Vulnerability Summary for the Week of April 14, 2008

Released
Apr 21, 2008
Document ID
SB08-112

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
724CMS -- 724CMSSQL injection vulnerability in index.php in 724Networks 724CMS 4.01 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
unknown
2008-04-16
7.5CVE-2008-1858
MILW0RM
BID
FRSIRT
BosDev -- bos_classifiedsSQL injection vulnerability in BosClassifieds Classified Ads System 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php.
unknown
2008-04-16
7.5CVE-2008-1838
MILW0RM
BID
SECUNIA
XF
Cisco -- Network Admission ControlCisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows remote attackers to obtain the shared secret for the Clean Access Server (CAS) and Clean Access Manager (CAM) by sniffing error logs.
unknown
2008-04-16
10.0CVE-2008-1155
CISCO
Clam Anti-Virus -- ClamAVHeap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
unknown
2008-04-16
7.5CVE-2008-0314
IDEFENSE
OTHER-REF
FRSIRT
Clam Anti-Virus -- ClamAVHeap-based buffer overflow in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.
unknown
2008-04-16
7.5CVE-2008-1833
IDEFENSE
OTHER-REF
FRSIRT
Comdev -- comdev_news_publisherSQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information.
unknown
2008-04-17
7.5CVE-2008-1872
MILW0RM
BID
SECUNIA
CoronaMatrix -- phpAddressBookSQL injection vulnerability in view.php in CoronaMatrix phpAddressBook 2.11 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-04-16
7.5CVE-2008-1847
MILW0RM
BID
XF
dragoon -- dragoonDirectory traversal vulnerability in forum/kietu/libs/calendrier.php in Dragoon 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cal[lng] parameter.
unknown
2008-04-15
7.5CVE-2008-1798
MILW0RM
BID
fireflymediaserver -- fireflymediaserverInteger overflow in the ws_getpostvars function in Firefly Media Server (formerly mt-daapd) 0.2.4.1 (0.9~r1696-1.2 on Debian) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a large Content-Length.
unknown
2008-04-16
7.5CVE-2008-1771
OTHER-REF
flip4mac -- flip4mac_wmvUnspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown impact and attack vectors related to malformed WMV files.
unknown
2008-04-16
9.3CVE-2007-6713
OTHER-REF
geek247 -- pigmy-sqlSQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-04-17
7.5CVE-2008-1870
MILW0RM
BID
SECUNIA
HP -- OpenView Network Node ManagerInteger signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 7.53 and earlier allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.
unknown
2008-04-16
10.0CVE-2008-1842
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
HP -- OpenView Network Node Managerovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain requests that specify a large number of sub-arguments, which triggers a NULL pointer dereference due to memory allocation failure.
unknown
2008-04-16
7.8CVE-2008-1852
OTHER-REF
BID
iscripts -- socialwareUnrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.
unknown
2008-04-15
9.0CVE-2008-1790
MILW0RM
BID
FRSIRT
iscripts -- socialwareSQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
unknown
2008-04-16
7.5CVE-2008-1859
MILW0RM
BID
FRSIRT
JDEdwards -- EnterpriseOne
Oracle -- PeopleSoft Enterprise
Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.19, 8.48.16, and 8.49.09 has unknown impact and remote authenticated attack vectors, aka PSE01.
unknown
2008-04-16
9.0CVE-2008-1828
OTHER-REF
SECTRACK
JDEdwards -- EnterpriseOne
Oracle -- peoplesoft_hcm_eperformance
Unspecified vulnerability in the PeopleSoft HCM ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 and 9.0 has unknown impact and local attack vectors, aka PSE03.
unknown
2008-04-16
9.0CVE-2008-1830
OTHER-REF
SECTRACK
libpng -- libpnglibpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
unknown
2008-04-14
7.5CVE-2008-1382
OTHER-REF
OTHER-REF
SECUNIA
BUGTRAQ
BID
SECTRACK
GENTOO
FRSIRT
SECUNIA
mirbsd -- mirosThe Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option.
