Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB08-196 archive

Vulnerability Summary for the Week of July 7, 2008

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
AShopSoftware -- AShop Deluxe
SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allows remote attackers to execute arbitrary SQL commands via the cat parameter.
unknown
2008-07-10
7.5CVE-2008-3136
MILW0RM
BID
barenuked -- barenuked_cms
SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the password parameter.
unknown
2008-07-10
7.5CVE-2008-3133
MILW0RM
BID
XF
blognplus -- blognplus
Multiple SQL injection vulnerabilities in index.php in BlognPlus (BURO GUN +) 2.5.5 MySQL and PostgreSQL editions allow remote attackers to execute arbitrary SQL commands via the (1) p, (2) e, (3) d, and (4) m parameters, a different vulnerability than CVE-2008-2819.
unknown
2008-07-09
7.5CVE-2008-3090
OTHER-REF
bluez -- bluez_utils
bluez -- bluez_libs
src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.
unknown
2008-07-07
7.5CVE-2008-2374
MLIST
OTHER-REF
brightcode -- brightcode_weblinks_module
Joomla -- Joomla
SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
unknown
2008-07-08
7.5CVE-2008-3083
MILW0RM
BID
XF
cms_little -- cms_little
Directory traversal vulnerability in index.php in CMS little 0.0.1 allows remote attackers to include and execute arbitrary local files, and probably remote files, via a .. (dot dot) in the template parameter.
unknown
2008-07-07
7.5CVE-2008-3036
MILW0RM
DreamLevels -- dream_pics_builder
SQL injection vulnerability in index.php in DreamPics Builder allows remote attackers to execute arbitrary SQL commands via the page parameter.
unknown
2008-07-10
7.5CVE-2008-3119
MILW0RM
efes_tech_shop -- efes_tech_shop
SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an urunler action.
unknown
2008-07-07
7.5CVE-2008-3030
MILW0RM
BID
hanghai -- high_street_5
hanghai -- hot_step
hanghai -- 5th_street
Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message.
unknown
2008-07-10
9.3CVE-2008-3116
BUGTRAQ
BID
XF
HIOX INDIA -- Banner Rotator
PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIOX Banner Rotator (HBR) 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
unknown
2008-07-10
7.5CVE-2008-3127
MILW0RM
Hussin X -- plx Web Studio Ad Trader
SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter in a redir action.
unknown
2008-07-07
7.5CVE-2008-3025
MILW0RM
ISC -- BIND
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via certain cache poisoning techniques against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability."
unknown
2008-07-08
7.5CVE-2008-1447
CISCO
DEBIAN
DEBIAN
DEBIAN
MS
UBUNTU
CERT
CERT-VN
SECTRACK
SECTRACK
XF
Joomla -- com_beamospetition
SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.
unknown
2008-07-10
7.5CVE-2008-3132
MILW0RM
BID
XF
Microsoft -- windows-nt
Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to conduct cache poisoning attacks via unknown vectors, aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
unknown
2008-07-08
9.4CVE-2008-1454
MS
Microsoft -- office_word
Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
unknown
2008-07-09
9.3CVE-2008-2244
OTHER-REF
OTHER-REF
OTHER-REF
BID
XF
Microsoft -- office_snapshot_viewer_activex
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message. NOTE: this can be leveraged for code execution by writing to a Startup folder.
unknown
2008-07-07
7.5CVE-2008-2463
OTHER-REF
CERT-VN
Microsoft -- Office Communicator
Microsoft -- visio_professional
Microsoft -- windows_live_mail
Microsoft -- sharepoint_designer
Microsoft -- Excel
Microsoft -- project_standard
Microsoft -- groove
Microsoft -- Frontpage
Microsoft -- Publisher
Microsoft -- Outlook
Microsoft -- Access
Microsoft -- visio_standard
Microsoft -- Office
Microsoft -- project_professional
Microsoft -- PowerPoint
Microsoft -- OneNote
Microsoft -- InfoPath
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
unknown
2008-07-07
7.5CVE-2008-3068
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
Mole Group -- Hotel Script
SQL injection vulnerability in index.php in Mole Group Hotel Script 1.0 allows remote attackers to execute arbitrary SQL commands via the file parameter.
