Vulnerability Summary for the Week of January 21, 2008
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
360 Web Manager -- 360 Web Manager | SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter. |
| 7.5 | CVE-2008-0430 MILW0RM BID FRSIRT XF | ||
Agares Media -- phpAutoVideo | PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614. |
| 7.5 | CVE-2008-0433 BUGTRAQ BID FRSIRT SECUNIA XF | ||
AlilG -- aliTalk | inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters. |
| 7.5 | CVE-2008-0391 MILW0RM BID | ||
AlstraSoft -- Forum Pay Per Post Exchange | SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action. |
| 7.5 | CVE-2008-0429 MILW0RM BID FRSIRT SECUNIA | ||
auraCMS -- Mod Block Statistik auraCMS -- AuraCMS | stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php. |
| 7.5 | CVE-2008-0390 MILW0RM BID | ||
BitDefender -- Update Server | Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request. |
| 7.8 | CVE-2008-0396 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
Blog CMS -- Blog CMS | Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c allow remote attackers to execute arbitrary PHP code via a URL in the (1) DIR_PLUGINS parameter to (a) index.php, and the (2) DIR_LIBS parameter to (b) media.php and (c) xmlrpc/server.php in admin/. |
| 7.5 | CVE-2008-0450 BUGTRAQ | ||
Bloo -- bloofoxCMS | Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| 7.8 | CVE-2008-0427 BUGTRAQ OTHER-REF FRSIRT SECUNIA XF | ||
BloofoxCMS -- BloofoxCMS | Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php. |
| 7.5 | CVE-2008-0428 BUGTRAQ OTHER-REF FRSIRT SECUNIA XF | ||
BoastMachine -- BoastMachine | SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2008-0422 BID FRSIRT | ||
businessobjects -- Crystal Reports Microsoft -- ActiveX | Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow. |
| 9.3 | CVE-2008-0379 MILW0RM BID SECTRACK XF | ||
Cisco -- 5500 Series Adaptive Security Appliance Cisco -- PIX 500 Series Security Appliance | Unspecified vulnerability in Cisco PIX 500 Series Security Appliance (PIX) and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet. |
| 7.1 | CVE-2008-0028 CISCO BID | ||
Cisco -- AVS | Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges. |
| 10.0 | CVE-2008-0029 CISCO | ||
Citadel -- Citadel_SMTP | Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information. |
| 9.4 | CVE-2008-0394 MILW0RM OTHER-REF SECUNIA XF | ||
Core Security Technologies -- CORE FORCE | Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module. |
| 7.2 | CVE-2008-0365 BUGTRAQ OTHER-REF BID | ||
Core Security Technologies -- CORE FORCE | CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments. |
| 7.2 | CVE-2008-0366 BUGTRAQ OTHER-REF BID | ||
CyberGL Dev Team -- phpSearch | PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.php in phpSearch allows remote attackers to execute arbitrary PHP code via a URL in the libcurlemuinc parameter. |
| 7.5 | CVE-2008-0448 BUGTRAQ XF | ||
Debian -- Debian Linux | Argument injection vulnerability in scponly 4.6 and earlier allows remote authenticated users to modify commands when scponly invokes (1) unison, (2) rsync, (3) svn, and (4) svnserve, which can be leveraged to execute arbitrary code, as demonstrated by the --diff3-cmd option to svn, a different vulnerability than CVE-2007-6350. |
| 8.5 | CVE-2007-6415 OTHER-REF SECUNIA | ||
Digital Data Communications -- RtspVapgDecoder.dll | Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property. |
| 10.0 | CVE-2008-0380 MILW0RM BID FRSIRT | ||
Foojan -- PHP Weblog | SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter. |
| 7.5 | CVE-2008-0447 MILW0RM | ||
Gecad Technologies -- Axigen Mail Server | Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command. |
| 7.5 | CVE-2008-0434 BUGTRAQ FULLDISC MILW0RM BID SECUNIA XF | ||
HP -- HP-UX | Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors. |
| 10.0 | CVE-2007-6425 HP | ||
HP -- HP Virtual Rooms Microsoft -- ActiveX | Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information. |
