Vulnerability Summary for the Week of March 3, 2008
Released
Mar 10, 2008
Document ID
SB08-070
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Vocera Communications -- wireless handsets | Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. |
| 7.1 | CVE-2008-1114 FULLDISC OTHER-REF OTHER-REF OTHER-REF BID | ||
| Affiliate Market -- Affiliate Market | SQL injection vulnerability in shop/detail.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2008-1177 MILW0RM XF | ||
| Beehive Software -- SendFile.NET | The outboxWriteUnsent function in FTPThread.class in SendFile.jar for Beehive Software SendFile.NET uses hard-coded credentials for an FTP server, which allows remote attackers to gain privileges. |
| 7.5 | CVE-2008-1079 BUGTRAQ BID | ||
| DESlock -- DESlock | DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, aka the "ring0 link list zero SYSTEM" vulnerability. |
| 7.2 | CVE-2008-1139 MILW0RM FRSIRT SECUNIA | ||
| DESlock -- DESlock | DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \\.\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the "ring0 SYSTEM" vulnerability. |
| 7.2 | CVE-2008-1140 MILW0RM FRSIRT SECUNIA | ||
| dream4 -- Koobi Pro | SQL injection vulnerability in index.php in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter in a downloads procedure. |
| 7.5 | CVE-2008-1122 MILW0RM | ||
| eazyPortal -- eazyPortal | SQL injection vulnerability in index.php in eazyPortal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the session_vars cookie. |
| 7.5 | CVE-2008-1121 MILW0RM BID SECUNIA | ||
| freshmeat -- XWine | w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information. |
| 7.2 | CVE-2008-0930 OTHER-REF SECUNIA | ||
| GNOME -- Evolution | Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version: field. |
| 9.3 | CVE-2008-0072 OTHER-REF DEBIAN REDHAT UBUNTU BID FRSIRT SECUNIA | ||
| Google -- Android SDK | Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field. |
| 7.5 | CVE-2008-0986 BUGTRAQ OTHER-REF OTHER-REF BID | ||
| ICQ -- Mirabilis ICQ | Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation. |
| 9.3 | CVE-2008-1120 OTHER-REF BID FRSIRT SECUNIA | ||
| ImageMagick -- GraphicsMagick ImageMagick -- ImageMagick | Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. |
| 9.3 | CVE-2008-1097 OTHER-REF OTHER-REF | ||
| Joomla -- com_garyscookbook Mambo -- com_garyscookbook | SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. |
| 7.5 | CVE-2008-1137 MILW0RM | ||
| Microsoft -- Access Microsoft -- Jet | Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026. |
| 8.5 | CVE-2008-1200 OTHER-REF BID | ||
| PHP Web Scripts -- Dynamic Photo Gallery | SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Photo Gallery 1.02 allows remote attackers to execute arbitrary SQL commands via the albumID parameter. |
| 7.5 | CVE-2008-1162 MILW0RM OTHER-REF BID SECUNIA | ||
| phpArcadeScript -- phpArcadeScript | SQL injection vulnerability in index.php in phpArcadeScript 1.0 through 3.0 RC2 allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action. |
| 7.5 | CVE-2008-1163 MILW0RM BID | ||
| phpComasy -- phpComasy | SQL injection vulnerability in index.php in phpComasy 0.8 allows remote attackers to execute arbitrary SQL commands via the mod_project_id parameter in a project_detail action. |
| 7.5 | CVE-2008-1164 MILW0RM BID | ||
| Red Hat -- enterprise_linux | The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash. |
| 7.8 | CVE-2008-1198 OTHER-REF OTHER-REF | ||
| Rising Antivirus International -- Rising Web Scan Object | Insecure method vulnerability in the Web Scan Object ActiveX control (OL2005.dll) in Rising Antivirus Online Scanner allows remote attackers to force the download and execution of arbitrary code by setting the BaseURL property and invoking the UpdateEngine method. NOTE: some of these details are obtained from third party information. |
| 9.3 | CVE-2008-1116 MILW0RM BID FRSIRT SECUNIA | ||
| Sarg -- Squid Analysis Report Generator | Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information. |
| 10.0 | CVE-2008-1167 OTHER-REF SECUNIA | ||
