Vulnerability Summary for the Week of April 14, 2008
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
724CMS -- 724CMS | SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
| 7.5 | CVE-2008-1858 MILW0RM BID FRSIRT | ||
BosDev -- bos_classifieds | SQL injection vulnerability in BosClassifieds Classified Ads System 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. |
| 7.5 | CVE-2008-1838 MILW0RM BID SECUNIA XF | ||
Cisco -- Network Admission Control | Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows remote attackers to obtain the shared secret for the Clean Access Server (CAS) and Clean Access Manager (CAM) by sniffing error logs. |
| 10.0 | CVE-2008-1155 CISCO | ||
Clam Anti-Virus -- ClamAV | Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value. |
| 7.5 | CVE-2008-0314 IDEFENSE OTHER-REF FRSIRT | ||
Clam Anti-Virus -- ClamAV | Heap-based buffer overflow in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary. |
| 7.5 | CVE-2008-1833 IDEFENSE OTHER-REF FRSIRT | ||
Comdev -- comdev_news_publisher | SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information. |
| 7.5 | CVE-2008-1872 MILW0RM BID SECUNIA | ||
CoronaMatrix -- phpAddressBook | SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook 2.11 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2008-1847 MILW0RM BID XF | ||
dragoon -- dragoon | Directory traversal vulnerability in forum/kietu/libs/calendrier.php in Dragoon 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cal[lng] parameter. |
| 7.5 | CVE-2008-1798 MILW0RM BID | ||
fireflymediaserver -- fireflymediaserver | Integer overflow in the ws_getpostvars function in Firefly Media Server (formerly mt-daapd) 0.2.4.1 (0.9~r1696-1.2 on Debian) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a large Content-Length. |
| 7.5 | CVE-2008-1771 OTHER-REF | ||
flip4mac -- flip4mac_wmv | Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown impact and attack vectors related to malformed WMV files. |
| 9.3 | CVE-2007-6713 OTHER-REF | ||
geek247 -- pigmy-sql | SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2008-1870 MILW0RM BID SECUNIA | ||
HP -- OpenView Network Node Manager | Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 7.53 and earlier allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow. |
| 10.0 | CVE-2008-1842 OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
HP -- OpenView Network Node Manager | ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain requests that specify a large number of sub-arguments, which triggers a NULL pointer dereference due to memory allocation failure. |
| 7.8 | CVE-2008-1852 OTHER-REF BID | ||
iscripts -- socialware | Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability. |
| 9.0 | CVE-2008-1790 MILW0RM BID FRSIRT | ||
iscripts -- socialware | SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action. |
| 7.5 | CVE-2008-1859 MILW0RM BID FRSIRT | ||
JDEdwards -- EnterpriseOne Oracle -- PeopleSoft Enterprise | Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.19, 8.48.16, and 8.49.09 has unknown impact and remote authenticated attack vectors, aka PSE01. |
| 9.0 | CVE-2008-1828 OTHER-REF SECTRACK | ||
JDEdwards -- EnterpriseOne Oracle -- peoplesoft_hcm_eperformance | Unspecified vulnerability in the PeopleSoft HCM ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 and 9.0 has unknown impact and local attack vectors, aka PSE03. |
| 9.0 | CVE-2008-1830 OTHER-REF SECTRACK | ||
libpng -- libpng | libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. |
| 7.5 | CVE-2008-1382 OTHER-REF OTHER-REF SECUNIA BUGTRAQ BID SECTRACK GENTOO FRSIRT SECUNIA | ||
mirbsd -- miros | The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option. |
| 7.2 | CVE-2008-1845 OTHER-REF BID SECUNIA XF | ||
Mozilla -- SeaMonkey Mozilla -- Firefox Mozilla -- Thunderbird | The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. |
| 9.3 | CVE-2008-1380 OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA SECUNIA | ||
MyGamingLadder -- MyGamingLadder | SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the ladderid parameter. |
| 7.5 | CVE-2008-1791 MILW0RM BID FRSIRT | ||
OpenOffice -- OpenOffice | Heap-based buffer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro file with crafted (1) Attribute or (2) Font records. |
| 9.3 | CVE-2007-5745 OTHER-REF OTHER-REF OTHER-REF DEBIAN REDHAT FRSIRT SECUNIA | ||
OpenOffice -- OpenOffice.org | Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Quattro Pro file. |