| 10.0 | CVE-2008-0437 FULLDISC BID FRSIRT SECUNIA | ||
IBM -- AIX | Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option. |
| 7.2 | CVE-2007-5764 IDEFENSE OTHER-REF AIXAPAR AIXAPAR AIXAPAR AIXAPAR | ||
IBM -- Informix Dynamic Server | Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows attackers to create files via unspecified vectors involving the onedcu program. |
| 10.0 | CVE-2008-0368 OTHER-REF AIXAPAR BID FRSIRT SECUNIA SECTRACK XF | ||
IBM -- Informix Dynamic Server | Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows attackers to create files via unspecified vectors involving the SQLIDEBUG environment variable. |
| 10.0 | CVE-2008-0369 OTHER-REF AIXAPAR BID FRSIRT SECUNIA SECTRACK XF | ||
IBM -- WebSphere Application Server | Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25 and 6.1 through 6.1.0.14 has unknown impact and attack vectors. |
| 10.0 | CVE-2008-0389 OTHER-REF BID FRSIRT SECUNIA | ||
IBM -- Tivoli Provisioning Manager OS Deployment | Unspecified vulnerability in the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment before 5.1.0.3 Interim Fix 3 allows attackers to cause a denial of service via unknown vectors. |
| 10.0 | CVE-2008-0401 OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
Invision Power Services -- Invision Gallery | SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command. |
| 7.5 | CVE-2008-0421 | ||
Julian Pawlowski -- LulieBlog | SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2008-0446 MILW0RM | ||
Lycos -- FileUploader.dll | Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control in FileUploader.dll 2.0.0.2 in Lycos FileUploader Module allows remote attackers to execute arbitrary code via a long HandwriterFilename property value. NOTE: some of these details are obtained from third party information. |
| 10.0 | CVE-2008-0443 MILW0RM BID FRSIRT SECUNIA | ||
Microsoft -- Visual Basic Enterprise Edition | Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line. |
| 9.3 | CVE-2008-0392 MILW0RM BID XF | ||
Microsoft -- ie Skype Technologies -- Skype | Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS." |
| 9.3 | CVE-2008-0454 BUGTRAQ FULLDISC FULLDISC OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF CERT-VN FRSIRT | ||
Mooseguy Blog System -- MGBS | SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) 1.0 allows remote attackers to execute arbitrary SQL commands via the month parameter. |
| 7.5 | CVE-2008-0424 MILW0RM BID FRSIRT | ||
MyBB -- MyBB | Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php. |
| 7.5 | CVE-2008-0383 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA XF XF | ||
MyBulletinBoard -- MyBulletinBoard | Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php. |
| 7.5 | CVE-2008-0382 BUGTRAQ MILW0RM MILW0RM BID SECUNIA | ||
News -- MicroNews | MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php. |
| 10.0 | CVE-2008-0377 BUGTRAQ XF | ||
OKI Printing Solutions -- C5510 MFP Printer | OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777. |
| 10.0 | CVE-2008-0374 BUGTRAQ OTHER-REF BID SECUNIA | ||
OKI Printing Solutions -- C5510 MFP Printer | Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors. |
| 10.0 | CVE-2008-0375 BUGTRAQ OTHER-REF BID SECUNIA | ||
PacerCMS -- PacerCMS | Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/. |
| 7.5 | CVE-2008-0451 BUGTRAQ OTHER-REF BID XF | ||
PHP -- F1 Maxs File Uploader | Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files. |
| 7.5 | CVE-2008-0373 BUGTRAQ BID XF | ||
Rocksalt International -- VP_ASP | SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2008-0449 BID XF | ||
Small Axe Solutions -- Weblog | PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CVE-2008-0376. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2008-0442 BID SECUNIA | ||
Winamp -- Nullsoft Winamp | Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles. |
| 10.0 | CVE-2008-0065 OTHER-REF OTHER-REF FRSIRT SECUNIA |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
8e6 -- R3000 Internet Filter | 8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request. |
