Vulnerability Summary for the Week of May 12, 2008

Released
May 19, 2008
Document ID
SB08-140

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
CiscoCisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355.
unknown
2008-05-16
7.8CVE-2008-1748
BID
FRSIRT
SECTRACK
XF
ALAXALA -- AX_routerUnspecified vulnerability in AlaxalA AX routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
unknown
2008-05-13
7.1CVE-2008-2171
OTHER-REF
CERT-VN
BID
arubanetworks -- ArubaOSUnspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remote authenticated users to gain privileges via unknown vectors.
unknown
2008-05-16
9.0CVE-2008-2273
OTHER-REF
buyscripts -- vshare_you_tube_cloneSQL injection vulnerability in group_posts.php in vShare YouTube Clone 2.6 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
unknown
2008-05-14
7.5CVE-2008-2223
MILW0RM
castle_rock -- SNMPcStack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet.
unknown
2008-05-14
7.5CVE-2008-2214
BID
SECTRACK
XF
Century Software -- routerUnspecified vulnerability in Century routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
unknown
2008-05-13
7.1CVE-2008-2170
CERT-VN
BID
Cisco -- Unified Presence
Cisco -- Unified Presence Server
The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164.
unknown
2008-05-16
7.8CVE-2008-1158
CISCO
BID
SECTRACK
XF
Cisco -- Unified PresenceThe Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified "stress test," aka Bug ID CSCsh20972.
unknown
2008-05-16
7.8CVE-2008-1740
BID
SECTRACK
XF
Cisco -- Unified PresenceThe SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533.
unknown
2008-05-16
7.8CVE-2008-1741
BID
SECTRACK
XF
Cisco -- Unified Communications Manager
Cisco -- Unified CallManager
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770.
unknown
2008-05-16
7.8CVE-2008-1744
CISCO
BID
SECTRACK
XF
Cisco -- Unified Communications Manager
Cisco -- Unified CallManager
Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944.
unknown
2008-05-16
7.8CVE-2008-1747
CISCO
BID
SECTRACK
XF
Cisco -- cisco_content_switching_module
Cisco -- cisco_content_switching_module_SSL
Memory leak in Cisco Content Switching Module (CSM) 4.2(3) up to 4.2(8) and Cisco Content Switching Module with SSL (CSM-S) 2.1(2) up to 2.1(7) allows remote attackers to cause a denial of service (memory consumption) via TCP segments with an unspecified combination of TCP flags.
unknown
2008-05-14
7.8CVE-2008-1749
DeluxeBB -- DeluxeBBSQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.
unknown
2008-05-14
7.5CVE-2008-2194
MILW0RM
BID
Drumster -- blogme_phpSQL injection vulnerability in comments.php in Gamma Scripts BlogMe PHP 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-05-13
7.5CVE-2008-2175
MILW0RM
BID
Drupal -- Drupal
Drupal -- Site_Documentation_Module
The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database.
unknown
2008-05-16
9.3CVE-2008-2271
OTHER-REF
Emophp -- EMO Realty ManagerSQL injection vulnerability in news.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the ida parameter.
unknown
2008-05-16
7.5CVE-2008-2265
MILW0RM
BID
EQdkp -- EQdkpSQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote attackers to bypass EQdkp user authentication via the user_id parameter.
unknown
2008-05-14
7.5CVE-2008-2222
MILW0RM
BID
freelanceauction.eu -- Freelance Auction ScriptSQL injection vulnerability in browseproject.php in Freelance Auction Script 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a pdetails action.
unknown
2008-05-16
7.5CVE-2008-2278
MILW0RM
BID
XF
gamecms -- gamecms_liteSQL injection vulnerability in index.php in gameCMS Lite 1.0 allows remote attackers to execute arbitrary SQL commands via the systemId parameter.
unknown
2008-05-14
7.5CVE-2008-2225
MILW0RM
BID
XF
Hitachi -- GR4000
Hitachi -- GR3000
Hitachi -- GR2000
Avici -- router
Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
unknown
2008-05-13
7.1CVE-2008-2169
CERT-VN
BID
Hitachi -- GR2000
Hitachi -- GR3000
Hitachi -- GR4000
Unspecified vulnerability in Hitachi GR routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
unknown
2008-05-13
7.1CVE-2008-2172
OTHER-REF
CERT-VN
BID
IBM -- WebSphere Application ServerUnspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors.