| 9.3 | CVE-2007-5747 OTHER-REF OTHER-REF OTHER-REF DEBIAN REDHAT FRSIRT SECUNIA | ||
OpenOffice -- OpenOffice.org | Heap-based buffer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted OLE file. |
| 9.3 | CVE-2008-0320 OTHER-REF DEBIAN REDHAT REDHAT FRSIRT SECUNIA | ||
Opera Software -- Opera | Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption. |
| 9.3 | CVE-2008-1762 OTHER-REF BID FRSIRT SECUNIA XF SUSE SECUNIA GENTOO SECUNIA | ||
Oracle -- Application Express | Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors related to flows_030000.wwv_execute_immediate, aka APEX01. |
| 10.0 | CVE-2008-1811 OTHER-REF SECTRACK | ||
Oracle -- Application Server 10g Oracle -- Database 9i | Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+; Application Server 1.0.2.2; and Enterprise Manager for AS 1.0.2.2 and Database 9.0.1.5 has unknown impact and local attack vectors, aka EM01. |
| 10.0 | CVE-2008-1812 OTHER-REF SECTRACK | ||
Oracle -- Database 10g Oracle -- Database 9i | Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password. |
| 9.0 | CVE-2008-1813 OTHER-REF SECTRACK | ||
Oracle -- Application Server 10g Oracle -- Collaboration Suite Oracle -- Database 10g Oracle -- Database 9i | Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3 and 10.1.2.2; and Oracle Collaboration Suite 10.1.2; haas unknown impact and remote attack vectors, aka DB04. |
| 9.0 | CVE-2008-1814 OTHER-REF SECTRACK | ||
Oracle -- Database 10g Oracle -- Database 11g | Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to DBMS_CDC_UTILITY, aka DB02. |
| 9.0 | CVE-2008-1815 OTHER-REF SECTRACK | ||
Oracle -- Database 10g | Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) SDO_UTIL in the Oracle Spatial component, aka DB05; or (2) fine grained auditing in the Audit component, aka DB14. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB05 is SQL injection. |
| 9.0 | CVE-2008-1816 OTHER-REF OTHER-REF SECTRACK | ||
Oracle -- Database 10g Oracle -- Database 9i Oracle -- Database 11g | Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown impact and remote attack vectors related to (1) SDO_IDX in the Spatial component, aka DB07; and (2) Core RDBMS, aka DB10. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB07 is SQL injection. |
| 9.0 | CVE-2008-1817 OTHER-REF SECTRACK | ||
Oracle -- Database 11g | Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08. |
| 10.0 | CVE-2008-1818 OTHER-REF SECTRACK | ||
Oracle -- Database 10g Oracle -- Database 9i | Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09. |
| 7.2 | CVE-2008-1819 OTHER-REF SECTRACK | ||
Oracle -- Database 10g Oracle -- Database 9i Oracle -- Database 11g | Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. |
| 9.0 | CVE-2008-1820 OTHER-REF SECTRACK | ||
Oracle -- Database 10g Oracle -- Database 9i | Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+, and 10.1.0.5 has unknown impact and remote attack vectors related to SYS.DBMS_AQJMS_INTERNAL, aka DB15. |
| 9.0 | CVE-2008-1821 OTHER-REF SECTRACK | ||
Oracle -- Application Express | Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02. |
| 10.0 | CVE-2008-1822 OTHER-REF SECTRACK | ||
Oracle -- JInitiator | Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.14 has unknown impact and remote attack vectors, aka AS01. |
| 10.0 | CVE-2008-1823 OTHER-REF SECTRACK | ||
Oracle -- Application Server 10g Oracle -- Application Server 9i | Unspecified vulnerability in the Oracle Dynamic Monitoring Service component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.3.3 has unknown impact and remote attack vectors, aka AS02. |
| 10.0 | CVE-2008-1824 OTHER-REF SECTRACK | ||
Oracle -- Application Server 9i | Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 has unknown impact and remote attack vectors, aka AS03. |
| 10.0 | CVE-2008-1825 OTHER-REF SECTRACK | ||
Oracle -- E-Business Suite | Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and attack vectors related to (a) Advanced Pricing, aka (1) APP01 and (2) APP10; and (b) Applications Framework, aka (3) APP05. |
| 10.0 | CVE-2008-1826 OTHER-REF SECTRACK | ||
Oracle -- E-Business Suite 11i Oracle -- E-Business Suite 12 | Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 and 12.0.4 have unknown impact and attack vectors related to (a) Advanced Pricing component, aka (1) APP02, (2) APP03, and (3) APP09; (b) Application Object Library component, aka (4) APP04, (5) APP07, and (6) APP11; (c) Applications Manager component, aka (7) APP06; (d) and Applications Technology Stack component, aka (8) APP08. |