| 5.0 | CVE-2008-0372 BUGTRAQ BID SECUNIA XF BUGTRAQ | ||
absofort -- aconon Mail Enterprise SQL | Directory traversal vulnerability in archiv.cgi in absofort aconon Mail 2007 Enterprise SQL 11.7.0 and Mail 2004 Enterprise SQL 11.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. |
| 5.0 | CVE-2008-0464 FULLDISC MILW0RM OTHER-REF BID SECUNIA | ||
Aflog -- Aflog | Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form. |
| 4.3 | CVE-2008-0398 MILW0RM BID | ||
aflog.org -- aflog | Multiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to comments.php and (2) an unspecified parameter to view.php. |
| 6.8 | CVE-2008-0397 MILW0RM BID | ||
Agares Media -- phpAutoVideo | Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. |
| 4.3 | CVE-2008-0432 BUGTRAQ BID FRSIRT SECUNIA XF | ||
AlilG -- aliTalk | Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to (c) admin/index.php, related to functionz/first_process.php, or (d) index.php. NOTE: some of these details are obtained from third party information. |
| 6.8 | CVE-2008-0371 MILW0RM BID SECUNIA XF XF XF XF | ||
AlstraSoft -- Forum Pay Per Post Exchange | AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts. |
| 5.0 | CVE-2008-0440 MILW0RM | ||
Apache Software Foundation -- Tomcat | The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests, making it easier for remote attackers to capture this cookie. |
| 5.0 | CVE-2008-0128 OTHER-REF OTHER-REF BID FRSIRT SECUNIA SECUNIA XF | ||
Apache Software Foundation -- Apache HTTP Server | Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. |
| 4.3 | CVE-2008-0455 BUGTRAQ OTHER-REF BID SECTRACK | ||
Belkin -- F5D9230-4 | The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi. |
| 5.5 | CVE-2008-0403 BUGTRAQ MILW0RM BID FRSIRT XF | ||
cPanel -- cPanel | Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information. |
| 4.3 | CVE-2008-0370 BUGTRAQ OTHER-REF BID SECUNIA | ||
DeluxeBB -- DeluxeBB | Cross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter. |
| 4.3 | CVE-2008-0439 BUGTRAQ | ||
Drupal -- Archive Module | Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | CVE-2008-0462 OTHER-REF BID SECUNIA | ||
Drupal -- Workflow | Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties. |
| 4.3 | CVE-2008-0463 OTHER-REF SECUNIA | ||
EasySiteNetwork -- Recipe Website Script | SQL injection vulnerability in list.php in Easysitenetwork Recipe allows remote attackers to execute arbitrary SQL commands via the categoryid parameter. |
| 6.8 | CVE-2008-0453 MILW0RM BID | ||
ELOG -- ELOG | Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components. |
| 4.3 | CVE-2008-0444 OTHER-REF BID SECUNIA XF | ||
ELOG -- ELOG | The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information. |
| 5.0 | CVE-2008-0445 BID SECUNIA XF | ||
Francisco Burzi -- PHP-Nuke | SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. |
| 6.8 | CVE-2008-0461 MILW0RM BID FRSIRT SECUNIA | ||
Frimousse -- Frimousse | Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter. |
| 5.0 | CVE-2008-0425 MILW0RM BID FRSIRT XF | ||
GradMan -- GradMan | Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361. |
| 5.8 | CVE-2008-0393 MILW0RM BID SECUNIA XF | ||
IBM -- Websphere Business Modeler Basic IBM -- Websphere Business Modeler Advanced | Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group. |
| 6.0 | CVE-2008-0402 OTHER-REF OTHER-REF AIXAPAR BID SECTRACK SECUNIA | ||
IDMOS -- IDMOS CMS | Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter. |
| 5.0 | CVE-2008-0431 MILW0RM BID FRSIRT SECUNIA | ||
Kayako -- SupportSuite | Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal. |
| 5.0 | CVE-2008-0395 BUGTRAQ OTHER-REF SECUNIA | ||
Lama -- Lama Software | Multiple PHP remote file inclusion vulnerabilities in Lama Software allow remote attackers to execute arbitrary PHP code via a URL in the MY_CONF[classRoot] parameter to (1) inc.steps.access_error.php, (2) inc.steps.check_login.php, or (3) inc.steps.init_system.php in admin/functions/. |
| 6.8 | CVE-2008-0423 BID FRSIRT SECUNIA | ||