unknown
2008-05-14
7.5CVE-2008-2221
AIXAPAR
BID
Interact -- InteractMultiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to modules/forum/embedforum.php and the (2) CONFIG[BASE_PATH] parameter to modules/scorm/lib.inc.php, different vectors than CVE-2006-4448.
unknown
2008-05-14
7.5CVE-2008-2220
MILW0RM
BID
XF
ITCMS -- ITCMSStatic code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter.
unknown
2008-05-14
7.5CVE-2008-2192
MILW0RM
BID
XF
Kalptaru Infotech -- Feedback and Rating ScriptSQL injection vulnerability in detail.php in Feedback and Rating Script 1.0 allows remote attackers to execute arbitrary SQL commands via the listingid parameter.
unknown
2008-05-16
7.5CVE-2008-2277
MILW0RM
BID
XF
Kevin Ludlow -- AustinSmoke GasTrackerAustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers to bypass authentication and gain privileges by setting the gastracker_admin cookie to TRUE.
unknown
2008-05-16
7.5CVE-2008-2269
MILW0RM
BID
Links_Pile -- Automated Link Exchange PortalSQL injection vulnerability in linking.page.php in Automated Link Exchange Portal allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. NOTE: linking.page.php is commonly renamed to link.php, links.php, etc.
unknown
2008-05-16
7.5CVE-2008-2263
MILW0RM
BID
Linux -- KernelMemory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.
unknown
2008-05-16
7.8CVE-2008-2136
MLIST
OTHER-REF
BID
XF
maian_script_world -- maian_searchSQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action.
unknown
2008-05-14
7.5CVE-2008-2203
BUGTRAQ
BID
XF
maian_script_world -- maian_musicSQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action.
unknown
2008-05-14
7.5CVE-2008-2205
BUGTRAQ
BID
XF
maianscriptworld -- maian_greetingSQL injection vulnerability in index.php in Maian Greeting 2.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action.
unknown
2008-05-14
7.5CVE-2008-2208
BUGTRAQ
BID
XF
Mantis -- MantisCross-site request forgery (CSRF) vulnerability in Mantis 1.1.1 allows remote attackers to create new administrative users via user_create.
unknown
2008-05-16
9.3CVE-2008-2276
OTHER-REF
SECUNIA
Microsoft -- OfficeUnspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
unknown
2008-05-13
8.5CVE-2008-0119
BID
SECTRACK
Microsoft -- windows-ntThe I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer.
unknown
2008-05-13
7.2CVE-2008-0322
Microsoft -- Office_compatibility_pack_for_word_excel_ppt_2007
Microsoft -- Office
Microsoft -- word_viewer
Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
unknown
2008-05-13
9.3CVE-2008-1091
CERT-VN
Microsoft -- Office_compatibility_pack_for_word_excel_ppt_2007
Microsoft -- Office
Microsoft -- word_viewer
Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Word file with a malformed Cascading Style Sheet (CSS) value, related to a "memory handling error" that triggers memory corruption.
unknown
2008-05-13
9.3CVE-2008-1434
Microsoft -- windows_ceMultiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted JPEG and GIF images.
unknown
2008-05-12
9.3CVE-2008-2160
MSKB
BID
miniweb2 -- miniwebSQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php.
unknown
2008-05-14
7.5CVE-2008-2197
MILW0RM
BID
PHP-Fusion -- PHP-FusionMultiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and (2) profile.php in infusions/rank_system/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-05-14
7.5CVE-2008-2227
OTHER-REF
BID
XF
PHPWAY -- Kostenloses_LinkmanagementscriptMultiple PHP remote file inclusion vulnerabilities in PHPWAY Kostenloses Linkmanagementscript allow remote attackers to execute arbitrary PHP code via a URL in the (1) main_page_directory and (2) page_to_include parameters in template\index.php.
unknown
2008-05-16
7.5CVE-2008-2270
MILW0RM
BID
rdesktop -- rdesktopInteger signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters, which triggers a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher.
unknown
2008-05-12
9.3CVE-2008-1803
IDEFENSE
OTHER-REF
DEBIAN
BID
SECTRACK
XF
romedchim_international_srl -- online_rent_property_scriptSQL injection vulnerability in index.php in Online Rent (aka Online Rental Property Script) 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter.
unknown
2008-05-14
7.5CVE-2008-2190
BUGTRAQ
MILW0RM
BID
XF
Sarg -- Squid Analysis Report GeneratorMultiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file.