| 10.0 | CVE-2008-1827 OTHER-REF SECTRACK | ||
Oracle -- siebel_enterprise | Multiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka (1) SEBL01, (2) SEBL02, (3) SEBL03, (4) SEBL04, (5) SEBL05, and (6) SEBL06. |
| 10.0 | CVE-2008-1831 OTHER-REF SECTRACK | ||
Pixel Motion -- Pixel Motion Blog | admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information. |
| 7.5 | CVE-2008-1868 MILW0RM FRSIRT XF | ||
ProZIlla -- topsites | Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/. |
| 10.0 | CVE-2008-1784 MILW0RM FRSIRT SECUNIA XF | ||
ProZIlla -- entertainers | SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information. |
| 7.5 | CVE-2008-1788 MILW0RM SECUNIA | ||
ProZIlla -- cheats | SQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2008-1863 MILW0RM BID FRSIRT XF | ||
ProZIlla -- prozilla_freelancers | SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter. |
| 7.5 | CVE-2008-1864 MILW0RM BID | ||
Red Hat -- Directory Server redhat -- fedora_directory_server | The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands. |
| 10.0 | CVE-2008-0892 OTHER-REF REDHAT SECUNIA | ||
redhat -- Directory Server | Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions. |
| 10.0 | CVE-2008-0893 OTHER-REF REDHAT SECUNIA | ||
Secure Computing -- webwasher | Unspecified vulnerability in Secure Computing Webwasher 5.30 before build 3159 and 6.3.0 before build 3150 allows remote attackers to cause a denial of service (freeze) via a crafted URL. |
| 7.1 | CVE-2008-1797 BUGTRAQ BID SECUNIA XF | ||
site_sift_media -- site_sift_listings | SQL injection vulnerability in Site Sift Listings allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: this issue might be site-specific. |
| 7.5 | CVE-2008-1869 MILW0RM FRSIRT SECUNIA | ||
xine -- xine-lib | Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title. |
| 7.5 | CVE-2008-1878 FRSIRT MILW0RM SECUNIA |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
advanced_software_engineering -- chartdirector | phpdemo/viewsource.php in Advanced Software Engineering ChartDirector 4.1 allows remote attackers to read sensitive files via the file parameter. |
| 5.0 | CVE-2008-1782 MILW0RM BID FRSIRT | ||
Apple -- Safari | Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. |
| 6.8 | CVE-2008-1024 OTHER-REF | ||
Apple -- Safari Apple -- Apple WebKit | Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion. |
| 4.3 | CVE-2008-1025 OTHER-REF | ||
Apple -- Safari | Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. |
| 6.8 | CVE-2008-1026 BUGTRAQ OTHER-REF OTHER-REF BID SECTRACK | ||
Blackboard -- Academic Suite | Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl. |
| 4.3 | CVE-2008-1795 BUGTRAQ OTHER-REF OTHER-REF BID SECTRACK SECUNIA XF | ||
Clam Anti-Virus -- ClamAV | ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats. |
| 4.3 | CVE-2008-1387 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF OTHER-REF FRSIRT | ||
Clam Anti-Virus -- ClamAV | ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar. |
| 5.0 | CVE-2008-1835 OTHER-REF | ||
Clam Anti-Virus -- ClamAV | The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read. |
| 4.3 | CVE-2008-1836 OTHER-REF | ||
Clam Anti-Virus -- ClamAV | libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats. |
| 5.0 | CVE-2008-1837 OTHER-REF FRSIRT | ||
comix -- comix | Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service. |
| 4.9 | CVE-2008-1796 FEDORA FEDORA | ||
Computer Associates -- Unicenter Software Delivery Computer Associates -- Unicenter Remote Control Computer Associates -- Desktop Management Suite Computer Associates -- Unicenter Asset Management Computer Associates -- unicenter_desktop_management_bundle Computer Associates -- desktop_and_server_management | Unspecified vulnerability in the DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute abritrary code via crafted function arguments. |
| 6.8 | CVE-2008-1786 OTHER-REF | ||
Coppermine -- Coppermine Photo Gallery | SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload. |
| 6.5 | CVE-2008-1840 OTHER-REF OTHER-REF BID SECUNIA XF | ||
Coppermine -- Coppermine Photo Gallery | SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable. |
| 6.8 | CVE-2008-1841 OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID SECUNIA XF | ||
