Vulnerability Summary for the Week of February 4, 2008

Released
Feb 11, 2008
Document ID
SB08-042

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Acrobat Standard
Adobe -- Acrobat Reader
Adobe -- Acrobat 3D
Adobe -- Acrobat Professional
Multiple unspecified vulnerabilities in Adobe Reader before 8.1.2 have unknown impact and attack vectors.
unknown
2008-02-07
10.0CVE-2008-0655
OTHER-REF
BID
FRSIRT
SECUNIA
ADP -- Astanda Directory ProjectSQL injection vulnerability in detail.php in Astanda Directory Project (ADP) 1.2 and 1.3 allows remote attackers to execute arbitrary SQL commands via the link_id parameter.
unknown
2008-02-07
7.5CVE-2008-0649
MILW0RM
All Club CMS -- All Club CMSSQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
unknown
2008-02-06
7.5CVE-2008-0601
MILW0RM
Apple -- iPhotoFormat string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions.
unknown
2008-02-07
9.3CVE-2008-0043
OTHER-REF
APPLE
FRSIRT
SECTRACK
SECUNIA
Aurigma -- Image Uploader ActiveX control
MySpace -- MySpaceUploader
Stack-based buffer overflow in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.5.70 and earlier, as used in MySpace MySpaceUploader.ocx 1.0.0.4, allows remote attackers to execute arbitrary code via a long Action property.
unknown
2008-02-07
10.0CVE-2008-0659
FULLDISC
MILW0RM
OTHER-REF
OTHER-REF
CERT-VN
BID
FRSIRT
FRSIRT
SECUNIA
Azucar CMS -- Azucar CMSMultiple directory traversal vulnerabilities in Azucar CMS 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _VIEW (view) parameter to (1) index.php, (2) html/sitio/index.php, or (3) src/sistema/vistas/template/tpl_inicio.php.
unknown
2008-02-07
7.5CVE-2008-0654
BUGTRAQ
Checkpoint -- VPN-1 SecureClientThe Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials.
unknown
2008-02-07
7.2CVE-2008-0662
BUGTRAQ
OTHER-REF
BID
ChronoEngine -- ChronoFormsMultiple PHP remote file inclusion vulnerabilities in ChronoEngine ChronoForms (com_chronocontact) 2.3.5 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) PPS/File.php, (2) Writer.php, and (3) PPS.php in excelwriter/; and (4) BIFFwriter.php, (5) Workbook.php, (6) Worksheet.php, and (7) Format.php in excelwriter/Writer/.
unknown
2008-02-04
7.5CVE-2008-0567
MILW0RM
BID
DivideConcept -- VHD Web PackDirectory traversal vulnerability in index.php in DivideConcept VHD Web Pack 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
unknown
2008-02-06
7.5CVE-2008-0609
BUGTRAQ
MILW0RM
BID
SECUNIA
Drupal -- Secure Site moduleUnspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remote attackers to gain the privileges of a user who has authenticated from behind the same proxy server as the attacker.
unknown
2008-02-04
10.0CVE-2008-0568
OTHER-REF
SECUNIA
EMC -- Documentum Administrator
EMC -- Documentum WebTop
Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.
unknown
2008-02-07
10.0CVE-2008-0656
BUGTRAQ
OTHER-REF
BID
SECTRACK
SECUNIA
FaceBook -- FaceBook
Aurigma -- Image Uploader ActiveX control
FaceBook -- PhotoUploader
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.
unknown
2008-02-07
9.3CVE-2008-0660
FULLDISC
MILW0RM
OTHER-REF
CERT-VN
FRSIRT
FRSIRT
SECTRACK
SECUNIA
SECUNIA
HP -- OpenView Network Node Managerovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to cause a denial of service (crash) via a crafted TCP request that triggers an out-of-bounds memory access.
unknown
2008-02-06
7.8CVE-2008-0212
HP
BID
IDEFENSE
HP -- Virtual RoomsUnspecified vulnerability in an ActiveX control for HP Virtual Rooms (HPVR) v6 and earlier, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors.
unknown
2008-02-07
7.5CVE-2008-0213
HP
IBM -- AIXMultiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) swap, (2) swapoff, and (3) swapon programs.