| SIMM-Comm -- SCI Photo Chat | Directory traversal vulnerability in the embedded HTTP server in SCI Photo Chat Server 3.4.9 and earlier allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot forward slash) in the GET command. |
| 7.8 | CVE-2008-1169 OTHER-REF BID FRSIRT XF | ||
| Sun -- JRE Sun -- JDK | Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. |
| 8.5 | CVE-2008-1195 SUNALERT | ||
| SynCE -- vdccm | Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) might allow attackers to cause a denial of service via unspecified vectors. |
| 10.0 | CVE-2007-6703 OTHER-REF | ||
| SynCE -- SynCE | The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679. |
| 9.3 | CVE-2008-1136 BUGTRAQ OTHER-REF OTHER-REF BID XF | ||
| Vocera Communications -- Vocera Communications Badge | Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. |
| 7.8 | CVE-2008-1113 FULLDISC FULLDISC OTHER-REF OTHER-REF BID SECTRACK SECUNIA |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Barryvan Compo -- Barryvan Compo Manager | PHP remote file inclusion vulnerability in main.php in Barryvan Compo Manager 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the pageURL parameter. |
| 6.8 | CVE-2008-1126 MILW0RM | ||
| BSD Perimeter -- pfSense | Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | CVE-2008-1182 OTHER-REF BID SECUNIA | ||
| Centreon -- Centreon | Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.0 | CVE-2008-1119 MILW0RM OTHER-REF BID | ||
| Centreon -- Centreon | Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2008-1119. |
| 6.8 | CVE-2008-1178 BUGTRAQ OTHER-REF BID SECUNIA XF | ||
| Centreon -- Centreon | Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters. NOTE: some of these details are obtained from third party information. |
| 4.3 | CVE-2008-1179 OTHER-REF BID SECUNIA XF | ||
| Crafty Syntax Live Help -- Crafty Syntax Live Help | Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax Live Help (CSLH) before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) livehelp.php, (2) user_questions.php, and (3) leavemessage.php. NOTE: the lostsheep.php vector is covered by CVE-2008-0848. |
| 4.3 | CVE-2008-1183 OTHER-REF BID SECUNIA XF | ||
| Crytek -- Crysis | Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed. |
| 6.0 | CVE-2008-1127 MILW0RM BID | ||
| Darwin -- Darwin Cosmicperl -- Directory Pro Navision -- Financials Server | A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND. |
| 6.8 | CVE-2008-1146 OTHER-REF OTHER-REF BUGTRAQ BID SECUNIA | ||
| Darwin -- Darwin Cosmicperl -- Directory Pro Navision -- Financials Server | A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting. |
| 6.8 | CVE-2008-1147 OTHER-REF OTHER-REF BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF BID SECUNIA | ||
| Darwin -- Darwin Cosmicperl -- Directory Pro Navision -- Financials Server | A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting. |
| 6.8 | CVE-2008-1148 OTHER-REF OTHER-REF BUGTRAQ BID SECUNIA | ||
| DESlock -- DESlock | DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (system crash) via a certain ZERO_MEM DLMFENC_IOCTL request to \\.\DLKPFSD_Device, aka the "ring0 link list zero" vulnerability. |
| 4.9 | CVE-2008-1138 MILW0RM FRSIRT SECUNIA | ||
| DESlock -- DESlock | Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (kernel memory consumption) via a series of DLMFENC_IOCTL requests to \\.\DLKPFSD_Device that allocate "link list structures." |
| 4.9 | CVE-2008-1141 MILW0RM FRSIRT SECUNIA | ||
| DNSSEC-Tools -- DNSSEC-Tools | The DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks. |
| 5.0 | CVE-2008-1184 OTHER-REF FEDORA FEDORA FRSIRT SECUNIA SECUNIA | ||
| Dovecot -- Dovecot | Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. |
| 4.1 | CVE-2008-1199 BUGTRAQ MLIST BID XF | ||
| Drupal -- Drupal | The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks. |
| 4.3 | CVE-2008-1133 OTHER-REF BID SECUNIA | ||
| Flicks Software -- Authentix | Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter. |
| 4.3 | CVE-2008-1174 FULLDISC BID SECTRACK SECUNIA | ||
| Flicks Software -- Authentix | Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter to aspAdmin/deleteUser.asp, a different vector than CVE-2008-1174. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2008-1175 SECUNIA | ||