dbmail -- dbmail | DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication. |
| 6.8 | CVE-2007-6714 MLIST OTHER-REF | ||
DivX -- divxdb | Multiple cross-site scripting (XSS) vulnerabilities in index.php in DivXDB 2002 0.94b allow remote attackers to inject arbitrary web script or HTML via the (1) choice, (2) _page_, (3) zone_admin, (4) general_search, and (5) import parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2008-1800 BID XF | ||
Drupal -- flickr_module | Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | CVE-2008-1792 OTHER-REF SECUNIA | ||
Drupal -- webform_module | Multiple cross-site scripting (XSS) vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | CVE-2008-1794 OTHER-REF SECUNIA | ||
ExBB -- ExBB Italia | Directory traversal vulnerability in modules/threadstop/threadstop.php in ExBB Italia 0.22 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the exbb[default_lang] parameter. |
| 6.8 | CVE-2008-1861 MILW0RM BID SECUNIA XF | ||
ExBB -- ExBB Italia | ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php. |
| 6.8 | CVE-2008-1862 MILW0RM SECUNIA XF | ||
hoffice -- smart_classified_ads hoffice -- smart_photo_ads hoffice -- smart_photo_ads_gold | Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Smart Classified ADS Professional, Smart Photo ADS, and Smart Photo ADS Gold allow remote attackers to inject arbitrary web script or HTML via the (1) AdNum and (2) Department parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2008-1793 SECUNIA | ||
HP -- openview_network_node_manager | Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter. |
| 5.0 | CVE-2008-0068 BUGTRAQ OTHER-REF BID | ||
HP -- OpenView Network Node Manager | ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (hang) via certain requests that do not provide all required arguments. |
| 5.0 | CVE-2008-1851 OTHER-REF BID | ||
HP -- OpenView Network Node Manager | The ovtopmd service in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (exit) by sending a 0x36 packet (exit request). |
| 4.3 | CVE-2008-1853 OTHER-REF BID | ||
IBM -- DB2 Universal Database | db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to overwrite arbitrary files via a symlink attack on files used for initialization. |
| 6.9 | CVE-2007-5664 IDEFENSE BID FRSIRT SECUNIA | ||
IBM -- DB2 Universal Database | Stack-based buffer overflow in db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to execute arbitrary code via a long DASPROF environment variable. |
| 6.9 | CVE-2007-5758 IDEFENSE BID FRSIRT SECUNIA | ||
Ignite Realtime -- Openfire | ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote attackers to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages. |
| 5.0 | CVE-2008-1728 OTHER-REF SECUNIA OTHER-REF MLIST XF | ||
joomlacode -- joomlaexplorer | Cross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter in a show_error action to index.php. |
| 4.3 | CVE-2008-1848 MILW0RM BID XF | ||
joomlacode -- joomlaexplorer | Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action. |
| 4.3 | CVE-2008-1849 MILW0RM BID XF | ||
LinPHA -- LinPHA | plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration. |
| 5.1 | CVE-2008-1856 MILW0RM BID FRSIRT SECUNIA XF | ||
lokicms -- lokicms | Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter. |
| 6.8 | CVE-2008-1860 MILW0RM SECUNIA | ||
mole -- make_our_life_easy | Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters. |
| 6.8 | CVE-2008-1857 MILW0RM BID SECUNIA XF | ||
Mozilla -- Firefox | Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case. |
| 4.3 | CVE-2007-6715 OTHER-REF BID | ||
Oracle -- EnterpriseOne Oracle -- PeopleSoft Enterprise | Unspecified vulnerability in the PeopleSoft HCM Recruiting component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1 has unknown impact and local attack vectors, aka PSE02. |
| 6.8 | CVE-2008-1829 OTHER-REF SECTRACK | ||
osiaffiliate -- osiaffiliate | Multiple cross-site scripting (XSS) vulnerabilities in login.php in Omnistar Interactive OSI Affiliate allow remote attackers to inject arbitrary web script or HTML via the (1) login, (2) profile, (3) profile2, and (4) ref parameters. |
| 4.3 | CVE-2008-1850 OTHER-REF SECUNIA | ||
Pixel Motion -- Pixel Motion Blog | admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request. |
| 6.0 | CVE-2008-1866 MILW0RM BID FRSIRT XF | ||
Pixel Motion -- Pixel Motion Blog | SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php. |