LiquidSilverCMS -- LiquidSilverCMS | Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter. |
| 6.8 | CVE-2008-0459 MILW0RM BID SECUNIA | ||
Mahara -- Mahara | Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files. |
| 4.3 | CVE-2008-0381 OTHER-REF BID SECUNIA | ||
Mantis -- Mantis | Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the "Most active bugs" summary. |
| 4.3 | CVE-2008-0404 OTHER-REF BID FRSIRT SECUNIA XF | ||
Microsoft -- ie MediaWiki -- MediaWiki BotQuery Ext MediaWiki -- MediaWiki | Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | CVE-2008-0460 MLIST SECUNIA | ||
Modern -- Modern singapore -- singapore | Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php. |
| 4.3 | CVE-2008-0400 OTHER-REF BID FRSIRT SECUNIA | ||
Mozilla -- Firefox | Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks. |
| 5.0 | CVE-2008-0367 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF OTHER-REF OTHER-REF | ||
NEC -- SocksCap | Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname. |
| 6.8 | CVE-2008-0378 BUGTRAQ BID | ||
Novemberborn -- sIFR | Cross-site scripting (XSS) vulnerability in the font rendering functionality in Novemberborn sIFR 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the txt parameter to a Flash (SWF) file, as demonstrated by fonts/FuturaLt.swf. |
| 4.3 | CVE-2008-0438 BUGTRAQ OTHER-REF BID | ||
OpenBSD -- Open_BSD | OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked. |
| 4.9 | CVE-2008-0384 MILW0RM MLIST OPENBSD BID SECTRACK SECUNIA | ||
OZJournals -- OZJournals | Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action. |
| 5.0 | CVE-2008-0435 MILW0RM BID FRSIRT SECUNIA | ||
PacerCMS -- PacerCMS | Cross-site scripting (XSS) vulnerability in submit.php in PacerCMS before 0.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | CVE-2008-0426 OTHER-REF BID SECUNIA | ||
PD9 Software -- MegaBBS | Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp in PD9 Software MegaBBS 1.5.14b allows remote attackers to inject arbitrary web script or HTML via the target parameter. |
| 4.3 | CVE-2008-0436 BUGTRAQ BID | ||
PHP -- PHP | curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563. |
| 5.0 | CVE-2007-4850 SREASONRES BUGTRAQ FULLDISC OTHER-REF BID XF | ||
Seagull PHP Framework -- Seagull PHP Framework | Directory traversal vulnerability in optimizer.php in Seagull PHP Framework 0.6.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter. |
| 5.0 | CVE-2008-0465 MILW0RM BID | ||
Siteman -- Siteman | Directory traversal vulnerability in articles.php in Siteman 1.1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the cat parameter in a viewart action. |
| 5.0 | CVE-2008-0452 MILW0RM | ||
SLAED -- SLAED CMS | Directory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlang parameter to index.php. |
| 6.8 | CVE-2008-0458 MILW0RM BID | ||
Softpedia -- Small Axe Weblog | PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter. |
| 6.8 | CVE-2008-0376 MILW0RM | ||
Toshiba -- Surveillix RecordSend Class | Multiple buffer overflows in Toshiba Surveillance (Surveillix) RecordSend ActiveX control (MeIpCamX.DLL 1.0.0.4) allow remote attackers to execute arbitrary code via long arguments to the (1) SetPort and (2) SetIpAddress methods. |
| 6.8 | CVE-2008-0399 MILW0RM OTHER-REF BID FRSIRT SECUNIA XF | ||
WordPress -- WP_Forum | SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI. |
| 6.8 | CVE-2008-0388 MILW0RM BID FRSIRT SECUNIA XF |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Apache Software Foundation -- Apache HTTP Server | CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. |
| 3.5 | CVE-2008-0456 BUGTRAQ OTHER-REF BID SECTRACK | ||
IBM -- Tivoli Business Service Manager | IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in cleartext (1) after external authentication, which triggers writing the password to SM_server.log; and (2) after a reconfig action; which allows local users to obtain sensitive information. |
| 2.1 | CVE-2008-0441 OTHER-REF BID FRSIRT SECTRACK SECUNIA XF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.