unknown
2008-04-16
7.2CVE-2008-1845
OTHER-REF
BID
SECUNIA
XF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237.
unknown
2008-04-17
9.3CVE-2008-1380
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
SECUNIA
MyGamingLadder -- MyGamingLadderSQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the ladderid parameter.
unknown
2008-04-15
7.5CVE-2008-1791
MILW0RM
BID
FRSIRT
OpenOffice -- OpenOfficeHeap-based buffer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro file with crafted (1) Attribute or (2) Font records.
unknown
2008-04-17
9.3CVE-2007-5745
OTHER-REF
OTHER-REF
OTHER-REF
DEBIAN
REDHAT
FRSIRT
SECUNIA
OpenOffice -- OpenOffice.orgInteger underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Quattro Pro file.
unknown
2008-04-17
9.3CVE-2007-5747
OTHER-REF
OTHER-REF
OTHER-REF
DEBIAN
REDHAT
FRSIRT
SECUNIA
OpenOffice -- OpenOffice.orgHeap-based buffer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted OLE file.
unknown
2008-04-17
9.3CVE-2008-0320
OTHER-REF
DEBIAN
REDHAT
REDHAT
FRSIRT
SECUNIA
Opera Software -- OperaOpera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption.
unknown
2008-04-12
9.3CVE-2008-1762
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SUSE
SECUNIA
GENTOO
SECUNIA
Oracle -- Application ExpressUnspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors related to flows_030000.wwv_execute_immediate, aka APEX01.
unknown
2008-04-16
10.0CVE-2008-1811
OTHER-REF
SECTRACK
Oracle -- Application Server 10g
Oracle -- Database 9i
Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+; Application Server 1.0.2.2; and Enterprise Manager for AS 1.0.2.2 and Database 9.0.1.5 has unknown impact and local attack vectors, aka EM01.
unknown
2008-04-16
10.0CVE-2008-1812
OTHER-REF
SECTRACK
Oracle -- Database 10g
Oracle -- Database 9i
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password.
unknown
2008-04-16
9.0CVE-2008-1813
OTHER-REF
SECTRACK
Oracle -- Application Server 10g
Oracle -- Collaboration Suite
Oracle -- Database 10g
Oracle -- Database 9i
Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3 and 10.1.2.2; and Oracle Collaboration Suite 10.1.2; haas unknown impact and remote attack vectors, aka DB04.
unknown
2008-04-16
9.0CVE-2008-1814
OTHER-REF
SECTRACK
Oracle -- Database 10g
Oracle -- Database 11g
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to DBMS_CDC_UTILITY, aka DB02.
unknown
2008-04-16
9.0CVE-2008-1815
OTHER-REF
SECTRACK
Oracle -- Database 10gMultiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) SDO_UTIL in the Oracle Spatial component, aka DB05; or (2) fine grained auditing in the Audit component, aka DB14. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB05 is SQL injection.
unknown
2008-04-16
9.0CVE-2008-1816
OTHER-REF
OTHER-REF
SECTRACK
Oracle -- Database 10g
Oracle -- Database 9i
Oracle -- Database 11g
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown impact and remote attack vectors related to (1) SDO_IDX in the Spatial component, aka DB07; and (2) Core RDBMS, aka DB10. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB07 is SQL injection.
unknown
2008-04-16
9.0CVE-2008-1817
OTHER-REF
SECTRACK
Oracle -- Database 11gUnspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.
unknown
2008-04-16
10.0CVE-2008-1818
OTHER-REF
SECTRACK
Oracle -- Database 10g
Oracle -- Database 9i
Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09.
unknown
2008-04-16
7.2CVE-2008-1819
OTHER-REF
SECTRACK
Oracle -- Database 10g
Oracle -- Database 9i
Oracle -- Database 11g
Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11.