| Flyspray -- Flyspray | Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information. |
| 4.3 | CVE-2008-1165 OTHER-REF SECUNIA | ||
| Flyspray -- Flyspray | Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.0 | CVE-2008-1166 SECUNIA | ||
| GoAhead Software -- GoAhead WebServer GoAhead Software -- FS4104-AW Device | goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603. |
| 5.0 | CVE-2007-6702 MILW0RM | ||
| Google -- Android SDK | Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width. |
| 6.8 | CVE-2008-0985 BUGTRAQ OTHER-REF OTHER-REF BID | ||
| IBM -- WebSphere MQ | Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel. |
| 6.6 | CVE-2008-1130 AIXAPAR BID FRSIRT SECTRACK SECUNIA | ||
| ImageMagick -- GraphicsMagick ImageMagick -- ImageMagick | The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function. |
| 6.8 | CVE-2008-1096 OTHER-REF OTHER-REF | ||
| Juniper -- Secure Access 2000 | Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the delivery_mode parameter. |
| 4.3 | CVE-2008-1180 BUGTRAQ OTHER-REF BID SECUNIA XF | ||
| Juniper -- Secure Access 2000 | Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message. |
| 5.0 | CVE-2008-1181 BUGTRAQ BID SECTRACK | ||
| KCWiki -- KCWiki | Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php. |
| 6.8 | CVE-2008-1170 BUGTRAQ | ||
| Learn2 -- STRunner | Multiple stack-based buffer overflows in the Learn2 Corporation STRunner (aka Street Technologies) ActiveX control in iestm32.dll allow remote attackers to execute arbitrary code via unspecified vectors. |
| 6.8 | CVE-2007-6252 CERT-VN | ||
| Light httpd -- Light httpd | mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source code of CGI scripts instead of a 500 error, which might allow remote attackers to obtain sensitive information. |
| 5.0 | CVE-2008-1111 OTHER-REF OTHER-REF | ||
| MoinMoin -- MoinMoin | Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780. |
| 4.3 | CVE-2008-1098 OTHER-REF OTHER-REF OTHER-REF | ||
| MoinMoin -- MoinMoin | _macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages. |
| 5.0 | CVE-2008-1099 OTHER-REF OTHER-REF | ||
| Net Activity Viewer -- Net Activity Viewer | Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action. |
| 4.7 | CVE-2008-1132 OTHER-REF SECUNIA | ||
| Omegasoft -- INterneSErvicesLosungen | OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports authentication with a cookie that lacks a shared secret, which allows remote attackers to login as an arbitrary user via a modified cookie. |
| 6.4 | CVE-2008-1134 BUGTRAQ BID XF | ||
| Omegasoft -- INterneSErvicesLosungen | OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames. |
| 5.0 | CVE-2008-1135 BUGTRAQ BID XF | ||
| phpBB -- 123 Flash Chat Module | ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123flashchat.php and (2) phpbb_login_chat.php. NOTE: CVE disputes this issue because $phpbb_root_path is explicitly set to "./" in both programs. |
| 6.8 | CVE-2008-1171 BUGTRAQ BUGTRAQ VIM | ||
| phpMyAdmin -- phpMyAdmin | phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross Site Request Forgery (CSRF) attacks by using crafed cookies. |
| 5.1 | CVE-2008-1149 OTHER-REF | ||
| phpMytourney -- phpMytourney | PHP remote file inclusion vulnerability in tourney/index.php in phpMyTourney 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
| 6.8 | CVE-2008-1128 BUGTRAQ BID | ||
| Podcast Generator -- Podcast Generator | Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to (1) components/xmlparser/loadparser.php; (2) admin.php, (3) categories.php, (4) categories_add.php, (5) categories_remove.php, (6) edit.php, (7) editdel.php, (8) ftpfeature.php, (9) login.php, (10) pgRSSnews.php, (11) showcat.php, and (12) upload.php in core/admin/; and (13) archive_cat.php, (14) archive_nocat.php, and (15) recent_list.php in core/. |
| 6.8 | CVE-2008-1124 MILW0RM | ||
| Podcast Generator -- Podcast Generator | Multiple directory traversal vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) theme_path parameter to core/themes.php and the (2) filename parameter to download.php. |
