Vulnerability Summary for the Week of February 25, 2008

Released
Mar 03, 2008
Document ID
SB08-063

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
aStats -- astatsPRO
Joomla -- com_astatspro
SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-22
7.5CVE-2008-0918
SECUNIA
beContent -- beContentSQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-02-22
7.5CVE-2008-0921
MILW0RM
BID
SECUNIA
Double-Take Software -- Double-TakeBuffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) 4.5.0.1629, and other 4.5.0.x versions, allows remote attackers to have an unknown impact via a packet with a long string in the username field.
unknown
2008-02-25
7.5CVE-2008-0973
BUGTRAQ
OTHER-REF
BID
Eagle Software -- Aeries Student Information SystemSQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter.
unknown
2008-02-25
7.5CVE-2008-0942
BUGTRAQ
BID
Eagle Software -- Aeries Student Information SystemMultiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp.
unknown
2008-02-25
7.5CVE-2008-0943
BUGTRAQ
BID
XF
SECUNIA
Fujitsu -- Interstage Application Server Enterprise
Fujitsu -- Interstage Apworks Enterprise
Fujitsu -- Interstage Studio Standard_J
Fujitsu -- Interstage Apworks Standard_J
Fujitsu -- Interstage Application Server Standard_J
Fujitsu -- Interstage Studio Enterprise
Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI.
unknown
2008-02-27
10.0CVE-2008-1040
OTHER-REF
BID
FRSIRT
SECUNIA
Gentoo -- rPath Linuxexpn in the am-utils and net-fs packages for Gentoo rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.
unknown
2008-02-28
7.2CVE-2008-1078
OTHER-REF
Linux Web Shop -- php User BasePHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter.
unknown
2008-02-27
7.5CVE-2008-1043
MILW0RM
BID
Mamboportal.com -- SimpleboardSQL injection vulnerability in index.php in the Simpleboard (com_simpleboard) 1.0.3 Stable component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action.
unknown
2008-02-28
7.5CVE-2008-1077
MILW0RM
BID
MandrakeSoft -- Mandrake Linux
Red Hat -- Enterprise Linux Desktop
Red Hat -- Enterprise Linux
D-BUS -- Inter-Process Communication System
Red Hat -- Enterprise Linux Desktop Workstation
Red Hat -- Fedora
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
unknown
2008-02-29
7.2CVE-2008-0595
MLIST
OTHER-REF
MANDRIVA
REDHAT
BID
FRSIRT
SECTRACK
SECUNIA
SECUNIA
Move Networks Inc -- Move Media Player
Move Networks Inc -- Qunatum Streaming Player
Stack-based buffer overflow in the Quantum Streaming Player (Quantum Streaming IE Player) ActiveX control (aka QSP2IE.QSP2IE) in qsp2ie07076007.dll 7.7.6.7 and qsp2ie07074039.dll 7.7.4.39 in Move Media Player allows remote attackers to execute arbitrary code via a long argument to the UploadLogs method, a different vector than CVE-2007-4722. NOTE: some of these details are obtained from third party information.
unknown
2008-02-27
7.5CVE-2008-1044
FULLDISC
MILW0RM
BID
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Thunderbird
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview.
unknown
2008-02-29
7.5CVE-2008-0304
IDEFENSE
OTHER-REF
BID
SECTRACK
SECUNIA
NetWin -- SurgeMail
NetWin -- WebMail
Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.
unknown
2008-02-27
7.5CVE-2008-1055
BUGTRAQ
BID
FRSIRT
SECUNIA
Novell -- iPrint Client
Novell -- iPrint
Stack-based buffer overflow in the Novell iPrint Control ActiveX control in ienipp.ocx in Novell iPrint Client before 4.34 allows remote attackers to execute arbitrary code via a long argument to the ExecuteRequest method.
unknown
2008-02-25
10.0CVE-2008-0935
OTHER-REF
BID
FRSIRT
SECUNIA
SECTRACK
NukeC -- NukeC
PHP-Nuke -- NukeC Module
SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action.
unknown
2008-02-25
7.5CVE-2008-0934
MILW0RM
BID
OpenBSD -- Open_BSDThe ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers.
unknown
2008-02-28
7.8CVE-2008-1057
OPENBSD
BID
FRSIRT
SECTRACK
SECUNIA
OpenBSD -- Open_BSDThe tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 allows attackers to cause a denial of service (panic) via crafted TCP packets. NOTE: some of these details are obtained from third party information.
unknown
2008-02-28
7.8CVE-2008-1058
OPENBSD
OPENBSD
BID
FRSIRT
SECTRACK
SECUNIA
PHP-Nuke -- ManualesSQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php.