unknown
2008-07-10
7.5CVE-2008-3124
MILW0RM
BID
XF
Mole Group -- Lastminute Script
SQL injection vulnerability in index.php in Mole Group Lastminute Script 4.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
unknown
2008-07-10
7.5CVE-2008-3125
MILW0RM
BID
Mole Group -- Real Estate SQL injection vulnerability in index.php in Mole Group Real Estate Script 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action.
unknown
2008-07-10
7.5 CVE-2008-3123
MILW0RM
BID
XF
Mozilla -- Thunderbird
Mozilla -- SeaMonkey
Mozilla -- Firefox
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.
unknown
2008-07-07
10.0CVE-2008-2798
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
BID
Mozilla -- Thunderbird
Mozilla -- SeaMonkey
Mozilla -- Firefox
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.
unknown
2008-07-07
10.0CVE-2008-2799
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
BID
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.
unknown
2008-07-07
7.5CVE-2008-2801
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
BID
Mozilla -- Thunderbird
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level."
unknown
2008-07-07
7.5CVE-2008-2802
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
BID
Mozilla -- Firefox
Mozilla -- SeaMonkey
Mozilla -- Thunderbird
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect.
unknown
2008-07-07
7.5CVE-2008-2806
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
BID
Mozilla -- Thunderbird
Mozilla -- SeaMonkey
Mozilla -- Firefox
The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.
unknown
2008-07-07
10.0CVE-2008-2811
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
BID
MyBB -- MyBB
Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection.
unknown
2008-07-08
7.5CVE-2008-3070
OTHER-REF
MyBB -- MyBB
Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable.
unknown
2008-07-08
7.5CVE-2008-3071
OTHER-REF
Netscape -- Certificate Management System
Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate.
unknown
2008-07-07
7.5CVE-2008-1676
OTHER-REF
BID
OneClick CMS -- OneClick CMS
SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-07-07
7.5CVE-2008-3026
MILW0RM
BID
opera -- opera
Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors.
unknown
2008-07-08
10.0CVE-2008-3079
OTHER-REF
Opera Software -- Opera
Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image.
unknown
2008-07-08
7.8CVE-2008-3078
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
PCRE -- PCRE
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.
unknown
2008-07-07
7.5CVE-2008-2371
OTHER-REF
DEBIAN
SUSE
phpmotion -- phpmotion
SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the vid parameter.
unknown
2008-07-10
7.5CVE-2008-3118
MILW0RM
BID
XF
Poppler -- poppler
The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.
unknown
2008-07-07
7.5CVE-2008-2950
BUGTRAQ
OTHER-REF
redhat -- vsftpd
Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.
unknown
2008-07-08
7.8CVE-2008-2375
MLIST
OTHER-REF
redhat -- fedora_8
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
unknown
2008-07-08
7.5CVE-2008-2376
MLIST
FEDORA
rss_aggregator -- rss_aggregator
RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php.
unknown
2008-07-07
9.3CVE-2008-3033
BUGTRAQ
BID
XF
rss_aggregator -- rss_aggregator
Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.
unknown
2008-07-07
7.5CVE-2008-3034
BUGTRAQ
BID
XF
Simple Machines -- Simple Machines Forum
Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors.
unknown
2008-07-08
7.5CVE-2008-3072
OTHER-REF
Simple Machines -- Simple Machines Forum
Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors, probably cross-site scripting (XSS), related to "use of the html-tag."
unknown
2008-07-08
7.5CVE-2008-3073
OTHER-REF
simple_php_agenda -- simple_php_agenda
Directory traversal vulnerability in index.php in Simple PHP Agenda 2.2.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
unknown
2008-07-07
7.5CVE-2008-3031
MILW0RM
BID
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors.
unknown
2008-07-09
10.0CVE-2008-3103
BID
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application.
unknown
2008-07-09
7.1CVE-2008-3105
BID
Sun -- JRE
Sun -- JDK
Sun -- SDK
Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
unknown
2008-07-09
10.0CVE-2008-3107
SUNALERT
BID
Sun -- JRE
Sun -- JDK
Sun -- SDK
Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing.
unknown
2008-07-09
10.0CVE-2008-3108
BID
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
unknown
2008-07-09
7.5CVE-2008-3109
BID
Sun -- JRE
Sun -- JDK
Sun -- SDK
Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220.
unknown
2008-07-09
10.0CVE-2008-3111
Sun -- JRE
Sun -- JDK
Sun -- SDK
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909.