| 5.0 | CVE-2008-1125 MILW0RM | ||
| QEMU -- QEMU | Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. |
| 4.7 | CVE-2008-0928 MLIST OTHER-REF FEDORA FEDORA SECUNIA | ||
| Sarg -- Squid Analysis Report Generator | Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2008-1168 SECUNIA | ||
| Sitebuilder -- SiteBuilder Elite | Multiple PHP remote file inclusion vulnerabilities in SiteBuilder Elite 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the CarpPath parameter to (1) files/carprss.php and (2) files/amazon-bestsellers.php. |
| 6.8 | CVE-2008-1123 MILW0RM | ||
| Sun -- Solaris | Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands. |
| 4.9 | CVE-2008-1115 SUNALERT FRSIRT | ||
| Sun -- JRE Sun -- JDK | Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186. |
| 6.0 | CVE-2008-1185 SUNALERT | ||
| Sun -- JRE Sun -- JDK | Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185. |
| 6.0 | CVE-2008-1186 SUNALERT | ||
| Sun -- JRE Sun -- JDK | Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms. |
| 6.0 | CVE-2008-1187 SUNALERT | ||
| Sun -- JRE Sun -- JDK | Multiple buffer overflows in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1189. |
| 6.0 | CVE-2008-1188 SUNALERT | ||
| Sun -- JRE Sun -- JDK | Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188. |
| 6.0 | CVE-2008-1189 SUNALERT | ||
| Sun -- JRE Sun -- JDK | Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191. |
| 6.0 | CVE-2008-1190 SUNALERT | ||
| Sun -- JRE Sun -- JDK | Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190. |
| 6.0 | CVE-2008-1191 SUNALERT | ||
| Sun -- JRE Sun -- JDK | Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, 1.4.2_16 and earlier, and 1.3.1_21 and earlier allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors. |
| 6.0 | CVE-2008-1192 SUNALERT | ||
| Sun -- JRE Sun -- JDK | Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application. |
| 6.0 | CVE-2008-1193 SUNALERT | ||
| Sun -- JRE Sun -- JDK | Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file. |
| 6.0 | CVE-2008-1196 SUNALERT | ||
| TorrentTrader -- TorrentTrader Classic TorrentTrader -- TorrentTrader | Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php in TorrentTrader Classic 1.08 allow remote attackers to perform certain actions as other users, as demonstrated by sending messages. |
| 4.3 | CVE-2008-1172 BUGTRAQ XF | ||
| TorrentTrader -- TorrentTrader Classic TorrentTrader -- TorrentTrader | Cross-site scripting (XSS) vulnerability in account-inbox.php in TorrentTrader Classic 1.08 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. . |
| 4.3 | CVE-2008-1173 BUGTRAQ BID SECUNIA XF | ||
| WEBrick -- WEBrick | Directory traversal vulnerability in WEBrick 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. |
| 5.0 | CVE-2008-1145 OTHER-REF | ||
| XRMS CRM -- XRMS | Cross-site scripting (XSS) vulnerability in admin/users/self.php in XRMS CRM allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information. |
| 4.3 | CVE-2008-1129 BUGTRAQ BID SECUNIA | ||
| XWine -- XWine | w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file. |
| 6.3 | CVE-2008-0931 OTHER-REF SECUNIA |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Adobe -- Acrobat Reader | acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling. |
| 3.7 | CVE-2008-0883 OTHER-REF BID FRSIRT SECUNIA | ||
| Affiliate Market -- Affiliate Market | Cross-site scripting (XSS) vulnerability in function/sideblock.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to inject arbitrary web script or HTML via the sideblock4 parameter. |
| 2.6 | CVE-2008-1176 MILW0RM XF | ||
| Drupal -- Drupal | Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms. |
| 3.5 | CVE-2008-1131 OTHER-REF BID SECUNIA | ||
| F5 -- Firepass 4100 | Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3. |
| 2.6 | CVE-2007-6704 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF BID BID OSVDB OSVDB SECTRACK SECUNIA XF XF | ||
| Sun -- JRE Sun -- JDK | Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors. |
| 3.5 | CVE-2008-1194 SUNALERT |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.