Vulnerability Summary for the Week of January 21, 2008

Released
Jan 28, 2008
Document ID
SB08-028

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
360 Web Manager -- 360 Web ManagerSQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter.
unknown
2008-01-23
7.5CVE-2008-0430
MILW0RM
BID
FRSIRT
XF
Agares Media -- phpAutoVideoPHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614.
unknown
2008-01-23
7.5CVE-2008-0433
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
AlilG -- aliTalkinc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters.
unknown
2008-01-22
7.5CVE-2008-0391
MILW0RM
BID
AlstraSoft -- Forum Pay Per Post ExchangeSQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.
unknown
2008-01-23
7.5CVE-2008-0429
MILW0RM
BID
FRSIRT
SECUNIA
auraCMS -- Mod Block Statistik
auraCMS -- AuraCMS
stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php.
unknown
2008-01-22
7.5CVE-2008-0390
MILW0RM
BID
BitDefender -- Update ServerDirectory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.
unknown
2008-01-23
7.8CVE-2008-0396
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Blog CMS -- Blog CMSMultiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c allow remote attackers to execute arbitrary PHP code via a URL in the (1) DIR_PLUGINS parameter to (a) index.php, and the (2) DIR_LIBS parameter to (b) media.php and (c) xmlrpc/server.php in admin/.
unknown
2008-01-24
7.5CVE-2008-0450
BUGTRAQ
Bloo -- bloofoxCMSDirectory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
unknown
2008-01-23
7.8CVE-2008-0427
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
XF
BloofoxCMS -- BloofoxCMSMultiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php.
unknown
2008-01-23
7.5CVE-2008-0428
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
XF
BoastMachine -- BoastMachineSQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-01-23
7.5CVE-2008-0422
BID
FRSIRT
businessobjects -- Crystal Reports
Microsoft -- ActiveX
Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow.
unknown
2008-01-22
9.3CVE-2008-0379
MILW0RM
BID
SECTRACK
XF
Cisco -- 5500 Series Adaptive Security Appliance
Cisco -- PIX 500 Series Security Appliance
Unspecified vulnerability in Cisco PIX 500 Series Security Appliance (PIX) and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet.
unknown
2008-01-23
7.1CVE-2008-0028
CISCO
BID
Cisco -- AVSCisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges.
unknown
2008-01-23
10.0CVE-2008-0029
CISCO
Citadel -- Citadel_SMTPBuffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information.
unknown
2008-01-23
9.4CVE-2008-0394
MILW0RM
OTHER-REF
SECUNIA
XF
Core Security Technologies -- CORE FORCEMultiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module.
unknown
2008-01-18
7.2CVE-2008-0365
BUGTRAQ
OTHER-REF
BID
Core Security Technologies -- CORE FORCECORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments.
unknown
2008-01-18
7.2CVE-2008-0366
BUGTRAQ
OTHER-REF
BID
CyberGL Dev Team -- phpSearchPHP remote file inclusion vulnerability in utils/class_HTTPRetriever.php in phpSearch allows remote attackers to execute arbitrary PHP code via a URL in the libcurlemuinc parameter.
unknown
2008-01-24
7.5CVE-2008-0448
BUGTRAQ
XF
Debian -- Debian LinuxArgument injection vulnerability in scponly 4.6 and earlier allows remote authenticated users to modify commands when scponly invokes (1) unison, (2) rsync, (3) svn, and (4) svnserve, which can be leveraged to execute arbitrary code, as demonstrated by the --diff3-cmd option to svn, a different vulnerability than CVE-2007-6350.
unknown
2008-01-24
8.5CVE-2007-6415
OTHER-REF
SECUNIA
Digital Data Communications -- RtspVapgDecoder.dllBuffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property.
unknown
2008-01-22
10.0CVE-2008-0380
MILW0RM
BID
FRSIRT
Foojan -- PHP WeblogSQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter.
unknown
2008-01-24
7.5CVE-2008-0447
MILW0RM
Gecad Technologies -- Axigen Mail ServerFormat string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command.
unknown
2008-01-23
7.5CVE-2008-0434
BUGTRAQ
FULLDISC
MILW0RM
BID
SECUNIA
XF
HP -- HP-UXUnspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors.
unknown
2008-01-23
10.0CVE-2007-6425
HP
HP -- HP Virtual Rooms
Microsoft -- ActiveX
Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information.