unknown
2008-02-22
7.5CVE-2008-0922
MILW0RM
BID
PHPNuke -- Kose_Yazilari ModuleMultiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php.
unknown
2008-02-27
7.5CVE-2008-1053
MILW0RM
BID
PORAR -- WebboardSQL injection vulnerability in question.asp in PORAR WEBBOARD allows remote attackers to execute arbitrary SQL commands via the QID parameter.
unknown
2008-02-27
7.5CVE-2008-1039
MILW0RM
BID
SECUNIA
Positive Software -- SiteStudio
Positive Software -- H-Sphere
Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors.
unknown
2008-02-27
10.0CVE-2008-1049
OTHER-REF
SECUNIA
SoftBiz -- Jokes and Funny Pictures ScriptSQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.
unknown
2008-02-27
7.5CVE-2008-1050
BUGTRAQ
BID
Sybase -- MobiLink
Sybase -- SQL Anywhere
Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long (1) username, (2) version, or (3) remote ID. NOTE: some of these details are obtained from third party information.
unknown
2008-02-22
10.0CVE-2008-0912
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
SECTRACK
Symantec -- Backup Exec for Windows ServerMultiple stack-based buffer overflows in a Symantec ActiveX control related to the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, might allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control.
unknown
2008-02-29
9.3CVE-2007-6016
OTHER-REF
BID
SECTRACK
Symantec -- Symantec Mail Security Exchange
Symantec -- Symantec AntiVirus Network Attached Storage
Symantec -- Scan Engine
Symantec -- Symantec AntiVirus MS ISA
Symantec -- Symantec AntiVirus Messaging
Symantec -- Symantec AntiVirus Microsoft SharePoint
Symantec -- Symantec AntiVirus Clearswift
Symantec -- Symantec AntiVirus Scan Engine Caching
Symantec -- Symantec AntiVirus_Filtering Domino MPE
Symantec -- Symantec AntiVirus Scan Engine
Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).
unknown
2008-02-28
9.3CVE-2008-0308
IDEFENSE
OTHER-REF
BID
FRSIRT
SECUNIA
Symantec -- Symantec AntiVirus_Filtering Domino MPE
Symantec -- Symantec AntiVirus Network Attached Storage
Symantec -- Scan Engine
Symantec -- Symantec AntiVirus Scan Engine Messaging
Symantec -- Symantec Antivirus Scan Engine for MS ISA
Symantec -- Symantec AntiVirus Scan Engine Clearswift
Symantec -- Symantec AntiVirus Scan Engine for Microsoft SharePoint
Symantec -- Symantec Mail Security for Microsoft Exchange
Symantec -- Symantec AntiVirus Scan Engine Caching
Symantec -- Symantec AntiVirus Scan Engine
Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).
unknown
2008-02-28
8.5CVE-2008-0309
IDEFENSE
OTHER-REF
BID
FRSIRT
SECUNIA
The Sword Project -- Diatheke Front End
The Sword Project -- Sword
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an unspecified parameter.
unknown
2008-02-25
7.5CVE-2008-0932
DEBIAN
BID
SECUNIA
SECUNIA
Urulu -- UruluSQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with (1) statprt/js/request or (2) dyn/js/request in the PATH_INFO.
unknown
2008-02-29
7.5CVE-2008-0385
BUGTRAQ
BID
VideoLAN -- VLC Media PlayerThe MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
unknown
2008-02-26
9.3CVE-2008-0984
OTHER-REF
WordPress -- Photo Album pluginMultiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information.
unknown
2008-02-25
7.5CVE-2008-0939
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
WordPress -- Sniplets PluginPHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.
unknown
2008-02-28
7.5CVE-2008-1059
BUGTRAQ
MILW0RM
BID
SECUNIA
WordPress -- Sniplets PluginEval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter.
unknown
2008-02-28
7.5CVE-2008-1060
BUGTRAQ
MILW0RM
BID
SECUNIA
XOOPS -- Prayer List ModuleSQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
unknown
2008-02-25
7.5CVE-2008-0936
BUGTRAQ
BID
SECUNIA
XOOPS -- XM_MemberstatsMultiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-28
7.5CVE-2008-1065
OTHER-REF
BID
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
activepdf -- ServerHeap-based buffer overflow in the activePDF Server service (aka APServer.exe) in activePDF Server 3.8.4 and 3.8.5.14, and possibly other versions before 3.8.6.16, allows remote attackers to execute arbitrary code via a packet with a size field that is less than the actual size of the data.
