Vulnerability Summary for the Week of February 18, 2008

Released
Feb 25, 2008
Document ID
SB08-056

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apache Software Foundation -- mod_jk
F5 -- BIG-IP
Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
unknown
2008-02-18
7.5CVE-2007-6258
BUGTRAQ
OTHER-REF
CERT-VN
BID
FRSIRT
Apple -- iPhotoThe Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043.
unknown
2008-02-19
7.5CVE-2008-0830
MILW0RM
BID
aStats -- astatsPRO
Joomla -- com_astatspro
SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-02-20
7.5CVE-2008-0839
MILW0RM
auraCMS -- AuraCMSMultiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php.
unknown
2008-02-18
7.5CVE-2008-0811
MILW0RM
BEA Systems -- WebLogic PortalBEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.
unknown
2008-02-20
7.5CVE-2008-0870
BEA
Caroline -- CarolineUnspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors.
unknown
2008-02-19
10.0CVE-2008-0824
OTHER-REF
SECUNIA
Caroline -- CarolineSQL injection vulnerability in Claroline before 1.8.9 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2008-02-19
7.5CVE-2008-0825
OTHER-REF
SECUNIA
com_sg -- com_sgSQL injection vulnerability in the com_sg component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the pid parameter in an order task.
unknown
2008-02-18
7.5CVE-2008-0816
BUGTRAQ
BID
Dokeos -- DokeosMultiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php.
unknown
2008-02-20
7.5CVE-2008-0850
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
Drupal -- Header imageUnspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors.
unknown
2008-02-19
10.0CVE-2008-0823
OTHER-REF
BID
FRSIRT
SECUNIA
XF
e-Vision -- e-Vision CMSMultiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-20
7.5CVE-2008-0856
BID
EMC -- ReplistorMultiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and possibly earlier versions, allow remote attackers to execute arbitrary code via crafted compressed data.
unknown
2008-02-20
7.8CVE-2007-6426
IDEFENSE
freePHPgallery -- freePHPgalleryMultiple directory traversal vulnerabilities in freePHPgallery 0.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie to (1) comment.php, (2) index.php, and (3) show.php.
unknown
2008-02-19
7.5CVE-2008-0818
MILW0RM
OTHER-REF
BID
SECUNIA
jlmZone -- ClassifiedsSQL injection vulnerability in index.php in the jlmZone Classifieds module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in an Adsview action.
unknown
2008-02-21
7.5CVE-2008-0873
BUGTRAQ
MILW0RM
BID
Joomla -- com_scheduling Component
Mambo -- com_scheduling Component
SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-02-18
7.5CVE-2008-0810
BUGTRAQ
BID
Joomla -- com_mezun
Egitimhost -- com_mezun
SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task.
unknown
2008-02-18
7.5CVE-2008-0815
BUGTRAQ
BID
XF
Joomla -- Rapid RecipeMultiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidrecipe) 1.6.5 and earlier component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) user_id or (2) category_id parameter. NOTE: this might overlap CVE-2008-0754.
unknown
2008-02-20
7.5CVE-2008-0831
MILW0RM
Joomla -- Kemas Antonius com_quran
Mambo -- Kemas Antonius com_quran
SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action.
unknown
2008-02-20
7.5CVE-2008-0832
MILW0RM
Joomla -- com_galeriaSQL injection vulnerability in index.php in the com_galeria component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
unknown
2008-02-20
7.5CVE-2008-0833
MILW0RM
Joomla -- com_clasifierSQL injection vulnerability in index.php in the Classifier (com_clasifier) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
unknown
2008-02-20
7.5CVE-2008-0842
MILW0RM
Joomla -- com_pccookbookSQL injection vulnerability in index.php in the PccookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
unknown
2008-02-20
7.5CVE-2008-0844
MILW0RM
Joomla -- com_downloads
Mambo -- com_downloads
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652.
unknown
2008-02-20
7.5CVE-2008-0849
BUGTRAQ
BID
XF
Joomla -- com_detail
Mambo -- com_detail
SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
unknown
2008-02-20
7.5CVE-2008-0853
BUGTRAQ
BID
Joomla -- com_salesrep
Mambo -- com_salesrep
SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php.