unknown
2008-01-23
10.0CVE-2008-0437
FULLDISC
BID
FRSIRT
SECUNIA
IBM -- AIXBuffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option.
unknown
2008-01-24
7.2CVE-2007-5764
IDEFENSE
OTHER-REF
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
IBM -- Informix Dynamic ServerUnspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows attackers to create files via unspecified vectors involving the onedcu program.
unknown
2008-01-18
10.0CVE-2008-0368
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
SECTRACK
XF
IBM -- Informix Dynamic ServerUnspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows attackers to create files via unspecified vectors involving the SQLIDEBUG environment variable.
unknown
2008-01-18
10.0CVE-2008-0369
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
SECTRACK
XF
IBM -- WebSphere Application ServerUnspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25 and 6.1 through 6.1.0.14 has unknown impact and attack vectors.
unknown
2008-01-22
10.0CVE-2008-0389
OTHER-REF
BID
FRSIRT
SECUNIA
IBM -- Tivoli Provisioning Manager OS DeploymentUnspecified vulnerability in the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment before 5.1.0.3 Interim Fix 3 allows attackers to cause a denial of service via unknown vectors.
unknown
2008-01-23
10.0CVE-2008-0401
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Invision Power Services -- Invision GallerySQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command.
unknown
2008-01-23
7.5CVE-2008-0421
Julian Pawlowski -- LulieBlogSQL injection vulnerability in voircom.php in LulieBlog 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-01-24
7.5CVE-2008-0446
MILW0RM
Lycos -- FileUploader.dllHeap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control in FileUploader.dll 2.0.0.2 in Lycos FileUploader Module allows remote attackers to execute arbitrary code via a long HandwriterFilename property value. NOTE: some of these details are obtained from third party information.
unknown
2008-01-24
10.0CVE-2008-0443
MILW0RM
BID
FRSIRT
SECUNIA
Microsoft -- Visual Basic Enterprise EditionMultiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line.
unknown
2008-01-22
9.3CVE-2008-0392
MILW0RM
BID
XF
Microsoft -- ie
Skype Technologies -- Skype
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS."
unknown
2008-01-24
9.3CVE-2008-0454
BUGTRAQ
FULLDISC
FULLDISC
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
CERT-VN
FRSIRT
Mooseguy Blog System -- MGBSSQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) 1.0 allows remote attackers to execute arbitrary SQL commands via the month parameter.
unknown
2008-01-23
7.5CVE-2008-0424
MILW0RM
BID
FRSIRT
MyBB -- MyBBMultiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php.
unknown
2008-01-22
7.5CVE-2008-0383
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
XF
MyBulletinBoard -- MyBulletinBoardMultiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
unknown
2008-01-22
7.5CVE-2008-0382
BUGTRAQ
MILW0RM
MILW0RM
BID
SECUNIA
News -- MicroNewsMicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php.
unknown
2008-01-22
10.0CVE-2008-0377
BUGTRAQ
XF
OKI Printing Solutions -- C5510 MFP PrinterOKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777.
unknown
2008-01-22
10.0CVE-2008-0374
BUGTRAQ
OTHER-REF
BID
SECUNIA
OKI Printing Solutions -- C5510 MFP PrinterUnspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors.
unknown
2008-01-22
10.0CVE-2008-0375
BUGTRAQ
OTHER-REF
BID
SECUNIA
PacerCMS -- PacerCMSMultiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/.
unknown
2008-01-24
7.5CVE-2008-0451
BUGTRAQ
OTHER-REF
BID
XF
PHP -- F1 Maxs File UploaderUnrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files.
unknown
2008-01-22
7.5CVE-2008-0373
BUGTRAQ
BID
XF
Rocksalt International -- VP_ASPSQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-01-24
7.5CVE-2008-0449
BID
XF
Small Axe Solutions -- WeblogPHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CVE-2008-0376. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-01-24
7.5CVE-2008-0442
BID
SECUNIA
Winamp -- Nullsoft WinampMultiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles.
unknown
2008-01-22
10.0CVE-2008-0065
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
8e6 -- R3000 Internet Filter8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request.