unknown
2008-02-28
6.8CVE-2007-5397
OTHER-REF
SECUNIA
Alkacon -- OpenCmsCross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter.
unknown
2008-02-27
4.3CVE-2008-1045
BUGTRAQ
BID
Canon -- imagePRESS
Canon -- i-SENSYS
Canon -- imageRUNNER
The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce.
unknown
2008-02-28
6.4CVE-2008-0303
OTHER-REF
OTHER-REF
CERT-VN
BID
Double-Take Software -- Double-TakeDouble-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (CPU consumption) via a -1 value in the field that specifies the size of the vector value.
unknown
2008-02-25
5.0CVE-2008-0975
BUGTRAQ
OTHER-REF
BID
Double-Take Software -- Double-TakeDouble-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain long packet that triggers an attempt to allocate a large amount of memory.
unknown
2008-02-25
5.0CVE-2008-0977
BUGTRAQ
OTHER-REF
BID
Double-Take Software -- Double-TakeDouble-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type (1) 0x2728, which provides operating system and path information; (2) 0x274e, which lists Ethernet adapters; (3) 0x2726, which provides filesystem information; (4) 0x274f, which specifies the printer driver; or (5) 0x2757, which provides recent log entries.
unknown
2008-02-25
5.0CVE-2008-0978
BUGTRAQ
OTHER-REF
BID
DrBenHur.com -- DBHcmsPHP remote file inclusion vulnerability in mod/mod.extmanager.php in DBHcms 1.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the extmanager_install parameter.
unknown
2008-02-27
6.8CVE-2008-1038
MILW0RM
BID
Eagle Software -- Aeries Student Information SystemCross-site scripting (XSS) vulnerability in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote authenticated users to inject arbitrary web script or HTML via an event.
unknown
2008-02-25
4.3CVE-2008-0941
BUGTRAQ
BID
XF
SECUNIA
Easy Software Products -- CUPSMemory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers.
unknown
2008-02-25
5.0CVE-2008-0596
REDHAT
REDHAT
BID
SECUNIA
SECTRACK
Easy Software Products -- CUPSUse-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
unknown
2008-02-25
5.0CVE-2008-0597
REDHAT
REDHAT
BID
SECUNIA
SECTRACK
GROUP_E -- GROUP_EPHP remote file inclusion vulnerability in lib/head_auth.php in GROUP-E 1.6.41 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[PREPEND_FILE] parameter.
unknown
2008-02-28
6.8CVE-2008-1074
MILW0RM
BID
HP -- StorageWorks Double-Take
Double-Take Software -- Double-Take
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon termination) via (1) a large vector value, which raises a "vector too long" exception; or (2) a certain packet that raises an ospace/time/src\date.cpp exception.
unknown
2008-02-25
5.0CVE-2008-0974
BUGTRAQ
OTHER-REF
BID
HP -- StorageWorks Double-Take
Double-Take Software -- Double-Take
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed packet, as demonstrated by a packet of type (1) 0x2722 or (2) 0x272a.
unknown
2008-02-25
5.0CVE-2008-0976
BUGTRAQ
OTHER-REF
BID
HP -- StorageWorks Double-Take
Double-Take Software -- Double-Take
Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain packet that triggers the recursive calling of a function.
unknown
2008-02-25
5.0CVE-2008-0979
BUGTRAQ
OTHER-REF
BID
Internet Security Systems -- Internet ScannerCross-site scripting (XSS) vulnerability in the report interface in Internet Security Systems (ISS) Internet Scanner 7.0 Service Pack 2 Build 7.2.2005.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-02-28
4.3CVE-2008-1073
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Interspire -- Shopping CartCross-site scripting (XSS) vulnerability in search.php in Interspire Shopping Cart 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-28
4.3CVE-2008-1076
SECUNIA
InterVideo -- WinDVD Media CenterInterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-28
5.0CVE-2008-1062
BID
SECUNIA
IPdiva -- IPdivaThe Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and 2.3 before 2.3.2.14 stores the number of remaining allowed login attempts in a cookie, which makes it easier for remote attackers to conduct brute force attacks by manipulating this cookie's value.
unknown
2008-02-22
6.4CVE-2008-0915
BUGTRAQ
FULLDISC
BID
SECUNIA
Ipswitch -- Instant MessagingIpswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero.
unknown
2008-02-25
5.0CVE-2008-0944
BUGTRAQ
OTHER-REF
BID
SECUNIA
Ipswitch -- Instant Messaging
Ipswitch -- IMserver
Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field.