unknown
2008-02-20
7.5CVE-2008-0854
BUGTRAQ
BID
XF
Joomlapixel -- Jooget
Mambo -- Mambo
Joomla -- Joomla
SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.
unknown
2008-02-19
7.5CVE-2008-0829
MILW0RM
OTHER-REF
OTHER-REF
BID
SECUNIA
Kerio -- Kerio MailServer
VisNetic -- VisNetic AntiVirus Plug-in for Mail Server
Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2008-02-20
7.5CVE-2008-0858
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Kerio -- AVG Plugin
Kerio -- Kerio MailServer
Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vectors related to null DACLs.
unknown
2008-02-20
10.0CVE-2008-0860
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Lyris -- List ManagerMultiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitrary mailing lists via unknown vectors related to modification of client-side information; and (3) allow remote authenticated administrators to modify other account data by creating "new accounts that collide with existing accounts."
unknown
2008-02-19
10.0CVE-2007-6319
BUGTRAQ
BID
Mambo -- com_filebase Component
Joomla -- com_filebase Component
SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.
unknown
2008-02-18
7.5CVE-2008-0817
BUGTRAQ
BID
Mambo -- com_ricette component
Joomla -- com_ricette component
SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-02-20
7.5CVE-2008-0841
MILW0RM
BID
Mambo -- com_profile
Joomla -- com_profile
SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter.
unknown
2008-02-20
7.5CVE-2008-0846
BUGTRAQ
BID
Mambo -- com_facileforms
Joomla -- com_facileforms
SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
unknown
2008-02-20
7.5CVE-2008-0855
BUGTRAQ
MySQL -- MySQL Community ServerMySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.
unknown
2008-02-18
7.8CVE-2007-6313
OTHER-REF
OpenCA -- OpenCA PKICross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, and possibly earlier versions, allows remote attackers to perform unauthorized actions as authorized users via a link or IMG tag to RAServer.
unknown
2008-02-18
7.5CVE-2008-0556
FULLDISC
OTHER-REF
SECUNIA
XF
OSI Codes Inc. -- PHPLiveSQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action.
unknown
2008-02-19
7.5CVE-2008-0821
MILW0RM
BID
PCRE -- PCREBuffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.
unknown
2008-02-18
7.5CVE-2008-0674
OTHER-REF
OTHER-REF
FRSIRT
PHPNuke -- BookSQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
unknown
2008-02-19
7.5CVE-2008-0827
MILW0RM
BID
PHPNuke -- Web_Links ModuleSQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.
unknown
2008-02-21
7.5CVE-2008-0879
BUGTRAQ
BID
PHPNuke -- EasyContent ModuleSQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
unknown
2008-02-21
7.5CVE-2008-0880
MILW0RM
BID
PHPNuke -- Okul ModuleSQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action.
unknown
2008-02-21
7.5CVE-2008-0881
MILW0RM
Reality -- Medias PHPizabiUnrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures.
unknown
2008-02-18
9.3CVE-2008-0805
MILW0RM
BID
FRSIRT
RunCMS -- MyAnnoncesSQL injection vulnerability in index.php in the MyAnnonces 1.7 and earlier module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
unknown
2008-02-21
7.5CVE-2008-0878
MILW0RM
FRSIRT
Simple CMS -- Simple CMSSQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter.
unknown
2008-02-20
7.5CVE-2008-0835
MILW0RM
BID
Symantec -- Veritas Storage FoundationHeap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size.
unknown
2008-02-21
9.3CVE-2008-0638
OTHER-REF
OTHER-REF
BID
SECTRACK
WoltLab -- Burning BoardSQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page.
unknown
2008-02-20
7.5CVE-2008-0857
BUGTRAQ
BID
WordPress -- Dean Logan WP-People pluginSQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter.
unknown
2008-02-20
7.5CVE-2008-0845
BUGTRAQ
XOOPS -- myTopicsSQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter.
unknown
2008-02-20
7.5CVE-2008-0847
MILW0RM
BID
XF
XOOPS -- eEmpregos ModuleSQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
unknown
2008-02-21
7.5CVE-2008-0874
BUGTRAQ
MILW0RM

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- SafariApple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420.