unknown
2008-02-04
7.2CVE-2008-0584
OTHER-REF
AIXAPAR
AIXAPAR
FRSIRT
SECUNIA
IBM -- AIXMultiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd program in bos.clvm.enh.
unknown
2008-02-04
7.2CVE-2008-0586
OTHER-REF
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
FRSIRT
SECUNIA
IBM -- AIXBuffer overflow in the uspchrp program in devices.chrp.base.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
unknown
2008-02-04
7.2CVE-2008-0587
OTHER-REF
AIXAPAR
AIXAPAR
AIXAPAR
FRSIRT
SECUNIA
IBM -- AIXBuffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
unknown
2008-02-04
7.2CVE-2008-0588
OTHER-REF
AIXAPAR
AIXAPAR
AIXAPAR
FRSIRT
SECUNIA
Ipswitch -- WS_FTP ServerBuffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command.
unknown
2008-02-05
9.0CVE-2008-0590
BUGTRAQ
FRSIRT
SECUNIA
Joomla -- com_buslicenseSQL injection vulnerability in index.php in the buslicense (com_buslicense) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in a list action.
unknown
2008-02-04
7.5CVE-2008-0579
MILW0RM
Joomla -- com_sobi2
Sigsiu.NET -- SOBI2
Mambo -- com_sobi2
SQL injection vulnerability in index.php in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) 2.5.3 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-06
7.5CVE-2008-0607
MILW0RM
BID
Joomla -- com_downloads
Mambo -- com_downloads
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.
unknown
2008-02-07
7.5CVE-2008-0652
MILW0RM
Joomla -- com_ynewsSQL injection vulnerability in index.php in the Ynews (com_ynews) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showYNews action.
unknown
2008-02-07
7.5CVE-2008-0653
MILW0RM
KAME -- IPCompThe ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.
unknown
2008-02-07
7.8CVE-2008-0177
OTHER-REF
OTHER-REF
CERT-VN
BID
SECUNIA
SECUNIA
LightBlog -- LightBlogUnrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root directory.
unknown
2008-02-06
9.3CVE-2008-0632
BUGTRAQ
MILW0RM
OTHER-REF
SECUNIA
Linux -- KernelLinux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.
unknown
2008-02-07
7.2CVE-2008-0007
MLIST
OTHER-REF
SUSE
FRSIRT
Mambo -- Mambo
Joomla -- Joomla
Arthur Konze WebDesign -- AkoGallery
SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
unknown
2008-02-04
7.5CVE-2008-0561
MILW0RM
BID
XF
Mambo -- com_awesom
amazOOP -- Awesom
Joomla -- com_awesom
SQL injection vulnerability in index.php in the amazOOP Awesom! (com_awesom) 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task.
unknown
2008-02-06
7.5CVE-2008-0603
MILW0RM
BID
Mambo -- com_shambo2
Phil Taylor -- Shambo2
Joomla -- com_shambo2
SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter.
unknown
2008-02-06
7.5CVE-2008-0606
MILW0RM
BID
XF
MamboServer -- CatalogShopSQL injection vulnerability in index.php in the CatalogShop (com_catalogshop) 1.0b1 componenent for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
unknown
2008-02-04
7.5CVE-2008-0557
MILW0RM
XF
MamboServer -- Mambo
MamboServer -- Joomla
SQL injection vulnerability in index.php in the Restaurant (com_restaurant) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
unknown
2008-02-04
7.5CVE-2008-0562
MILW0RM
BID
XF
Moernaut -- Supercrypt
Moernaut -- LSrunasE
Geert Moernaut LSrunasE allows local users to gain privileges by obtaining the encrypted password from a batch file, and constructing a modified batch file that specifies this password in the /password switch and specifies an arbitrary program in the /command switch.
unknown
2008-02-04
7.2CVE-2008-0581
BUGTRAQ
MPlayer -- MPlayerArray index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.
unknown
2008-02-05
9.3CVE-2008-0485
BUGTRAQ
BID
FULLDISC
OTHER-REF
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Nero -- MediaPlayerBuffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file.
unknown
2008-02-06
9.3CVE-2008-0619
BUGTRAQ
MILW0RM
BID
FRSIRT
SECUNIA
Openads -- OpenadsUnspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors.