| 6.8 | CVE-2008-1867 MILW0RM BID FRSIRT XF | ||
Poplar Gedcom Viewer -- Poplar Gedcom Viewer | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Poplar Gedcom Viewer 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) text and (2) ul parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2008-1787 OTHER-REF BID SECUNIA XF | ||
Poppler -- poppler | The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object. |
| 6.8 | CVE-2008-1693 DEBIAN GENTOO MANDRIVA REDHAT REDHAT REDHAT UBUNTU UBUNTU BID SECTRACK | ||
ProZIlla -- reviews | Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php. |
| 5.0 | CVE-2008-1783 MILW0RM BID FRSIRT SECUNIA XF | ||
ProZIlla -- top_100 | delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter. |
| 5.5 | CVE-2008-1785 MILW0RM FRSIRT XF | ||
ProZIlla -- forum | SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter. |
| 6.8 | CVE-2008-1789 MILW0RM BID XF | ||
Sabros.US -- Sabros.US | Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter. |
| 5.0 | CVE-2008-1799 MILW0RM BID | ||
SAP -- netweaver | The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file. |
| 4.3 | CVE-2008-1846 BUGTRAQ OTHER-REF BID SECTRACK XF | ||
scriptsagent -- links_directory | SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action. |
| 6.5 | CVE-2008-1871 MILW0RM SECUNIA | ||
SmarterTools -- SmarterMail | Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.0 | CVE-2008-1854 BID SECUNIA | ||
snarky -- visualpic | PHP remote file inclusion vulnerability in index.php in VisualPic 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[files][functions_page] parameter. |
| 6.8 | CVE-2008-1876 MILW0RM FRSIRT XF | ||
swfdec -- swfdec | swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file. |
| 4.3 | CVE-2008-1834 MLIST OTHER-REF | ||
Terong -- advanced_web_photo_gallery | SQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter. |
| 6.8 | CVE-2008-1875 MILW0RM BID SECUNIA XF | ||
Tru-Zone -- NukeET | Cross-site scripting (XSS) vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of these details are obtained from third party information. |
| 4.3 | CVE-2008-1873 OTHER-REF OTHER-REF BID SECUNIA XF | ||
VideoLAN -- VLC | Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681. |
| 6.8 | CVE-2008-1881 BUGTRAQ OTHER-REF | ||
W2B -- dating_club | SQL injection vulnerability in browse.php in W2B DatingClub (aka Dating Club) allows remote attackers to execute arbitrary SQL commands via the age_to parameter in a browsebyCat action. |
| 6.8 | CVE-2008-1843 BUGTRAQ OTHER-REF BID SECUNIA XF | ||
W2B -- phphotresources | SQL injection vulnerability in cat.php in W2B phpHotResources allows remote attackers to execute arbitrary SQL commands via the kind parameter. |
| 6.8 | CVE-2008-1844 BUGTRAQ OTHER-REF BID SECUNIA XF | ||
WORK system e-commerce -- WORK system e-commerce | Multgiple cross-site scripting (XSS) vulnerabilities in module/main.php in WORK system e-commerce 4.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, and (3) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2008-1839 SECUNIA | ||
xpoze -- xpoze_pro | SQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.05 and earlier allows remote authenticated users to execute arbitrary SQL commands via the reed parameter. |
| 6.5 | CVE-2008-1874 MILW0RM BID SECUNIA |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
cecilia -- cecilia | lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the csvers temporary file. |
| 3.3 | CVE-2008-1832 OTHER-REF | ||
Debian -- tss | tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges. |
| 2.1 | CVE-2008-1877 OTHER-REF | ||
McAfee -- CMA | FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274. |
| 2.6 | CVE-2008-1855 MILW0RM OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
OpenMosix Project -- OpenMosix | Stack-based buffer overflow in the msx_readnode function in libmosix.c in openmosix-tools (aka userspace-tools) in openMosix might allow local users to cause a denial of service (application crash) via a third-party program that calls this function with a long item argument. NOTE: the vendor does not provide any program that is capable of causing this overflow. |
| 1.9 | CVE-2008-1865 BUGTRAQ BID XF | ||
OpenOffice -- OpenOffice | Heap-based buffer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted EMF file. |
| 0.0 | CVE-2007-5746 OTHER-REF DEBIAN REDHAT REDHAT FRSIRT SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.