unknown
2008-02-21
6.8CVE-2008-0894
BUGTRAQ
OTHER-REF
ATutor -- ATutorMultiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes like style and onmouseover in (a) forum post or (b) mail; or (2) HTML tags in the website field of the profile.
unknown
2008-02-19
4.3CVE-2008-0828
BUGTRAQ
BID
BanPro -- NET BanPro DMSDirectory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the action parameter.
unknown
2008-02-18
6.4CVE-2008-0812
BUGTRAQ
BID
SECUNIA
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks.
unknown
2008-02-20
5.0CVE-2008-0863
BEA
SECTRACK
BEA Systems -- WebLogic PortalAdmin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.
unknown
2008-02-20
5.0CVE-2008-0864
BEA
BEA Systems -- WebLogic PortalUnspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors.
unknown
2008-02-20
5.0CVE-2008-0865
BEA
BEA Systems -- WebLogic WorkshopMultiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Workshop allow remote attackers to inject arbitrary web script or HTML via an invalid action URI, which is not properly handled by NetUI page flows.
unknown
2008-02-20
4.3CVE-2008-0866
BEA
BEA Systems -- AquaLogic Interaction
BEA Systems -- Plumtree Foundation
Cross-site scripting (XSS) vulnerability in the portal for BEA Plumtree Foundation 6.0 through SP1 and AquaLogic Interaction 6.1 through Maintenance Pack 1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
unknown
2008-02-20
4.3CVE-2008-0867
BEA
BEA Systems -- WebLogic PortalCross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors.
unknown
2008-02-20
4.3CVE-2008-0868
BEA
BEA Systems -- WebLogic
BEA Systems -- WebLogic Workshop
Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
unknown
2008-02-20
4.3CVE-2008-0869
BEA
Caroline -- CarolineCross-site scripting (XSS) vulnerability in Claroline before 1.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-02-19
4.3CVE-2008-0826
OTHER-REF
SECUNIA
Crafty Syntax Live Help -- Crafty Syntax Live HelpCross-site scripting (XSS) vulnerability in lostsheep.php in Crafty Syntax Live Help (CSLH) 2.4.13 and 2.4.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original researcher are likely incorrect.
unknown
2008-02-20
4.3CVE-2008-0848
BUGTRAQ
BID
XF
cups -- CUPSDouble free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information.
unknown
2008-02-21
6.4CVE-2008-0882
OTHER-REF
SECUNIA
Dokeos -- E-Learning SystemMultiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to main/admin/course_category.php, (4) message parameter to main/admin/session_list.php in a show_message action, and (5) an avatar image to main/auth/profile.php.
unknown
2008-02-20
4.3CVE-2008-0851
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
Etomite -- Etomite** DISPUTED ** Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER['PHP_INFO']. NOTE: the vendor disputes this issue in a followup, stating that the affected variable is $_SERVER['PHP_SELF'], and "This is not an Etomite specific exploit and I would like the report rescinded."
unknown
2008-02-19
4.3CVE-2008-0820
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
freeSSHd -- freeSSHdfreeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference.
unknown
2008-02-20
5.0CVE-2008-0852
OTHER-REF
BID
FRSIRT
SECUNIA
Hitachi -- EUR Print ManagerUnspecified vulnerability in Hitachi EUR Print Manager, and related Client and Local Server products, 05-06 through 05-06-/B and 05-08 allows remote attackers to cause a denial of service (service hang or termination) via unspecified vectors related to "unexpected data."
unknown
2008-02-21
6.4CVE-2008-0875
OTHER-REF
BID
FRSIRT
SECUNIA
Hitachi -- SEWB3 PLATFORM
Hitachi -- SEWB3 MI-PLATFORM
Unspecified vulnerability in the SEWB3 messaging service in Hitachi SEWB3/PLATFORM and SEWB3/MI-PLATFORM 01-00 through 02-14-/A allows remote attackers to cause a denial of service (service outage) via "invalid data."
unknown
2008-02-21
5.8CVE-2008-0876
OTHER-REF
BID
FRSIRT
SECUNIA
Horde -- Turba Contact Manager
Horde -- Groupware
Horde -- Groupware Webmail Edition
lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.