unknown
2008-02-06
7.5CVE-2008-0635
BUGTRAQ
BID
SECUNIA
ourgame.com -- GLWorld
ourgame.com -- HanGamePluginCn18_ActiveX control
Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld 2.6.1.29 (aka Lianzong Game Platform) allow remote attackers to execute arbitrary code via long arguments to the (1) hgs_startGame and (2) hgs_startNotify methods, as exploited in the wild as of February 2008. NOTE: some of these details are obtained from third party information.
unknown
2008-02-07
10.0CVE-2008-0647
OTHER-REF
FRSIRT
SECUNIA
Pedro Santana Codice -- CMSSQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-07
7.5CVE-2008-0651
BID
photokorn -- GallerySQL injection vulnerability in index.php in Photokorn Gallery 1.543 allows remote attackers to execute arbitrary SQL commands via the pic parameter in a showpic action.
unknown
2008-02-06
7.5CVE-2008-0614
MILW0RM
Portail Web Php -- Portail Web PhpMultiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) config/conf-activation.php, (2) menu/item.php, and (3) modules/conf_modules.php in admin/system/; and (4) system/login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-07
7.5CVE-2008-0645
BID
Rasterbar Software -- libtorrent
Deluge Team -- Deluge
The bdecode_recursive function in include/libtorrent/bencode.hpp in Rasterbar Software libtorrent before 0.12.1, as used in Deluge before 0.5.8.3 and other products, allows context-dependent attackers to cause a denial of service (stack exhaustion and crash) via a crafted bencoded message.
unknown
2008-02-07
7.8CVE-2008-0646
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SECUNIA
redhat -- enterprise_linux
redhat -- desktop
The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation.
unknown
2008-02-04
7.2CVE-2007-4130
OTHER-REF
REDHAT
SECUNIA
RMSOFT -- Gallery System
XOOPS -- Xoops
SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-02-06
7.5CVE-2008-0611
MILW0RM
BID
SafeNet -- IPSecDrv.sys
SafeNet -- SafeNet HighAssurance Remote
SafeNet -- SoftRemote VPN Client
IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote allows local users to gain privileges via a crafted IPSECDRV_IOCTL IOCTL request.
unknown
2008-02-04
7.2CVE-2008-0573
MILW0RM
BID
FRSIRT
SECTRACK
SECUNIA
SAP -- SAPLPD
SAP -- SAPgui
SAP -- SAPSPRINT
SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate.
unknown
2008-02-06
10.0CVE-2008-0620
BUGTRAQ
BUGTRAQ
BID
FRSIRT
SECTRACK
SECUNIA
SAP -- SAPLPD
SAP -- SAPSPRINT
SAP -- SAPgui
Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands.
unknown
2008-02-06
7.5CVE-2008-0621
BUGTRAQ
BUGTRAQ
BID
FRSIRT
SECTRACK
SECUNIA
Sejoong Namo -- NamoInstall.1 ActiveX Control
Sejoong Namo -- ActiveSquare
Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1, as used in Sejoong Namo ActiveSquare6, allows remote attackers to execute arbitrary code via a long argument to the Install method, a different vulnerability than CVE-2008-0551.
unknown
2008-02-06
7.5CVE-2008-0634
SECUNIA
Simple OS CMS -- Simple OS CMSSQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-07
7.5CVE-2008-0650
BID
Sun -- JDK
Sun -- JRE
The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.
unknown
2008-02-06
7.8CVE-2008-0628
BUGTRAQ
OTHER-REF
SUNALERT
FRSIRT
SECTRACK
SECUNIA
Sun -- JRE
Sun -- JDK
Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
unknown
2008-02-07
10.0CVE-2008-0657
SUNALERT
FRSIRT
SECUNIA
SwiftView -- ViewerMultiple stack-based buffer overflows in SwiftView Viewer before 8.3.5, as used by SwiftView and SwiftSend, allow remote attackers to execute arbitrary code via unspecified vectors to the (1) svocx.ocx ActiveX control or the (2) npsview.dll plugin for Mozilla and Firefox.
unknown
2008-02-04
10.0CVE-2007-5602
OTHER-REF
CERT-VN
BID
FRSIRT
SECUNIA
SECTRACK
Symantec -- BackupExec System RecoveryUnrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary files via unknown vectors.
