0
2009-02-18 CVE-2008-6160 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal Semantically Interconnected Online Communities

Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors.

5.0
2009-02-18 CVE-2008-6159 Hans Oesterholt Information Exposure vulnerability in Hans Oesterholt Cmme 1.19

Content Management Made Easy (CMME) 1.19 allows remote attackers to obtain system information via a direct request to info.php, which invokes the phpinfo function.

5.0
2009-02-17 CVE-2008-6157 Sepcity Cryptographic Issues vulnerability in Sepcity Classified ADS

SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information.

5.0
2009-02-17 CVE-2008-4285 IBM Resource Management Errors vulnerability in IBM Websphere Application Server

Unspecified vulnerability in the Performance Monitoring Infrastructure (PMI) feature in the Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19, when a component statistic is enabled, allows attackers to cause a denial of service (daemon crash) via vectors related to "a gradual degradation in performance."

5.0
2009-02-16 CVE-2009-0599 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file.

5.0
2009-02-16 CVE-2008-6147 Aspapp Permissions, Privileges, and Access Controls vulnerability in Aspapp Forumapp 3.3

ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/8690.mdb or (2) data/8690BAK.mdb.

5.0
2009-02-17 CVE-2009-0605 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Stack consumption vulnerability in the do_page_fault function in arch/x86/mm/fault.c in the Linux kernel before 2.6.28.5 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via unspecified vectors that trigger page faults on a machine that has a registered Kprobes probe.

4.9
2009-02-22 CVE-2009-0679 Ravenphpscripts Cross-Site Scripting vulnerability in Ravenphpscripts Ravennuke 2.30

Cross-site scripting (XSS) vulnerability in the Your Account module in RavenNuke 2.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-02-20 CVE-2008-6217 Extrakt Cross-Site Scripting vulnerability in Extrakt Framework 0.7

Cross-site scripting (XSS) vulnerability in index.php in Extrakt Framework 0.7 allows remote attackers to inject arbitrary web script or HTML via the plugins[file][id] parameter.

4.3
2009-02-20 CVE-2008-6215 Bookingcentre Cross-Site Scripting vulnerability in Bookingcentre Booking System FOR Hotels Group

Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to inject arbitrary web script or HTML via the OfertaID parameter.

4.3
2009-02-20 CVE-2008-6164 Dreamcost Cross-Site Scripting vulnerability in Dreamcost Hostadmin 3.1.1

Cross-site scripting (XSS) vulnerability in index.php in DreamCost HostAdmin 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2009-02-20 CVE-2008-6212 PHP Stats Cross-Site Scripting vulnerability in PHP-Stats 0.1.9.1

Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats 0.1.9.1 allows remote attackers to inject arbitrary web script or HTML via the (1) sel_mese and (2) sel_anno parameters in a systems action.

4.3
2009-02-20 CVE-2008-6211 Mcgallerypro Cross-Site Scripting vulnerability in Mcgallerypro Mcgallery 1.1

Multiple cross-site scripting (XSS) vulnerabilities in PhpForums.net mcGallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the lang parameter to (1) admin.php, (2) index.php, (3) sess.php, (4) stats.php, (5) detail.php, (6) resize.php, and (7) show.php.

4.3
2009-02-20 CVE-2008-6208 E107 Cross-Site Scripting vulnerability in E107 0.7.11

Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters.

4.3
2009-02-20 CVE-2008-6205 Xaaaaav38 Cross-Site Scripting vulnerability in Xaaaaav38 Urlstreet 1.0

Cross-site scripting (XSS) vulnerability in seeurl.php in Xavier Flahaut URLStreet 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) language, (2) order, and (3) filter parameters.

4.3
2009-02-20 CVE-2008-6200 Wiki Cross-Site Scripting vulnerability in Wiki Swiki 1.5

Multiple cross-site scripting (XSS) vulnerabilities in Swiki 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the query string and (2) a new wiki entry.

4.3
2009-02-19 CVE-2008-6192 SUN Cross-Site Scripting vulnerability in SUN Java System Portal Server 7.0/7.1

Multiple cross-site scripting (XSS) vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2009-02-19 CVE-2008-6190 EEB Welt Cross-Site Scripting vulnerability in Eeb-Welt Eebcms 0.95

Cross-site scripting (XSS) vulnerability in index.php in EEBCMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter.

4.3
2009-02-19 CVE-2008-6174 Jetbox Cross-Site Scripting vulnerability in Jetbox CMS 2.1

Cross-site scripting (XSS) vulnerability in admin/postlister/index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the liste parameter.

4.3
2009-02-19 CVE-2008-6173 Clip Share Cross-Site Scripting vulnerability in Clip-Share Clipshare 4.0

Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShare Pro 4.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter.

4.3
2009-02-19 CVE-2008-6168 Miniportail Cross-Site Scripting vulnerability in Miniportail

Cross-site scripting (XSS) vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified argument, probably the search string.

4.3
2009-02-18 CVE-2005-4878 Acid
Secureideas
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to inject arbitrary web script or HTML via the sig[1] parameter and possibly other parameters, a different vulnerability than CVE-2007-6156.

4.3
2009-02-18 CVE-2008-6161 Sourceforge Cross-Site Scripting vulnerability in Sourceforge WOW Raid Manager

Cross-site scripting (XSS) vulnerability in WOW Raid Manager (WRM) before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-02-17 CVE-2009-0612 Trendmicro Information Exposure vulnerability in Trendmicro products

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.

4.3
2009-02-17 CVE-2009-0611 Novell Cross-Site Scripting vulnerability in Novell Open Enterprise Server 1.X

Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter.

4.3
2009-02-16 CVE-2009-0600 Wireshark Improper Input Validation vulnerability in Wireshark

Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame.

4.3
2009-02-16 CVE-2009-0594 Apmuthu Cross-Site Scripting vulnerability in Apmuthu PHPskelsite 1.4

Cross-site scripting (XSS) vulnerability in index.php in phpSkelSite 1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2009-02-16 CVE-2008-6144 Typo3 Cross-Site Scripting vulnerability in Typo3 WEC Discussion Forum

Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029.

4.3
2009-02-20 CVE-2008-6199 2532Gigs Permissions, Privileges, and Access Controls vulnerability in 2532Gigs 1.2.1

2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control.

4.0

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-02-20 CVE-2008-6229 Drupal Cross-Site Scripting vulnerability in Drupal Content Construction KIT

Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names.

3.5
2009-02-19 CVE-2008-6170 Drupal Cross-Site Scripting vulnerability in Drupal

Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title.

3.5
2009-02-17 CVE-2009-0359 Nongnu Cross-Site Scripting vulnerability in Nongnu Samizdat

Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name.

3.5
2009-02-16 CVE-2009-0603 Drupal Cross-Site Scripting vulnerability in Drupal Link Module 5.X2.5

Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field).

3.5
2009-02-22 CVE-2009-0676 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.

2.1
2009-02-22 CVE-2009-0675 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue.

2.1
2009-02-19 CVE-2008-6191 Intrinsic Credentials Management vulnerability in Intrinsic Swimage Encore

Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a hardcoded password, which might allow local users to decrypt certain .bin files.

2.1
2009-02-17 CVE-2009-0504 IBM Information Exposure vulnerability in IBM Websphere Application Server

WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.

2.1
2009-02-16 CVE-2009-0601 Wireshark
Apple
Freebsd
Linux
Netbsd
SUN
USE of Externally-Controlled Format String vulnerability in Wireshark

Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.

2.1