unknown
2008-07-09
9.3CVE-2008-3112
Sun -- JRE
Sun -- JDK
Sun -- SDK
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.
unknown
2008-07-09
9.3CVE-2008-3113
Sun -- JRE
Sun -- JDK
Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases.
unknown
2008-07-09
7.5CVE-2008-3115
BID
SuSE -- open Suse
SQL injection vulnerability in courier-authlib in SUSE openSUSE 10.3 and 11.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2008-07-07
7.5CVE-2008-2667
SUSE
TYPO3 -- address_directory
SQL injection vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2008-07-07
7.5CVE-2008-3038
OTHER-REF
BID
XF
TYPO3 -- dam_frontend_extension
SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2008-07-07
7.5CVE-2008-3039
OTHER-REF
BID
XF
TYPO3 -- dam_frontend_extension
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Improper Error Handling."
unknown
2008-07-07
10.0CVE-2008-3042
OTHER-REF
BID
XF
TYPO3 -- wec_discussion_forum
Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types."
unknown
2008-07-07
7.5CVE-2008-3043
BID
TYPO3 -- news_calendar_extension
SQL injection vulnerability in the News Calendar (newscalendar) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2008-07-07
7.5CVE-2008-3044
OTHER-REF
BID
XF
TYPO3 -- industry_database_extension
Unspecified vulnerability in the Industry Database (aka Branchendatenbank pro_industrydb) extension 1.0.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Insufficient Verification of Data Authenticity."
unknown
2008-07-07
7.5CVE-2008-3045
BID
XF
TYPO3 -- packman_extension
Incomplete blacklist vulnerability in the Packman (kb_packman) extension 0.2.1 and earlier for TYPO3 has unknown impact and attack vectors.
unknown
2008-07-07
7.5CVE-2008-3046
BID
XF
TYPO3 -- kb_unpack_extension
Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors.
unknown
2008-07-07
7.5CVE-2008-3047
OTHER-REF
BID
XF
TYPO3 -- pdf_generator_2_extension
Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Unprotected test functionality."
unknown
2008-07-07
7.5CVE-2008-3048
OTHER-REF
XF
TYPO3 -- pdf_generator_2_extension
The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to obtain sensitive information via unspecified vectors.
unknown
2008-07-07
7.5CVE-2008-3049
OTHER-REF
XF
TYPO3 -- pinboard_extension
SQL injection vulnerability in the Pinboard extension 0.0.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2008-07-07
7.5CVE-2008-3051
XF
TYPO3 -- sql_frontend_extension
Unspecified vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to cause a denial of service via unknown vectors.
unknown
2008-07-07
7.5CVE-2008-3052
OTHER-REF
BID
XF
TYPO3 -- sql_frontend_extension
SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2008-07-07
7.5CVE-2008-3053
BID
XF
TYPO3 -- Branchenbuch extension
SQL injection vulnerability in the Branchenbuch (aka Yellow Pages o (mh_branchenbuch) extension 0.8.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2008-07-07
7.5CVE-2008-3054
OTHER-REF
XF
TYPO3 -- support_view_extension
SQL injection vulnerability in the Support view (ext_tbl) extension 0.0.102 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2008-07-07
7.5CVE-2008-3055
OTHER-REF
BID
TYPO3 -- codeon_petition_extension
SQL injection vulnerability in the Codeon Petition (cd_petition) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2008-07-07
7.5CVE-2008-3056
OTHER-REF
vangogh_web_cms -- vangogh_web_cms
SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the article_ID parameter to index.php.
unknown
2008-07-07
7.5CVE-2008-3027
MILW0RM
BID
VideoLAN -- VLC Media Player
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.
unknown
2008-07-07
9.3CVE-2008-2430
BUGTRAQ
OTHER-REF
xpoze -- xpoze_pro
SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze Pro CMS 2008) allows remote attackers to execute arbitrary SQL commands via the uid parameter.
unknown
2008-07-09
7.5CVE-2008-3089
MILW0RM
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- robohelp_server
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Help Errors log.
unknown
2008-07-09
4.3CVE-2008-2991
OTHER-REF
BID
SECTRACK
Avaya -- Messaging Storage Server
Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.