unknown
2008-02-25
4.9CVE-2008-0946
BUGTRAQ
OTHER-REF
OTHER-REF
BID
lighttpd -- lighttpdlighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
unknown
2008-02-26
5.0CVE-2008-0983
OTHER-REF
BID
FRSIRT
SECUNIA
Linux Web Shop -- php Download ManagerDirectory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter.
unknown
2008-02-27
6.8CVE-2008-1042
MILW0RM
BID
SECUNIA
XF
Maian -- CartCross-site scripting (XSS) vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-28
4.3CVE-2008-1075
SECUNIA
Matts Whois -- Matts WhoisCross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
unknown
2008-02-27
4.3CVE-2008-1041
OTHER-REF
BID
SECUNIA
NetWin -- SurgeFTPThe administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.
unknown
2008-02-27
6.4CVE-2008-1052
BUGTRAQ
OTHER-REF
BID
SECUNIA
NetWin -- SurgeMailStack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information.
unknown
2008-02-27
6.4CVE-2008-1054
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Open Source Security Information Management -- OS-SIMCross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter.
unknown
2008-02-22
4.3CVE-2008-0919
BUGTRAQ
BUGTRAQ
MILW0RM
BID
BUGTRAQ
SECUNIA
Open Source Security Information Management -- OS-SIMSQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression.
unknown
2008-02-22
6.5CVE-2008-0920
BUGTRAQ
BUGTRAQ
MILW0RM
BID
SECUNIA
Opera Software -- OperaOpera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input.
unknown
2008-02-28
6.8CVE-2008-1080
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Opera Software -- OperaOpera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties.
unknown
2008-02-28
6.8CVE-2008-1081
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Opera Software -- OperaOpera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation.
unknown
2008-02-28
4.3CVE-2008-1082
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Packeteer -- PolicyCenter
Packeteer -- PacketShaper
Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into an Error Report page.
unknown
2008-02-27
4.3CVE-2008-1037
BUGTRAQ
BID
phpProfiles -- phpProfiles_PHP remote file inclusion vulnerability in include/body_comm.inc.php in phpProfiles 4.5.2 BETA allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
unknown
2008-02-27
6.8CVE-2008-1051
MILW0RM
BID
phpQLAdmin -- phpQLAdminMultiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[path] parameter to (1) ezmlm.php and (2) tools/update_translations.php.
unknown
2008-02-28
6.8CVE-2008-1067
MILW0RM
SECUNIA
Plume CMS -- Plume CMSCross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
unknown
2008-02-27
4.3CVE-2008-1048
OTHER-REF
SECUNIA
Portail Web Php -- Portail Web PhpMultiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.php, and (3) Bleu/index.php in template/, different vectors than CVE-2008-0645.
unknown
2008-02-28
6.8CVE-2008-1068
MILW0RM
BID
Quantum Game Library -- Quantum Game LibraryMultiple PHP remote file inclusion vulnerabilities in Quantum Game Library 0.7.2c allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) server_request.php and (2) qlib/smarty.inc.php.
unknown
2008-02-28
6.8CVE-2008-1069
MILW0RM
BID
SECUNIA
XF
Quinsonnas -- Quinsonnas Mail CheckerPHP remote file inclusion vulnerability in footer.php in Quinsonnas Mail Checker 1.55 allows remote attackers to execute arbitrary PHP code via a URL in the op[footer_body] parameter.
unknown
2008-02-27
6.8CVE-2008-1046
MILW0RM
redhat -- desktop
Debian -- Debian Linux
SuSE -- SuSE Open_Enterprise_Server
SuSE -- SuSE Linux Enterprise Desktop
SuSE -- SuSE Linux
MandrakeSoft -- MandrakeSoft Corporate Server
SuSE -- open Suse
redhat -- Enterprise Linux Desktop Workstation
SuSE -- Novell Linux POS
redhat -- Enterprise Linux Desktop
rPath -- rPath Linux
SuSE -- SuSE Linux Enterprise Server
Ghostscript -- Ghostscript
redhat -- enterprise_linux
MandrakeSoft -- Mandrake Linux
SuSE -- SuSE SLE SDK
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.
unknown
2008-02-28
6.0CVE-2008-0411
OTHER-REF
DEBIAN
REDHAT
BID
S9Y -- SerendipityCross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.
unknown
2008-02-28
4.9CVE-2008-0124
OTHER-REF
OTHER-REF
BID
Smarty -- SmartyThe modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.