unknown
2008-01-22
5.0CVE-2008-0372
BUGTRAQ
BID
SECUNIA
XF
BUGTRAQ
absofort -- aconon Mail Enterprise SQLDirectory traversal vulnerability in archiv.cgi in absofort aconon Mail 2007 Enterprise SQL 11.7.0 and Mail 2004 Enterprise SQL 11.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
unknown
2008-01-25
5.0CVE-2008-0464
FULLDISC
MILW0RM
OTHER-REF
BID
SECUNIA
Aflog -- AflogCross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form.
unknown
2008-01-23
4.3CVE-2008-0398
MILW0RM
BID
aflog.org -- aflogMultiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to comments.php and (2) an unspecified parameter to view.php.
unknown
2008-01-23
6.8CVE-2008-0397
MILW0RM
BID
Agares Media -- phpAutoVideoCross-site scripting (XSS) vulnerability in index.php in phpAutoVideo 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
unknown
2008-01-23
4.3CVE-2008-0432
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
AlilG -- aliTalkMultiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to (c) admin/index.php, related to functionz/first_process.php, or (d) index.php. NOTE: some of these details are obtained from third party information.
unknown
2008-01-22
6.8CVE-2008-0371
MILW0RM
BID
SECUNIA
XF
XF
XF
XF
AlstraSoft -- Forum Pay Per Post ExchangeAlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts.
unknown
2008-01-23
5.0CVE-2008-0440
MILW0RM
Apache Software Foundation -- TomcatThe SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests, making it easier for remote attackers to capture this cookie.
unknown
2008-01-22
5.0CVE-2008-0128
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SECUNIA
XF
Apache Software Foundation -- Apache HTTP ServerCross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
unknown
2008-01-24
4.3CVE-2008-0455
BUGTRAQ
OTHER-REF
BID
SECTRACK
Belkin -- F5D9230-4The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi.
unknown
2008-01-23
5.5CVE-2008-0403
BUGTRAQ
MILW0RM
BID
FRSIRT
XF
cPanel -- cPanelCross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information.
unknown
2008-01-22
4.3CVE-2008-0370
BUGTRAQ
OTHER-REF
BID
SECUNIA
DeluxeBB -- DeluxeBBCross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter.
unknown
2008-01-23
4.3CVE-2008-0439
BUGTRAQ
Drupal -- Archive ModuleCross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-01-25
4.3CVE-2008-0462
OTHER-REF
BID
SECUNIA
Drupal -- WorkflowCross-site scripting (XSS) vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties.
unknown
2008-01-25
4.3CVE-2008-0463
OTHER-REF
SECUNIA
EasySiteNetwork -- Recipe Website ScriptSQL injection vulnerability in list.php in Easysitenetwork Recipe allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
unknown
2008-01-24
6.8CVE-2008-0453
MILW0RM
BID
ELOG -- ELOGCross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components.
unknown
2008-01-24
4.3CVE-2008-0444
OTHER-REF
BID
SECUNIA
XF
ELOG -- ELOGThe replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information.
unknown
2008-01-24
5.0CVE-2008-0445
BID
SECUNIA
XF
Francisco Burzi -- PHP-NukeSQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information.
unknown
2008-01-25
6.8CVE-2008-0461
MILW0RM
BID
FRSIRT
SECUNIA
Frimousse -- FrimousseAbsolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter.
unknown
2008-01-23
5.0CVE-2008-0425
MILW0RM
BID
FRSIRT
XF
GradMan -- GradManDirectory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361.
unknown
2008-01-22
5.8CVE-2008-0393
MILW0RM
BID
SECUNIA
XF
IBM -- Websphere Business Modeler Basic
IBM -- Websphere Business Modeler Advanced
Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group.
unknown
2008-01-23
6.0CVE-2008-0402
OTHER-REF
OTHER-REF
AIXAPAR
BID
SECTRACK
SECUNIA
IDMOS -- IDMOS CMSDirectory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter.
unknown
2008-01-23
5.0CVE-2008-0431
MILW0RM
BID
FRSIRT
SECUNIA
Kayako -- SupportSuiteKayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal.
unknown
2008-01-23
5.0CVE-2008-0395
BUGTRAQ
OTHER-REF
SECUNIA
Lama -- Lama SoftwareMultiple PHP remote file inclusion vulnerabilities in Lama Software allow remote attackers to execute arbitrary PHP code via a URL in the MY_CONF[classRoot] parameter to (1) inc.steps.access_error.php, (2) inc.steps.check_login.php, or (3) inc.steps.init_system.php in admin/functions/.