unknown
2008-02-18
4.9CVE-2008-0807
MLIST
MLIST
MLIST
MLIST
OTHER-REF
BID
SECUNIA
IBM -- Lotus QuickrCross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-02-20
4.3CVE-2008-0834
OTHER-REF
BID
SECUNIA
IBM -- Lotus QuickplaceCross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus Quickplace 7.0 allows remote attackers to inject arbitrary web script or HTML via an h_SearchString sub-parameter in the PreSetFields parameter of an EditDocument action.
unknown
2008-02-20
4.3CVE-2008-0861
OTHER-REF
BID
SECTRACK
IBM -- Lotus NotesIBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection.
unknown
2008-02-20
4.3CVE-2008-0862
OTHER-REF
FRSIRT
SECUNIA
Ikiwiki -- IkiwikiCross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.
unknown
2008-02-18
4.3CVE-2008-0808
OTHER-REF
OTHER-REF
SECUNIA
Ikiwiki -- IkiwikiCross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.
unknown
2008-02-18
4.3CVE-2008-0809
OTHER-REF
SECUNIA
Jinzora -- JinzoraMultiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php.
unknown
2008-02-21
4.3CVE-2008-0877
BUGTRAQ
SECUNIA
John Godley -- Search Unleashed
WordPress -- Search Unleashed plugin
Cross-site scripting (XSS) vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the administrator views the log file.
unknown
2008-02-20
4.3CVE-2008-0837
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
Kerio -- Kerio MailServerUnspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to decoding of uuencoded input, which triggers memory corruption.
unknown
2008-02-20
5.0CVE-2008-0859
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
NOW -- SMS_MMS GatewayMultiple stack-based buffer overflows in Now SMS/MMS Gateway 2007.06.27 and earlier allow remote attackers to execute arbitrary code via a (1) long password in an Authorization header to the HTTP service or a (2) large packet to the SMPP service.
unknown
2008-02-21
6.8CVE-2008-0871
OTHER-REF
BID
FRSIRT
SECUNIA
SmarterTools -- SmarterMailCross-site scripting (XSS) vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message.
unknown
2008-02-21
6.0CVE-2008-0872
BUGTRAQ
OTHER-REF
BID
SECUNIA
Sophos -- ES4000
Sophos -- ES1000
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page.
unknown
2008-02-20
4.3CVE-2008-0838
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
StatCounteX -- StatCounteXStatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp.
unknown
2008-02-20
6.4CVE-2008-0843
BUGTRAQ
SECUNIA
Sun -- SolarisUnspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 9 and 10 on x86 architectures allows local users to cause a denial of service (panic) via unspecified vectors that trigger a NULL pointer dereference in the vuid3ps2 module, a different issue than CVE-2007-5319.
unknown
2008-02-20
4.9CVE-2008-0836
SUNALERT
FRSIRT
SECUNIA
Symantec Veritas -- Storage FoundationThe Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via malformed packets.
unknown
2008-02-21
4.3CVE-2007-4516
IDEFENSE
OTHER-REF
BID
SECTRACK
Thecus -- N5200Pro NAS Server Control PanelPHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code via a URL in the name parameter.
unknown
2008-02-18
6.8CVE-2008-0804
MILW0RM
BID
TRUC -- TRUCDirectory traversal vulnerability in download.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the upload_filename parameter.
unknown
2008-02-18
6.4CVE-2008-0814
MILW0RM
BID
XPWeb -- XPWebDirectory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
unknown
2008-02-18
5.0CVE-2008-0813
MILW0RM
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Paul Pelzl -- wyrdwyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file.
unknown
2008-02-18
3.6CVE-2008-0806
OTHER-REF
BID
SECUNIA
PlutoStatus -- PlutoStatus LocatorDirectory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
unknown
2008-02-19
3.6CVE-2008-0819
BUGTRAQ
BID
Public Warehouse -- Light BlogDirectory traversal vulnerability in view_member.php in Public Warehouse LightBlog 9.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the username parameter.
unknown
2008-02-20
3.6CVE-2008-0840
MILW0RM
BID
Scribe -- ScribeDirectory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter.
unknown
2008-02-19
3.6CVE-2008-0822
BUGTRAQ
MILW0RM
BID

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.