unknown
2008-02-07
10.0CVE-2008-0457
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Symantec -- Ghost Solutions SuiteSymantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands on the client via ARP spoofing.
unknown
2008-02-07
10.0CVE-2008-0640
OTHER-REF
BID
Tcl_Tk -- Tcl_TkStack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image.
unknown
2008-02-07
10.0CVE-2008-0553
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
UltraVNC -- UltraVNCStack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value.
unknown
2008-02-06
9.3CVE-2008-0610
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XOOPS -- XoopsDirectory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
unknown
2008-02-06
7.5CVE-2008-0612
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
BID

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
AfterLogic -- MailBee ObjectsMultiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow remote attackers to (1) overwrite arbitrary files via the SaveToDisk method, or (2) modify files via the AddStringToFile method.
unknown
2008-02-06
4.3CVE-2008-0631
MILW0RM
BID
XF
All Club CMS -- All Club CMSDirectory traversal vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the class_name parameter.
unknown
2008-02-06
6.8CVE-2008-0602
MILW0RM
Anon Proxy Server -- Anon Proxy ServerBuffer overflow in Anon Proxy Server 0.102 and earlier, when user authentication is enabled, allows remote attackers to cause a denial of service (exception) via a user name with a large number of quotes, which triggers the overflow during escaping.
unknown
2008-02-06
6.0CVE-2008-0633
BUGTRAQ
OTHER-REF
BID
AOL -- YGP PicEditor ActiveX ControlMultiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values.
unknown
2008-02-04
4.3CVE-2007-6699
FULLDISC
FULLDISC
BID
SECTRACK
AstroSoft -- AstroSoft HelpDeskMultiple cross-site scripting (XSS) vulnerabilities in AstroSoft HelpDesk allow remote attackers to inject arbitrary web script or HTML via the (1) txtSearch parameter to operator/article/article_search_results.asp and the (2) Attach_Id parameter to operator/article/article_attachment.asp. NOTE: for vector 2, the XSS occurs in a forced SQL error message.
unknown
2008-02-06
4.3CVE-2008-0605
BUGTRAQ
BID
Contact Forms -- cForms** DISPUTED ** PHP remote file inclusion vulnerability in cforms-css.php in Oliver Seidel cforms (contactforms), a Wordpress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the tm parameter. NOTE: CVE disputes this issue for 7.3, since there is no tm parameter, and the code exits with a fatal error due to a call to an undefined function.
unknown
2008-02-04
6.8CVE-2008-0560
BUGTRAQ
VIM
Daniel M. Schurter -- DMSGuestbook
WordPress -- WordPress
Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter to wp-admin/admin.php, or the (2) messagefield parameter in the guestbook page, and the (3) title parameter in the messagearea.
unknown
2008-02-06
4.3CVE-2008-0617
BUGTRAQ
MILW0RM
BID
Daniel M. Schurter -- DMSGuestbook
WordPress -- WordPress
Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to unspecified programs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-06
4.3CVE-2008-0618
SECUNIA
DeltaScripts -- PHP LinksSQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-02-04
6.8CVE-2008-0565
MILW0RM
BID
SECUNIA
DeltaScripts -- PHP LinksPHP remote file inclusion vulnerability in includes/smarty.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_public_program parameter.
unknown
2008-02-04
6.8CVE-2008-0566
MILW0RM
BID
Drupal -- Comment Upload ModuleThe Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors.
unknown
2008-02-04
6.4CVE-2008-0569
OTHER-REF
SECUNIA
Drupal -- OpenIDThe OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers.
unknown
2008-02-04
5.0CVE-2008-0570
OTHER-REF
SECUNIA
Drupal -- Userpoints ModuleThe point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and manipulate points.
unknown
2008-02-04
4.3CVE-2008-0571
OTHER-REF
SECUNIA
Drupal -- Project Issue Tracking moduleCross-site scripting (XSS) vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors that write to summary table pages.
unknown
2008-02-04
4.3CVE-2008-0576
OTHER-REF
SECUNIA
Drupal -- Project Issue Tracking moduleThe Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal (1) does not restrict the extensions of attached files when the Upload module is enabled for issue nodes, which allows remote attackers to upload and possibly execute arbitrary files; and (2) accepts the .html extension within the bundled file-upload functionality, which allows remote attackers to upload files containing arbitrary web script or HTML.