unknown
2008-05-13
7.5CVE-2008-1922
SUSE
scorpnews -- scorpnewsPHP remote file inclusion vulnerability in example.php in Thomas Gossmann ScorpNews 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
unknown
2008-05-14
7.5CVE-2008-2193
MILW0RM
BID
Sun -- SolarisMultiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors.
unknown
2008-05-12
10.0CVE-2008-2144
SUNALERT
BID
tftp -- TFTP Server SPBuffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information.
unknown
2008-05-12
10.0CVE-2008-2161
MILW0RM
BID
XF
toocharger -- smartblogSQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to execute arbitrary SQL commands via the idt parameter.
unknown
2008-05-13
7.5CVE-2008-2183
MILW0RM
BID
toocharger -- smartblogMultiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) mois, (2) an, (3) jour, and (4) id parameters to index.php, and the (5) login parameter to gestion/logon.php, different vectors than CVE-2008-2183. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-05-13
7.5CVE-2008-2184
TYPO3 -- sr_feuser_register ExtensionUnspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to execute arbitrary code and delete arbitrary files via unspecified attack vectors.
unknown
2008-05-16
7.5CVE-2008-2275
Wordnet -- WordnetStack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is used as a back end.
unknown
2008-05-12
7.5CVE-2008-2149
OTHER-REF
WordPress -- WordPresswp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current pafe from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.
unknown
2008-05-12
7.5CVE-2008-2146
OTHER-REF
OTHER-REF
xensource -- xenBuffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted shared framebuffer.
unknown
2008-05-14
7.2CVE-2008-1943
OTHER-REF
BID
SECTRACK
xensource -- xenBuffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates."
unknown
2008-05-14
7.2CVE-2008-1944
OTHER-REF
BID
SECTRACK
Xiph.Org -- libvorbisXiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.
unknown
2008-05-16
7.1CVE-2008-1419
OTHER-REF
XF
XF
Yamaha -- routerUnspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
unknown
2008-05-13
7.1CVE-2008-2173
CERT-VN
BID

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
anserv -- auction_xlSQL injection vulnerability in viewfaqs.php in AnServ Auction XL allows remote attackers to execute arbitrary SQL commands via the cat parameter.
unknown
2008-05-14
6.8CVE-2008-2189
BUGTRAQ
MILW0RM
BID
XF
Apache Software Foundation -- Apache HTTP ServerCross-site scripting (XSS) vulnerability Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
unknown
2008-05-13
4.3CVE-2008-2168
BUGTRAQ
BUGTRAQ
BUGTRAQ
BID
XF
arubanetworks -- aruba_mobility_controllerMltiple cross-site scripting (XSS) vulnerabilities in the web interface in "Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.5.x, 2.5.6.x, 3.1.1.x, 3.2.0.x, and 3.3.1.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-05-16
4.3CVE-2008-2272
OTHER-REF
C-News.fr -- C-NewsCross-site scripting (XSS) vulnerability in install.php in C-News.fr C-News 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the etape parameter.
unknown
2008-05-14
4.3CVE-2008-2219
OTHER-REF
BID
cilekyazilim -- chicomasCross-site scripting (XSS) vulnerability in index.php in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
unknown
2008-05-13
4.3CVE-2008-2186
BUGTRAQ
BID
XF
Cisco -- Unified Communications ManagerMemory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609.
unknown
2008-05-16
4.3CVE-2008-1742
CISCO
BID
SECTRACK
XF
Cisco -- Unified Communications ManagerMemory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433.
unknown
2008-05-16
4.3CVE-2008-1743
CISCO
BID
SECTRACK
XF
Cisco -- Unified Communications ManagerCisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.
unknown
2008-05-16
4.3CVE-2008-1745
CISCO
BID
SECTRACK
XF
Cisco -- Unified Communications ManagerThe SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113.
unknown
2008-05-16
4.3CVE-2008-1746
CISCO
BID
SECTRACK
XF
Cisco -- Building Broadband Service ManagerCross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
unknown
2008-05-16
4.3CVE-2008-2165
BUGTRAQ
BUGTRAQ
BID
SECTRACK
XF
CMS Made Simple -- CMS Made SimpleIncomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to execute arbitrary code by uploading a file with a name ending in (1) .jsp, (2) .php3, (3) .cgi, (4) .dhtml, (5) .phtml, (6) .php5, or (7) .jar, then accessing it via a direct request to the file in modules/FileManager/postlet/.
unknown
2008-05-16
4.3CVE-2008-2267
MILW0RM
OTHER-REF
VIM
BID
XF
cplinks -- cplinksMultiple SQL injection vulnerabilities in cpLinks 1.03, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) admin_username parameter (aka the username field) to admin/index.php and the (2) search_text and (3) search_category parameters to search.php. NOTE: some of these details are obtained from third party information.