unknown
2008-04-16
9.0CVE-2008-1820
OTHER-REF
SECTRACK
Oracle -- Database 10g
Oracle -- Database 9i
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+, and 10.1.0.5 has unknown impact and remote attack vectors related to SYS.DBMS_AQJMS_INTERNAL, aka DB15.
unknown
2008-04-16
9.0CVE-2008-1821
OTHER-REF
SECTRACK
Oracle -- Application ExpressUnspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02.
unknown
2008-04-16
10.0CVE-2008-1822
OTHER-REF
SECTRACK
Oracle -- JInitiatorUnspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.14 has unknown impact and remote attack vectors, aka AS01.
unknown
2008-04-16
10.0CVE-2008-1823
OTHER-REF
SECTRACK
Oracle -- Application Server 10g
Oracle -- Application Server 9i
Unspecified vulnerability in the Oracle Dynamic Monitoring Service component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.3.3 has unknown impact and remote attack vectors, aka AS02.
unknown
2008-04-16
10.0CVE-2008-1824
OTHER-REF
SECTRACK
Oracle -- Application Server 9iUnspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 has unknown impact and remote attack vectors, aka AS03.
unknown
2008-04-16
10.0CVE-2008-1825
OTHER-REF
SECTRACK
Oracle -- E-Business SuiteMultiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and attack vectors related to (a) Advanced Pricing, aka (1) APP01 and (2) APP10; and (b) Applications Framework, aka (3) APP05.
unknown
2008-04-16
10.0CVE-2008-1826
OTHER-REF
SECTRACK
Oracle -- E-Business Suite 11i
Oracle -- E-Business Suite 12
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 and 12.0.4 have unknown impact and attack vectors related to (a) Advanced Pricing component, aka (1) APP02, (2) APP03, and (3) APP09; (b) Application Object Library component, aka (4) APP04, (5) APP07, and (6) APP11; (c) Applications Manager component, aka (7) APP06; (d) and Applications Technology Stack component, aka (8) APP08.
unknown
2008-04-16
10.0CVE-2008-1827
OTHER-REF
SECTRACK
Oracle -- siebel_enterpriseMultiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka (1) SEBL01, (2) SEBL02, (3) SEBL03, (4) SEBL04, (5) SEBL05, and (6) SEBL06.
unknown
2008-04-16
10.0CVE-2008-1831
OTHER-REF
SECTRACK
Pixel Motion -- Pixel Motion Blogadmin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information.
unknown
2008-04-17
7.5CVE-2008-1868
MILW0RM
FRSIRT
XF
ProZIlla -- topsitesProzilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/.
unknown
2008-04-15
10.0CVE-2008-1784
MILW0RM
FRSIRT
SECUNIA
XF
ProZIlla -- entertainersSQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information.
unknown
2008-04-15
7.5CVE-2008-1788
MILW0RM
SECUNIA
ProZIlla -- cheatsSQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-04-17
7.5CVE-2008-1863
MILW0RM
BID
FRSIRT
XF
ProZIlla -- prozilla_freelancersSQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter.
unknown
2008-04-17
7.5CVE-2008-1864
MILW0RM
BID
Red Hat -- Directory Server
redhat -- fedora_directory_server
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.
unknown
2008-04-16
10.0CVE-2008-0892
OTHER-REF
REDHAT
SECUNIA
redhat -- Directory ServerRed Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.
unknown
2008-04-16
10.0CVE-2008-0893
OTHER-REF
REDHAT
SECUNIA
Secure Computing -- webwasherUnspecified vulnerability in Secure Computing Webwasher 5.30 before build 3159 and 6.3.0 before build 3150 allows remote attackers to cause a denial of service (freeze) via a crafted URL.
unknown
2008-04-15
7.1CVE-2008-1797
BUGTRAQ
BID
SECUNIA
XF
site_sift_media -- site_sift_listingsSQL injection vulnerability in Site Sift Listings allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: this issue might be site-specific.