unknown
2008-02-04
6.4CVE-2008-0577
OTHER-REF
SECUNIA
Gentoo -- xdg-utilsXdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.
unknown
2008-02-04
6.8CVE-2008-0386
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
GENTOO
BID
FRSIRT
SECTRACK
SECUNIA
SECUNIA
MANDRIVA
HP -- Select IdentityMultiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to gain access via unknown vectors.
unknown
2008-02-07
6.0CVE-2008-0214
HP
BID
IBM -- AIXsysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permissions for unspecified WebSM Remote Client files, which allows local users to "alter the behavior of" this client by overwriting these files.
unknown
2008-02-04
6.6CVE-2008-0585
OTHER-REF
AIXAPAR
FRSIRT
SECUNIA
IBM -- AIXThe ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors.
unknown
2008-02-04
4.9CVE-2008-0589
OTHER-REF
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
FRSIRT
SECTRACK
SECUNIA
Illustrate -- dBpowerAMP Audio PlayerBuffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569.
unknown
2008-02-07
6.8CVE-2008-0661
BUGTRAQ
MILW0RM
MILW0RM
BID
BID
Ipswitch -- WS_FTPThe Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823.
unknown
2008-02-06
5.0CVE-2008-0608
OTHER-REF
BID
FRSIRT
SECUNIA
Liferay -- Liferay Enterprise PortalCross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header.
unknown
2008-02-04
4.3CVE-2008-0178
OTHER-REF
CERT-VN
BID
SECUNIA
Liferay -- Liferay Enterprise PortalCross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile.
unknown
2008-02-04
4.3CVE-2008-0180
OTHER-REF
CERT-VN
BID
SECUNIA
Liferay -- Liferay Enterprise PortalCross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message.
unknown
2008-02-04
4.3CVE-2008-0181
OTHER-REF
CERT-VN
BID
SECUNIA
Liferay -- Liferay Enterprise PortalCross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message.
unknown
2008-02-04
4.3CVE-2008-0182
OTHER-REF
CERT-VN
SECUNIA
Liferay -- Liferay Enterprise PortalCross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.
unknown
2008-02-04
4.3CVE-2008-0563
OTHER-REF
MailMan -- MailManMultiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.
unknown
2008-02-04
4.3CVE-2008-0564
MLIST
OTHER-REF
BID
SECUNIA
Mindmeld -- MindmeldMultiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 allow remote attackers to execute arbitrary PHP code via a URL in the MM_GLOBALS[home] parameter to (1) acweb/admin_index.php; and (2) ask.inc.php, (3) learn.inc.php, (4) manage.inc.php, (5) mind.inc.php, and (6) sensory.inc.php in include/.
unknown
2008-02-04
6.8CVE-2008-0572
MILW0RM
MPlayer -- MPlayerBuffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r25824 allows remote user-assisted attackers to execute arbitrary code via a CDDB database entry containing a long album title.
unknown
2008-02-06
4.3CVE-2008-0629
OTHER-REF
MPlayer -- MPlayerBuffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL, which causes the buffer to be reused by the unescape code.
unknown
2008-02-06
6.8CVE-2008-0630
OTHER-REF
netpbm -- NetPBMBuffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
unknown
2008-02-07
6.8CVE-2008-0554
OTHER-REF
OTHER-REF
Nilsons Blogger -- Nilsons BloggerMultiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the permalink parameter in core.php, accessed through index.php; and (2) the thispost parameter in comments.php.
unknown
2008-02-04
5.0CVE-2008-0559
BUGTRAQ
BID
SECUNIA
OpenBSD -- Open_BSDCross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter.
unknown
2008-02-04
4.3CVE-2007-6700
BUGTRAQ
BUGTRAQ
MLIST
OTHER-REF
BID
SECUNIA
OpenSiteAdmin -- OpenSiteAdminMultiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0.9.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) indexFooter.php; and (2) DatabaseManager.php, (3) FieldManager.php, (4) Filter.php, (5) Form.php, (6) FormManager.php, (7) LoginManager.php, and (8) Filters/SingleFilter.php in scripts/classes/.