unknown
2008-02-28
6.4CVE-2008-1066
OTHER-REF
OTHER-REF
OTHER-REF
Spyce -- SpyceMultiple cross-site scripting (XSS) vulnerabilities in Spyce - Python Server Pages (PSP) 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the url or type parameter to docs/examples/redirect.spy; (2) the x parameter to docs/examples/handlervalidate.spy; (3) the name parameter to spyce/examples/request.spy; (4) the Name parameter to spyce/examples/getpost.spy; (5) the mytextarea parameter, the mypass parameter, or an empty parameter to spyce/examples/formtag.spy; (6) the newline parameter to the default URI under demos/chat/; (7) the text1 parameter to docs/examples/formintro.spy; or (8) the mytext or mydate parameter to docs/examples/formtag.spy.
unknown
2008-02-25
4.3CVE-2008-0980
BUGTRAQ
OTHER-REF
BID
Spyce -- SpyceOpen redirect vulnerability in spyce/examples/redirect.spy in Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
unknown
2008-02-25
6.4CVE-2008-0981
BUGTRAQ
OTHER-REF
BID
Spyce -- SpyceSpyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to obtain sensitive information via a direct request for spyce/examples/automaton.spy, which reveals the path in an error message.
unknown
2008-02-25
5.8CVE-2008-0982
BUGTRAQ
OTHER-REF
BID
Sun -- SolarisMultiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.
unknown
2008-02-25
4.7CVE-2008-0933
SUNALERT
FRSIRT
SECUNIA
BID
SECTRACK
Sun -- SolarisUnspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126.
unknown
2008-02-25
4.7CVE-2008-0938
SUNALERT
FRSIRT
SECUNIA
BID
SECTRACK
Sun -- SolarisUnspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers tobypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly.
unknown
2008-02-29
6.8CVE-2008-1095
SUNALERT
BID
FRSIRT
SECUNIA
XF
Symantec -- Backup Exec for Windows ServerA Symantec ActiveX control related to the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes multiple unsafe methods, which allows remote attackers to cause a denial of service (browser crash), or possibly overwrite or modify arbitrary files, via unspecified vectors. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control.
unknown
2008-02-29
5.1CVE-2007-6017
OTHER-REF
BID
SECTRACK
Symark -- PowerBrokerMultiple stack-based buffer overflows in Symark PowerBroker 2.8 through 5.0.1 allow local users to gain privileges via a long argv[0] string when executing (1) pbrun, (2) pbsh, or (3) pbksh. NOTE: the product is often installed in environments with trust relationships that facilitate subsequent remote compromises.
unknown
2008-02-28
6.9CVE-2008-1056
OTHER-REF
OTHER-REF
BID
SECUNIA
TikiWiki -- TikiwikiCross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-02-27
4.3CVE-2008-1047
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
VMWare -- VMWare Workstation
VMWare -- ACE
VMWare -- VMWare Player
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.
unknown
2008-02-25
6.9CVE-2008-0923
BUGTRAQ
OTHER-REF
BID
SECTRACK
WebGUI -- WebGUICross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407.
unknown
2008-02-25
4.3CVE-2008-0940
OTHER-REF
BID
SECUNIA
Wireshark -- WiresharkThe SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.
unknown
2008-02-28
4.7CVE-2008-1070
OTHER-REF
BID
SECTRACK
SECUNIA
Wireshark -- WiresharkThe SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.
unknown
2008-02-28
4.7CVE-2008-1071
OTHER-REF
BID
SECTRACK
SECUNIA
Wireshark -- WiresharkThe TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug.
unknown
2008-02-28
4.7CVE-2008-1072
OTHER-REF
BID
SECTRACK
SECUNIA
WordPress -- Sniplets PluginMultiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.
unknown
2008-02-28
4.3CVE-2008-1061
BUGTRAQ
MILW0RM
BID
SECUNIA
XF
xine -- xine-lib
xine -- xine-plugin
Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664.
unknown
2008-02-29
6.8CVE-2008-1110
MILW0RM
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
GENTOO
SECUNIA
XOOPS -- Tiny Event Module
TinyEvent -- TinyEvent
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811.
unknown
2008-02-25
6.8CVE-2008-0937
BUGTRAQ
SECUNIA
BID
XOOPS -- RMSOFT GSCross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter.
unknown
2008-02-28
6.4CVE-2008-1063
OTHER-REF
XOOPS -- Xoops RMSoft Gallery SystemCross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter.
unknown
2008-02-28
6.4CVE-2008-1064
OTHER-REF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Ipswitch -- Instant Messaging
Ipswitch -- IMserver
Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field.
unknown
2008-02-25
3.5CVE-2008-0945
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.