unknown
2008-05-13
6.8CVE-2008-2180
MILW0RM
cplinks -- cplinksMultiple cross-site scripting (XSS) vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the (1) search_text and (2) search_category parameters. NOTE: the XSS reportedly occurs in a forced SQL error message. NOTE: some of these details are obtained from third party information.
unknown
2008-05-13
4.3CVE-2008-2181
MILW0RM
Cyberfolio -- CyberfolioPHP remote file inclusion vulnerability in portfolio/commentaires/derniers_commentaires.php in Cyberfolio 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rep parameter.
unknown
2008-05-14
6.8CVE-2008-2228
MILW0RM
CyrixMED -- CyrixMEDCross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4 allows remote attackers to inject arbitrary web script or HTML via the msg_erreur parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-05-16
4.3CVE-2008-2264
BID
XF
DeluxeBB -- DeluxeBBStatic code injection vulnerability in admincp.php in DeluxeBB 1.2 and earlier allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI.
unknown
2008-05-14
6.5CVE-2008-2195
MILW0RM
BID
eejj33 -- blackbookMultiple cross-site scripting (XSS) vulnerabilities in EJ3 BlackBook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) bookCopyright and (2) ver parameters to (a) footer.php, and the (3) bookName, (4) bookMetaTags, and (5) estiloCSS parameters to (b) header.php.
unknown
2008-05-13
4.3CVE-2008-2188
BUGTRAQ
BID
XF
GNU -- XEmacs
GNU -- Emacs
Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.
unknown
2008-05-12
6.8CVE-2008-2142
OTHER-REF
OTHER-REF
OTHER-REF
HP -- HP-UXUnspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors.
unknown
2008-05-13
6.8CVE-2008-0713
IBM -- Lotus QuickrCross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors."
unknown
2008-05-13
4.3CVE-2008-2163
BID
Ilient -- SysAidCross-site scripting (XSS) vulnerability in SystemList.jsp in SysAid 5.1.08 allows remote attackers to inject arbitrary web script or HTML via the searchField parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-05-13
4.3CVE-2008-2179
kkeim -- kmita_mailPHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode.php in Kmita Mail 3.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
unknown
2008-05-14
6.8CVE-2008-2199
BUGTRAQ
MILW0RM
BID
XF
kmita_tellfriend -- tellfriendPHP remote file inclusion vulnerability in kmitaadmin/kmitat/htmlcode.php in Kmita Tellfriend 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
unknown
2008-05-14
6.8CVE-2008-2198
BUGTRAQ
MILW0RM
BID
XF
LifeType -- LifeTypeCross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the searchTerms parameter in an editArticleCategories operation (aka an admin category search).
unknown
2008-05-13
4.3CVE-2008-2178
BUGTRAQ
XF
LifeType -- LifeTypeCross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the newBlogUserName parameter in an addBlogUser action, a different vector than CVE-2008-2178.
unknown
2008-05-14
4.3CVE-2008-2196
BUGTRAQ
BID
maian_script_world -- maian_weblogMultiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to admin/index.php in a blogs search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action.
unknown
2008-05-14
4.3CVE-2008-2200
BUGTRAQ
BID
XF
maian_script_world -- maian_recipeMultiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Recipe 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters.
unknown
2008-05-14
4.3CVE-2008-2201
BUGTRAQ
BID
XF
maian_script_world -- maian_uploaderMultiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action.
unknown
2008-05-14
4.3CVE-2008-2202
BUGTRAQ
BID
XF
maian_script_world -- maian_searchMultiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Search 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters.
unknown
2008-05-14
4.3CVE-2008-2204
BUGTRAQ
BID
maian_script_world -- maian_musicMultiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter in a search action to index.php, and the (2) msg_script parameter to admin/inc/footer.php.
unknown
2008-05-14
4.3CVE-2008-2206
BUGTRAQ
BID
XF
maian_script_world -- maian_galleryCross-site scripting (XSS) vulnerability in admin/index.php in Maian Gallery 2.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.
unknown
2008-05-14
4.3CVE-2008-2207
BUGTRAQ
BID
XF
maianscriptworld -- maian_greetingMultiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Greeting 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script and (2) msg_script2 parameters.