unknown
2008-01-23
6.8CVE-2008-0423
BID
FRSIRT
SECUNIA
LiquidSilverCMS -- LiquidSilverCMSDirectory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter.
unknown
2008-01-25
6.8CVE-2008-0459
MILW0RM
BID
SECUNIA
Mahara -- MaharaUnspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files.
unknown
2008-01-22
4.3CVE-2008-0381
OTHER-REF
BID
SECUNIA
Mantis -- MantisCross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the "Most active bugs" summary.
unknown
2008-01-23
4.3CVE-2008-0404
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Microsoft -- ie
MediaWiki -- MediaWiki BotQuery Ext
MediaWiki -- MediaWiki
Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-01-25
4.3CVE-2008-0460
MLIST
SECUNIA
Modern -- Modern
singapore -- singapore
Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php.
unknown
2008-01-23
4.3CVE-2008-0400
OTHER-REF
BID
FRSIRT
SECUNIA
Mozilla -- FirefoxMozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
unknown
2008-01-18
5.0CVE-2008-0367
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
NEC -- SocksCapStack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname.
unknown
2008-01-22
6.8CVE-2008-0378
BUGTRAQ
BID
Novemberborn -- sIFRCross-site scripting (XSS) vulnerability in the font rendering functionality in Novemberborn sIFR 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the txt parameter to a Flash (SWF) file, as demonstrated by fonts/FuturaLt.swf.
unknown
2008-01-23
4.3CVE-2008-0438
BUGTRAQ
OTHER-REF
BID
OpenBSD -- Open_BSDOpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked.
unknown
2008-01-22
4.9CVE-2008-0384
MILW0RM
MLIST
OPENBSD
BID
SECTRACK
SECUNIA
OZJournals -- OZJournalsDirectory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action.
unknown
2008-01-23
5.0CVE-2008-0435
MILW0RM
BID
FRSIRT
SECUNIA
PacerCMS -- PacerCMSCross-site scripting (XSS) vulnerability in submit.php in PacerCMS before 0.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-01-23
4.3CVE-2008-0426
OTHER-REF
BID
SECUNIA
PD9 Software -- MegaBBSCross-site scripting (XSS) vulnerability in profile-upload/upload.asp in PD9 Software MegaBBS 1.5.14b allows remote attackers to inject arbitrary web script or HTML via the target parameter.
unknown
2008-01-23
4.3CVE-2008-0436
BUGTRAQ
BID
PHP -- PHPcurl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.
unknown
2008-01-24
5.0CVE-2007-4850
SREASONRES
BUGTRAQ
FULLDISC
OTHER-REF
BID
XF
Seagull PHP Framework -- Seagull PHP FrameworkDirectory traversal vulnerability in optimizer.php in Seagull PHP Framework 0.6.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter.
unknown
2008-01-25
5.0CVE-2008-0465
MILW0RM
BID
Siteman -- SitemanDirectory traversal vulnerability in articles.php in Siteman 1.1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the cat parameter in a viewart action.
unknown
2008-01-24
5.0CVE-2008-0452
MILW0RM
SLAED -- SLAED CMSDirectory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlang parameter to index.php.
unknown
2008-01-25
6.8CVE-2008-0458
MILW0RM
BID
Softpedia -- Small Axe WeblogPHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter.
unknown
2008-01-22
6.8CVE-2008-0376
MILW0RM
Toshiba -- Surveillix RecordSend ClassMultiple buffer overflows in Toshiba Surveillance (Surveillix) RecordSend ActiveX control (MeIpCamX.DLL 1.0.0.4) allow remote attackers to execute arbitrary code via long arguments to the (1) SetPort and (2) SetIpAddress methods.
unknown
2008-01-23
6.8CVE-2008-0399
MILW0RM
OTHER-REF
BID
FRSIRT
SECUNIA
XF
WordPress -- WP_ForumSQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI.
unknown
2008-01-22
6.8CVE-2008-0388
MILW0RM
BID
FRSIRT
SECUNIA
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apache Software Foundation -- Apache HTTP ServerCRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
unknown
2008-01-24
3.5CVE-2008-0456
BUGTRAQ
OTHER-REF
BID
SECTRACK
IBM -- Tivoli Business Service ManagerIBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in cleartext (1) after external authentication, which triggers writing the password to SM_server.log; and (2) after a reconfig action; which allows local users to obtain sensitive information.
unknown
2008-01-24
2.1CVE-2008-0441
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.