unknown
2008-07-08
6.5CVE-2008-3081
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
Catviz -- Catviz
Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta 1 allow remote attackers to execute arbitrary SQL commands via the (1) foreign_key_value paramter in the news page and (2) webpage parameter in the webpage_multi_edit form.
unknown
2008-07-10
6.4CVE-2008-3129
MILW0RM
BID
XF
commtouch -- enterprise_anti-spam_gateway
Cross-site scripting (XSS) vulnerability in UPM/English/login/login.asp in Commtouch Enterprise Anti-Spam Gateway 4 and 5 allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter.
unknown
2008-07-08
4.3CVE-2008-3082
FULLDISC
OTHER-REF
BID
Dokeos -- Dokeos
Directory traversal vulnerability in user_portal.php in Dokeos 1.8.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the include parameter.
unknown
2008-07-10
6.4CVE-2008-3120
OTHER-REF
BID
Drupal -- taxonomy_autotagger_module_for_drupal
Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-07-09
4.3CVE-2008-3091
OTHER-REF
BID
XF
Drupal -- taxonomy_autotagger_module
SQL injection vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to execute arbitrary SQL commands via unspecified vectors.
unknown
2008-07-09
6.5CVE-2008-3092
BID
XF
Drupal -- Drupal
Drupal -- organic_groups_module
The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors.
unknown
2008-07-09
4.3CVE-2008-3094
BID
Drupal -- outline_designer_module
The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each content reader's authentication level to match that of the content author, which might allow remote attackers to gain privileges.
unknown
2008-07-09
6.5CVE-2008-3096
BID
XF
FaScript -- FaName
class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation path in an error message.
unknown
2008-07-08
4.3CVE-2007-3651
OTHER-REF
FaScript -- FaName
SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328.
unknown
2008-07-08
6.8CVE-2007-3652
OTHER-REF
FaScript -- FaName
Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php.
unknown
2008-07-08
4.3CVE-2007-3653
OTHER-REF
XF
Fujitsu -- ServerView
Multiple stack-based buffer overflows in the ServerView web interface (SnmpGetMibValues.exe) in Fujitsu Siemens Computers ServerView 04.60.07 and earlier allow remote authenticated users to execute arbitrary code via a crafted URL.
unknown
2008-07-10
6.5CVE-2008-3126
FULLDISC
BID
GraphicsMagick -- GraphicsMagick
Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.
unknown
2008-07-10
5.0CVE-2008-3134
OTHER-REF
OTHER-REF
kasseler-cms -- kasseler_cms
Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to index.php, possibly related to the phpManual module.
unknown
2008-07-09
5.0CVE-2008-3087
MILW0RM
kasseler-cms -- kasseler_cms
Cross-site scripting (XSS) vulnerability in the Files module in Kasseler CMS 1.3.0 and 1.3.1 Lite allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a Category action to index.php.
unknown
2008-07-09
4.3CVE-2008-3088
MILW0RM
kernel -- linux
arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the x86_64 platform leaks task_struct references into the sys32_ptrace function, which allows local users to cause a denial of service (system crash) or have unspecified other impact via unknown vectors, possibly a use-after-free vulnerability.
unknown
2008-07-08
4.9CVE-2008-3077
MLIST
OTHER-REF
OTHER-REF
Linux -- Kernel
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
unknown
2008-07-08
4.9CVE-2008-2812
MLIST
OTHER-REF
OTHER-REF
Linux -- Kernel
The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.
unknown
2008-07-09
4.4CVE-2008-2931
MLIST
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
BID
luigi_auriemma -- soldner_secret_wars
Soldner Secret Wars 33724 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a large numeric value in a 0x80 data block.
unknown
2008-07-10
5.0CVE-2008-3135
BUGTRAQ
OTHER-REF
Microsoft -- Data Engine
Microsoft -- SQL Server Desktop Engine
Microsoft -- sql_server
Microsoft SQL Server 7.0 SP4, 2000 SP4, 2005 SP2, Microsoft Data Engine (MSDE) 1.0 SP4, SQL Server 2000 Desktop Engine (MSDE 2000) SP4, and 2005 Express Edition SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.