unknown
2008-04-17
7.5CVE-2008-1869
MILW0RM
FRSIRT
SECUNIA
xine -- xine-libStack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.
unknown
2008-04-17
7.5CVE-2008-1878
FRSIRT
MILW0RM
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
advanced_software_engineering -- chartdirectorphpdemo/viewsource.php in Advanced Software Engineering ChartDirector 4.1 allows remote attackers to read sensitive files via the file parameter.
unknown
2008-04-15
5.0CVE-2008-1782
MILW0RM
BID
FRSIRT
Apple -- SafariApple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption.
unknown
2008-04-17
6.8CVE-2008-1024
OTHER-REF
Apple -- Safari
Apple -- Apple WebKit
Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.
unknown
2008-04-17
4.3CVE-2008-1025
OTHER-REF
Apple -- SafariInteger overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow.
unknown
2008-04-17
6.8CVE-2008-1026
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECTRACK
Blackboard -- Academic SuiteMultiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.
unknown
2008-04-15
4.3CVE-2008-1795
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
XF
Clam Anti-Virus -- ClamAVClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
unknown
2008-04-16
4.3CVE-2008-1387
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
Clam Anti-Virus -- ClamAVClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
unknown
2008-04-16
5.0CVE-2008-1835
OTHER-REF
Clam Anti-Virus -- ClamAVThe rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
unknown
2008-04-16
4.3CVE-2008-1836
OTHER-REF
Clam Anti-Virus -- ClamAVlibclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
unknown
2008-04-16
5.0CVE-2008-1837
OTHER-REF
FRSIRT
comix -- comixComix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service.
unknown
2008-04-15
4.9CVE-2008-1796
FEDORA
FEDORA
Computer Associates -- Unicenter Software Delivery
Computer Associates -- Unicenter Remote Control
Computer Associates -- Desktop Management Suite
Computer Associates -- Unicenter Asset Management
Computer Associates -- unicenter_desktop_management_bundle
Computer Associates -- desktop_and_server_management
Unspecified vulnerability in the DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute abritrary code via crafted function arguments.
unknown
2008-04-16
6.8CVE-2008-1786
OTHER-REF
Coppermine -- Coppermine Photo GallerySQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.
unknown
2008-04-16
6.5CVE-2008-1840
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
Coppermine -- Coppermine Photo GallerySQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.
unknown
2008-04-16
6.8CVE-2008-1841
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
dbmail -- dbmailDBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.
unknown
2008-04-17
6.8CVE-2007-6714
MLIST
OTHER-REF
DivX -- divxdbMultiple cross-site scripting (XSS) vulnerabilities in index.php in DivXDB 2002 0.94b allow remote attackers to inject arbitrary web script or HTML via the (1) choice, (2) _page_, (3) zone_admin, (4) general_search, and (5) import parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-04-15
4.3CVE-2008-1800
BID
XF
Drupal -- flickr_moduleCross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-04-15
4.3CVE-2008-1792
OTHER-REF
SECUNIA
Drupal -- webform_moduleMultiple cross-site scripting (XSS) vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-04-15
4.3CVE-2008-1794
OTHER-REF
SECUNIA
ExBB -- ExBB ItaliaDirectory traversal vulnerability in modules/threadstop/threadstop.php in ExBB Italia 0.22 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the exbb[default_lang] parameter.
unknown
2008-04-17
6.8CVE-2008-1861
MILW0RM
BID
SECUNIA
XF
ExBB -- ExBB ItaliaExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php.
unknown
2008-04-17
6.8CVE-2008-1862
MILW0RM
SECUNIA
XF
hoffice -- smart_classified_ads
hoffice -- smart_photo_ads
hoffice -- smart_photo_ads_gold
Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Smart Classified ADS Professional, Smart Photo ADS, and Smart Photo ADS Gold allow remote attackers to inject arbitrary web script or HTML via the (1) AdNum and (2) Department parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-04-15
4.3CVE-2008-1793
SECUNIA
HP -- openview_network_node_managerDirectory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter.