unknown
2008-05-14
4.3CVE-2008-2209
BUGTRAQ
BID
XF
maianscriptworld -- maian_supportMultiple cross-site scripting (XSS) vulnerabilities in Maian Support 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script, (2) msg_script2, and (3) msg_script3 parameters to admin/inc/footer.php; and the (4) msg_script2 parameter to admin/inc/header.php.
unknown
2008-05-14
4.3CVE-2008-2210
BUGTRAQ
BID
XF
maianscriptworld -- maian_guestbookMultiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Guestbook 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters.
unknown
2008-05-14
4.3CVE-2008-2211
BUGTRAQ
BID
XF
maianscriptworld -- maian_cartMultiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_adminheader, (2) msg_adminheader2, (3) msg_adminheader3, (4) msg_adminheader4, and unspecified other parameters to admin/inc/header.php; the (5) msg_script3 and unspecified other parameters to admin/inc/footer.php; and the (6) keywords parameter to index.php in a search action.
unknown
2008-05-14
4.3CVE-2008-2212
BUGTRAQ
BID
XF
maianscriptworld -- maian_linksMultiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Links 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters.
unknown
2008-05-14
4.3CVE-2008-2213
BUGTRAQ
BID
XF
mario_valdez -- content_management_systemDirectory traversal vulnerability in cm/graphie.php in Content Management System 0.6.1 for Phprojekt allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cm_imgpath parameter.
unknown
2008-05-14
5.0CVE-2008-2217
MILW0RM
BID
mdsjack -- mjguestCross-site scripting (XSS) vulnerability in mjguest.php in Mjguest 6.7 GT Rev.01 allows remote attackers to inject arbitrary web script or HTML via the level parameter in a redirect action, possibly involving interface/redirect.htm.php.
unknown
2008-05-13
4.3CVE-2008-2187
BUGTRAQ
BID
mdsjack -- mjguestOpen redirect vulnerability in interface/redirect.htm.php in Mjguest 6.7 GT Rev.01 allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter in a redirect action to mjguest.php. NOTE: this is user-assisted because there is a delay and a notification before redirection occurs.
unknown
2008-05-16
4.3CVE-2008-2268
BUGTRAQ
Microsoft -- antigen_for_smtp_gateway
Microsoft -- Malware Protection Engine
Microsoft -- Windows Defender
Microsoft -- antigen_for_exchange
Microsoft -- diagnostics_and_recovery_toolkit
Microsoft -- forefront_client_security
Microsoft -- Windows Live OneCare
Microsoft -- forefront_security_for_sharepoint
Microsoft -- forefront_security_for_exchange_server
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.
unknown
2008-05-13
5.0CVE-2008-1437
MS
BID
SECTRACK
Microsoft -- antigen_for_smtp_gateway
Microsoft -- Malware Protection Engine
Microsoft -- Windows Defender
Microsoft -- antigen_for_exchange
Microsoft -- diagnostics_and_recovery_toolkit
Microsoft -- forefront_client_security
Microsoft -- Windows Live OneCare
Microsoft -- forefront_security_for_sharepoint
Microsoft -- forefront_security_for_exchange_server
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.
unknown
2008-05-13
5.0CVE-2008-1438
MS
BID
SECTRACK
Nagios -- NagiosCross-site scripting (XSS) vulnerability in Nagios allows remote attackers to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2007-5624 and CVE-2008-1360.
unknown
2008-05-13
4.3CVE-2007-5803
SUSE
Nortel -- multimedia_communications_serverBuffer overflow in the Multimedia PC Client in Nortel Multimedia Communication Server (MCS) before Maintenance Release 3.5.8.3 and 4.0.25.3 allows remote attackers to cause a denial of service (crash) via a flood of "extraneous" messages, as demonstrated by the Nessus "Generic flood" denial of service plugin.
unknown
2008-05-14
5.0CVE-2008-2218
OTHER-REF
BID
openkm -- openkmUnspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information.
unknown
2008-05-14
5.0CVE-2008-2226
OTHER-REF
OpenSSL Project -- OpenSSLOpenSSL 0.9.8c-1 up to 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
unknown
2008-05-13
5.4CVE-2008-0166
BID
pbcs -- project-based_calendaring _systemMultiple directory traversal vulnerabilities in Project-Based Calendaring System (PBCS) 0.7.1-1 allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) src/yopy_sync.php and (2) system-logger/print_logs.php.
unknown
2008-05-14
5.0CVE-2008-2215
MILW0RM
BID
XF
pbcs -- project-based_calendaring _systemUnrestricted file upload vulnerability in src/yopy_upload.php in Project-Based Calendaring System (PBCS) 0.7.1 allows remote authenticated users to upload arbitrary files to tmp/uploads.