unknown
2008-07-08
5.0CVE-2008-0085
MS
Microsoft -- sql_server_desktop_engine
Microsoft -- data_engine
Microsoft -- sql_server_express_edition
Microsoft -- sql_server
Buffer overflow in the convert function in Microsoft SQL Server 7.0 SP4, 2000 SP4, 2005 SP2, Microsoft Data Engine (MSDE) 1.0 SP4, SQL Server 2000 Desktop Engine (MSDE 2000) SP4, and 2005 Express Edition SP2 allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
unknown
2008-07-08
6.5CVE-2008-0086
MS
Microsoft -- sql_server_desktop_engine
Microsoft -- data_engine
Microsoft -- sql_server_express_edition
Microsoft -- sql_server
Buffer overflow in Microsoft SQL Server 7.0 SP4, 2000 SP4, 2005 SP2, Microsoft Data Engine (MSDE) 1.0 SP4, SQL Server 2000 Desktop Engine (MSDE 2000) SP4, and 2005 Express Edition SP2 allows remote authenticated users to execute arbitrary code via a crafted insert statement.
unknown
2008-07-08
6.5CVE-2008-0106
MS
Microsoft -- sql_server_desktop_engine
Microsoft -- data_engine
Microsoft -- sql_server_express_edition
Microsoft -- sql_server
Integer underflow in Microsoft SQL Server 7.0 SP4, 2000 SP4, 2005 SP2, Microsoft Data Engine (MSDE) 1.0 SP4, SQL Server 2000 Desktop Engine (MSDE 2000) SP4, and 2005 Express Edition SP2 allows remote authenticated users to execute arbitrary code via an on-disk file with a crafted record size value, which triggers a buffer overflow, aka "SQL Server Memory Corruption Vulnerability."
unknown
2008-07-08
6.5CVE-2008-0107
MS
Microsoft -- Windows Vista
Microsoft -- Windows Server 2008
Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
unknown
2008-07-08
6.8CVE-2008-1435
MS
SECTRACK
Microsoft -- exchange_srv
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 and 2007 up to SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248.
unknown
2008-07-08
4.3CVE-2008-2247
MS
SECTRACK
XF
Microsoft -- Outlook Web Access
Microsoft -- exchange_srv
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 and 2007 up to SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.
unknown
2008-07-08
4.3CVE-2008-2248
MS
SECTRACK
XF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onreadystatechange handler in conjunction with an XMLHttpRequest.
unknown
2008-07-07
4.3CVE-2008-2800
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
BID
Mozilla -- Thunderbird
Mozilla -- SeaMonkey
Mozilla -- Firefox
The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.
unknown
2008-07-07
6.8CVE-2008-2803
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
BID
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range.
unknown
2008-07-07
5.0CVE-2008-2805
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
BID
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file.
unknown
2008-07-07
5.0CVE-2008-2807
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
BID
Mozilla -- Firefox
Ubuntu -- Linux
Mozilla -- SeaMonkey
Mozilla -- Thunderbird
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.
unknown
2008-07-07
4.3CVE-2008-2808
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
BID
Mozilla -- Mozilla
Netscape -- Netscape
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
unknown
2008-07-08
4.0CVE-2008-2809
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
BID
SECTRACK
SREASON
XF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut.
unknown
2008-07-07
6.8CVE-2008-2810
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
BID
MyBB -- MyBB
Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php.
unknown
2008-07-08
4.3CVE-2008-3069
OTHER-REF
OTHER-REF
myWebland -- myBloggie
Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php.
unknown
2008-07-08
5.1CVE-2007-1899
MILW0RM
OTHER-REF
OTHER-REF
myWebland -- myBloggie
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.
unknown
2008-07-08
5.0CVE-2007-3650
OTHER-REF
openssl -- openssl
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
unknown
2008-07-10
5.0CVE-2008-1678
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
GENTOO
phplizardo -- imperialbb
Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the Upload_Avatar parameter and sending the image/gif content type.
unknown
2008-07-09
6.5CVE-2008-3093
MILW0RM
OTHER-REF
phpmotion -- phpmotion
Unrestricted file upload vulnerability in update_profile.php in PHPmotion 2.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a .php file with a content type of (1) image/gif, (2) image/jpeg, or (3) image/pjpeg, then accessing it via a direct request to the file under pictures/.
unknown
2008-07-10
6.0CVE-2008-3117
MILW0RM
BID
XF
Pidgin -- Pidgin
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 allow remote attackers to execute arbitrary code via a malformed SLP message, a different vulnerability than CVE-2008-2955.
unknown
2008-07-07