unknown
2008-04-16
5.0CVE-2008-0068
BUGTRAQ
OTHER-REF
BID
HP -- OpenView Network Node Managerovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (hang) via certain requests that do not provide all required arguments.
unknown
2008-04-16
5.0CVE-2008-1851
OTHER-REF
BID
HP -- OpenView Network Node ManagerThe ovtopmd service in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (exit) by sending a 0x36 packet (exit request).
unknown
2008-04-16
4.3CVE-2008-1853
OTHER-REF
BID
IBM -- DB2 Universal Databasedb2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to overwrite arbitrary files via a symlink attack on files used for initialization.
unknown
2008-04-16
6.9CVE-2007-5664
IDEFENSE
BID
FRSIRT
SECUNIA
IBM -- DB2 Universal DatabaseStack-based buffer overflow in db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to execute arbitrary code via a long DASPROF environment variable.
unknown
2008-04-16
6.9CVE-2007-5758
IDEFENSE
BID
FRSIRT
SECUNIA
Ignite Realtime -- OpenfireConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote attackers to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages.
unknown
2008-04-11
5.0CVE-2008-1728
OTHER-REF
SECUNIA
OTHER-REF
MLIST
XF
joomlacode -- joomlaexplorerCross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter in a show_error action to index.php.
unknown
2008-04-16
4.3CVE-2008-1848
MILW0RM
BID
XF
joomlacode -- joomlaexplorerDirectory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.
unknown
2008-04-16
4.3CVE-2008-1849
MILW0RM
BID
XF
LinPHA -- LinPHAplugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
unknown
2008-04-16
5.1CVE-2008-1856
MILW0RM
BID
FRSIRT
SECUNIA
XF
lokicms -- lokicmsStatic code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter.
unknown
2008-04-17
6.8CVE-2008-1860
MILW0RM
SECUNIA
mole -- make_our_life_easyMultiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters.
unknown
2008-04-16
6.8CVE-2008-1857
MILW0RM
BID
SECUNIA
XF
Mozilla -- FirefoxMozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.
unknown
2008-04-17
4.3CVE-2007-6715
OTHER-REF
BID
Oracle -- EnterpriseOne
Oracle -- PeopleSoft Enterprise
Unspecified vulnerability in the PeopleSoft HCM Recruiting component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1 has unknown impact and local attack vectors, aka PSE02.
unknown
2008-04-16
6.8CVE-2008-1829
OTHER-REF
SECTRACK
osiaffiliate -- osiaffiliateMultiple cross-site scripting (XSS) vulnerabilities in login.php in Omnistar Interactive OSI Affiliate allow remote attackers to inject arbitrary web script or HTML via the (1) login, (2) profile, (3) profile2, and (4) ref parameters.
unknown
2008-04-16
4.3CVE-2008-1850
OTHER-REF
SECUNIA
Pixel Motion -- Pixel Motion Blogadmin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request.
unknown
2008-04-17
6.0CVE-2008-1866
MILW0RM
BID
FRSIRT
XF
Pixel Motion -- Pixel Motion BlogSQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php.
unknown
2008-04-17
6.8CVE-2008-1867
MILW0RM
BID
FRSIRT
XF
Poplar Gedcom Viewer -- Poplar Gedcom ViewerMultiple cross-site scripting (XSS) vulnerabilities in index.php in Poplar Gedcom Viewer 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) text and (2) ul parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-04-15
4.3CVE-2008-1787
OTHER-REF
BID
SECUNIA
XF
Poppler -- popplerThe CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.
unknown
2008-04-18
6.8CVE-2008-1693
DEBIAN
GENTOO
MANDRIVA
REDHAT
REDHAT
REDHAT
UBUNTU
UBUNTU
BID
SECTRACK
ProZIlla -- reviewsProzilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.