unknown
2008-05-14
6.5CVE-2008-2216
MILW0RM
BID
XF
php_directory_source -- phpdirectorysourceMultiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to show.php and the (2) login parameter to admin.php.
unknown
2008-05-13
6.8CVE-2008-2177
MILW0RM
PostNuke Software Foundation -- pnEncyclopediaSQL injection vulnerability in the pnEncyclopedia module 0.2.0 and earlier for PostNuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a display_term action to index.php.
unknown
2008-05-14
6.8CVE-2008-2191
BUGTRAQ
MILW0RM
BID
XF
QEMU -- QEMUThe drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.
unknown
2008-05-12
4.9CVE-2008-2004
MLIST
OTHER-REF
BID
XF
Sazcart -- SazcartMultiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _saz[settings][site_dir] parameter to layouts/default/header.saz.php and the (2) _saz[settings][site_url] parameter to admin/alayouts/default/pages/login.php.
unknown
2008-05-14
6.8CVE-2008-2224
MILW0RM
BID
SCRIPTPHP -- PicEngineCross-site scripting (XSS) vulnerability in admin/index.php in Script PHP PicEngine 1.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-05-16
4.3CVE-2008-2280
OTHER-REF
BID
XF
shelter_manager -- animal_shelter_managerMultiple unspecified vulnerabilities in Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 have unknown impact and attack vectors, related to "various areas where security was missing."
unknown
2008-05-13
6.5CVE-2008-2174
BID
XF
SonicWall -- e-mail_securityCross-site scripting (XSS) vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the Host header in a request to a non-existent web page, which is not properly sanitized in an error page.
unknown
2008-05-12
4.3CVE-2008-2162
FULLDISC
BID
SECTRACK
XF
Sun -- Java System Web ServerCross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp.
unknown
2008-05-13
4.3CVE-2008-2166
toocharger -- smartblogDirectory traversal vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to include arbitrary local files via directory traversal sequences in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-05-13
5.0CVE-2008-2185
TYPO3 -- TYPO3Cross-site scripting (XSS) vulnerability in the powermail extension before 1.1.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-05-13
4.3CVE-2008-2182
TYPO3 -- sr_feuser_register ExtensionCross-site scripting (XSS) vulnerability in the sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-05-16
6.8CVE-2008-2274
UUDeview -- UUDeviewuulib/uunconc.c in UUDeview 0.5.20 allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression.
unknown
2008-05-16
4.6CVE-2008-2266
MLIST
OTHER-REF
BID
VideoLAN -- VLCUntrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
unknown
2008-05-12
4.6CVE-2008-2147
OTHER-REF
OTHER-REF
xiph -- libvorbisXiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.
unknown
2008-05-16
4.3CVE-2008-2009
OTHER-REF
Xiph.Org -- libvorbisInteger overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
unknown
2008-05-16
6.8CVE-2008-1420
OTHER-REF
XF
Xiph.Org -- libvorbisInteger overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.
unknown
2008-05-16
6.8CVE-2008-1423
OTHER-REF
XF
zomp -- zomplogCross-site scripting (XSS) vulnerability in admin/category.php in Zomplog 3.8.2 allows remote attackers to inject arbitrary web script or HTML via the catname parameter.
unknown
2008-05-13
4.3CVE-2008-2176
BUGTRAQ
BID
XF
ZyXEL -- Zywall 100Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows remote attackers to inject arbitrary web script or HTML via the Referer header, which is not properly handled in a 404 Error page.
unknown
2008-05-13
4.3CVE-2008-2167
BUGTRAQ
FULLDISC
BID
SECTRACK
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
freelanceauction.eu -- Freelance Auction ScriptFreelance Auction Script 1.0 stores user passwords in plaintext in the tbl_users table, which allows attackers to gain privileges by reading the table.
unknown
2008-05-16
0.0CVE-2008-2279
MILW0RM
XF
Linux -- KernelThe utimensat system call in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service.
unknown
2008-05-12
3.6CVE-2008-2148
OTHER-REF
Microsoft -- Outlook Web AccessUnspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information.
unknown
2008-05-12
1.9CVE-2008-2143
CERT-VN
BID
XF
Microsoft -- ieMicrosoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information.
unknown
2008-05-12
2.1CVE-2008-2159
CERT-VN
BID
rPath -- appliance_platform_agentCross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL.
unknown
2008-05-12
2.6CVE-2008-2140
OTHER-REF

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.