unknown
2008-02-07
6.8CVE-2008-0648
MILW0RM
BID
RaidenHTTPD -- RaidenHTTPDCross-site scripting (XSS) vulnerability in RaidenHTTPD 2.0.19 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the ulang parameter.
unknown
2008-02-06
4.3CVE-2008-0622
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Skype Technologies -- SkypeCross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler.
unknown
2008-02-04
4.3CVE-2008-0582
BUGTRAQ
OTHER-REF
BID
Skype Technologies -- SkypeCross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454.
unknown
2008-02-04
4.3CVE-2008-0583
OTHER-REF
OTHER-REF
BID
Tripwire -- Tripwire EnterpriseCross-site scripting (XSS) vulnerability in the web management login page in Tripwire Enterprise 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-02-04
4.3CVE-2008-0578
BUGTRAQ
OTHER-REF
BID
SECTRACK
SECUNIA
XF
Uniwin -- eCart ProfessionalCross-site scripting (XSS) vulnerability in Uniwin eCart Professional before 2.0.16 allows remote attackers to inject arbitrary web script or HTML via the rp parameter to cartView.asp and unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-04
4.3CVE-2008-0558
BID
SECUNIA
webSPELL -- webSPELLCross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action.
unknown
2008-02-04
4.3CVE-2008-0574
BUGTRAQ
BID
SECUNIA
XF
webSPELL -- webSPELLCross-site request forgery (CSRF) vulnerability in admin/admincenter.php in webSPELL 4.01.02 allows remote attackers to assign the superadmin privilege level to arbitrary accounts as administrators via an "update member" action.
unknown
2008-02-04
4.3CVE-2008-0575
BUGTRAQ
SECUNIA
WordPress -- WordPress
DMSGuestbook -- DMSGuestbook
Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters.
unknown
2008-02-06
4.0CVE-2008-0615
BUGTRAQ
MILW0RM
BID
SECUNIA
WordPress -- WordPress
DMSGuestbook -- DMSGuestbook
SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
unknown
2008-02-06
6.5CVE-2008-0616
BUGTRAQ
MILW0RM
XF
WordPress -- WordPressThe XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.
unknown
2008-02-07
6.4CVE-2008-0664
OTHER-REF
BID
FRSIRT
SECUNIA
XLight FTP Server -- XLight FTP ServerThe LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions.
unknown
2008-02-06
6.8CVE-2008-0604
OTHER-REF
BID
SECUNIA
XOOPS -- XoopsOpen redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.
unknown
2008-02-06
5.0CVE-2008-0613
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
Yahoo -- Yahoo Music JukeboxStack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method.
unknown
2008-02-06
4.3CVE-2008-0623
MILW0RM
MILW0RM
MILW0RM
CERT-VN
BID
SECTRACK
Yahoo -- Yahoo Music JukeboxBuffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! JukeBox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddButton method, a different vulnerability than CVE-????-????.
unknown
2008-02-06
4.3CVE-2008-0624
MILW0RM
CERT-VN
Yahoo -- Yahoo Music JukeboxBuffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in Yahoo! Music Jukebox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddBitmap method.
unknown
2008-02-06
4.3CVE-2008-0625
MILW0RM
CERT-VN
BID
SECTRACK

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Geert Moernaut -- Supercrypt
Geert Moernaut -- LSrunasE
Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering.
unknown
2008-02-04
2.1CVE-2008-0580
BUGTRAQ
Liferay -- Liferay Enterprise PortalCross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.
unknown
2008-02-04
2.6CVE-2008-0179
OTHER-REF
CERT-VN
BID
SECUNIA
Moernaut -- Supercrypt
Moernaut -- LSrunasE
Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords.
unknown
2008-02-04
2.1CVE-2007-6340
BUGTRAQ
OTHER-REF
OTHER-REF
Novell -- Novell Client for Windows
Novell -- Challenge Response Client
Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field.
unknown
2008-02-07
2.1CVE-2008-0663
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
xine -- xine-lib
MPlayer -- MPlayer
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
unknown
2008-02-05
0.0CVE-2008-0486
BUGTRAQ
OTHER-REF
BID
FULLDISC
OTHER-REF
FRSIRT
SECUNIA

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.