unknown
2008-04-15
5.0CVE-2008-1783
MILW0RM
BID
FRSIRT
SECUNIA
XF
ProZIlla -- top_100delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter.
unknown
2008-04-15
5.5CVE-2008-1785
MILW0RM
FRSIRT
XF
ProZIlla -- forumSQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.
unknown
2008-04-15
6.8CVE-2008-1789
MILW0RM
BID
XF
Sabros.US -- Sabros.USDirectory traversal vulnerability in thumbnails.php in sabros.us 1.75 allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.
unknown
2008-04-15
5.0CVE-2008-1799
MILW0RM
BID
SAP -- netweaverThe default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file.
unknown
2008-04-16
4.3CVE-2008-1846
BUGTRAQ
OTHER-REF
BID
SECTRACK
XF
scriptsagent -- links_directorySQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action.
unknown
2008-04-17
6.5CVE-2008-1871
MILW0RM
SECUNIA
SmarterTools -- SmarterMailUnspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-04-16
5.0CVE-2008-1854
BID
SECUNIA
snarky -- visualpicPHP remote file inclusion vulnerability in index.php in VisualPic 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[files][functions_page] parameter.
unknown
2008-04-17
6.8CVE-2008-1876
MILW0RM
FRSIRT
XF
swfdec -- swfdecswfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file.
unknown
2008-04-16
4.3CVE-2008-1834
MLIST
OTHER-REF
Terong -- advanced_web_photo_gallerySQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter.
unknown
2008-04-17
6.8CVE-2008-1875
MILW0RM
BID
SECUNIA
XF
Tru-Zone -- NukeETCross-site scripting (XSS) vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of these details are obtained from third party information.
unknown
2008-04-17
4.3CVE-2008-1873
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
VideoLAN -- VLCStack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.
unknown
2008-04-17
6.8CVE-2008-1881
BUGTRAQ
OTHER-REF
W2B -- dating_clubSQL injection vulnerability in browse.php in W2B DatingClub (aka Dating Club) allows remote attackers to execute arbitrary SQL commands via the age_to parameter in a browsebyCat action.
unknown
2008-04-16
6.8CVE-2008-1843
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
W2B -- phphotresourcesSQL injection vulnerability in cat.php in W2B phpHotResources allows remote attackers to execute arbitrary SQL commands via the kind parameter.
unknown
2008-04-16
6.8CVE-2008-1844
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
WORK system e-commerce -- WORK system e-commerceMultgiple cross-site scripting (XSS) vulnerabilities in module/main.php in WORK system e-commerce 4.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, and (3) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-04-16
4.3CVE-2008-1839
SECUNIA
xpoze -- xpoze_proSQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.05 and earlier allows remote authenticated users to execute arbitrary SQL commands via the reed parameter.
unknown
2008-04-17
6.5CVE-2008-1874
MILW0RM
BID
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
cecilia -- cecilialib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the csvers temporary file.
unknown
2008-04-16
3.3CVE-2008-1832
OTHER-REF
Debian -- tsstss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges.
unknown
2008-04-17
2.1CVE-2008-1877
OTHER-REF
McAfee -- CMAFrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274.
unknown
2008-04-16
2.6CVE-2008-1855
MILW0RM
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
OpenMosix Project -- OpenMosixStack-based buffer overflow in the msx_readnode function in libmosix.c in openmosix-tools (aka userspace-tools) in openMosix might allow local users to cause a denial of service (application crash) via a third-party program that calls this function with a long item argument. NOTE: the vendor does not provide any program that is capable of causing this overflow.
unknown
2008-04-17
1.9CVE-2008-1865
BUGTRAQ
BID
XF
OpenOffice -- OpenOfficeHeap-based buffer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted EMF file.
unknown
2008-04-17
0.0CVE-2007-5746
OTHER-REF
DEBIAN
REDHAT
REDHAT
FRSIRT
SECUNIA

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.