U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB08-070)

Vulnerability Summary for the Week of March 3, 2008

Original release date: March 10, 2008

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Vocera Communications -- wireless handsetsVocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
unknown
2008-03-03
7.1CVE-2008-1114
FULLDISC
OTHER-REF
OTHER-REF
OTHER-REF
BID
Affiliate Market -- Affiliate MarketSQL injection vulnerability in shop/detail.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-03-05
7.5CVE-2008-1177
MILW0RM
XF
Beehive Software -- SendFile.NETThe outboxWriteUnsent function in FTPThread.class in SendFile.jar for Beehive Software SendFile.NET uses hard-coded credentials for an FTP server, which allows remote attackers to gain privileges.
unknown
2008-03-04
7.5CVE-2008-1079
BUGTRAQ
BID
DESlock -- DESlockDESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, aka the "ring0 link list zero SYSTEM" vulnerability.
unknown
2008-03-04
7.2CVE-2008-1139
MILW0RM
FRSIRT
SECUNIA
DESlock -- DESlockDLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \\.\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the "ring0 SYSTEM" vulnerability.
unknown
2008-03-04
7.2CVE-2008-1140
MILW0RM
FRSIRT
SECUNIA
dream4 -- Koobi ProSQL injection vulnerability in index.php in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter in a downloads procedure.
unknown
2008-03-03
7.5CVE-2008-1122
MILW0RM
eazyPortal -- eazyPortalSQL injection vulnerability in index.php in eazyPortal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the session_vars cookie.
unknown
2008-03-03
7.5CVE-2008-1121
MILW0RM
BID
SECUNIA
freshmeat -- XWinew_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information.
unknown
2008-03-03
7.2CVE-2008-0930
OTHER-REF
SECUNIA
GNOME -- EvolutionFormat string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version: field.
unknown
2008-03-05
9.3CVE-2008-0072
OTHER-REF
DEBIAN
REDHAT
UBUNTU
BID
FRSIRT
SECUNIA
Google -- Android SDKInteger overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.
unknown
2008-03-05
7.5CVE-2008-0986
BUGTRAQ
OTHER-REF
OTHER-REF
BID
ICQ -- Mirabilis ICQFormat string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation.
unknown
2008-03-03
9.3CVE-2008-1120
OTHER-REF
BID
FRSIRT
SECUNIA
ImageMagick -- GraphicsMagick
ImageMagick -- ImageMagick
Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.
unknown
2008-03-05
9.3CVE-2008-1097
OTHER-REF
OTHER-REF
Joomla -- com_garyscookbook
Mambo -- com_garyscookbook
SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
unknown
2008-03-04
7.5CVE-2008-1137
MILW0RM
Microsoft -- Access
Microsoft -- Jet
Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026.
unknown
2008-03-06
8.5CVE-2008-1200
OTHER-REF
BID
PHP Web Scripts -- Dynamic Photo GallerySQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Photo Gallery 1.02 allows remote attackers to execute arbitrary SQL commands via the albumID parameter.
unknown
2008-03-05
7.5CVE-2008-1162
MILW0RM
OTHER-REF
BID
SECUNIA
phpArcadeScript -- phpArcadeScriptSQL injection vulnerability in index.php in phpArcadeScript 1.0 through 3.0 RC2 allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action.
unknown
2008-03-05
7.5CVE-2008-1163
MILW0RM
BID
phpComasy -- phpComasySQL injection vulnerability in index.php in phpComasy 0.8 allows remote attackers to execute arbitrary SQL commands via the mod_project_id parameter in a project_detail action.
unknown
2008-03-05
7.5CVE-2008-1164
MILW0RM
BID
Red Hat -- enterprise_linuxThe default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.
unknown
2008-03-06
7.8CVE-2008-1198
OTHER-REF
OTHER-REF
Rising Antivirus International -- Rising Web Scan ObjectInsecure method vulnerability in the Web Scan Object ActiveX control (OL2005.dll) in Rising Antivirus Online Scanner allows remote attackers to force the download and execution of arbitrary code by setting the BaseURL property and invoking the UpdateEngine method. NOTE: some of these details are obtained from third party information.
unknown
2008-03-03
9.3CVE-2008-1116
MILW0RM
BID
FRSIRT
SECUNIA
Sarg -- Squid Analysis Report GeneratorStack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information.
unknown
2008-03-05
10.0CVE-2008-1167
OTHER-REF
SECUNIA
SIMM-Comm -- SCI Photo ChatDirectory traversal vulnerability in the embedded HTTP server in SCI Photo Chat Server 3.4.9 and earlier allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot forward slash) in the GET command.
unknown
2008-03-05
7.8CVE-2008-1169
OTHER-REF
BID
FRSIRT
XF
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.
unknown
2008-03-06
8.5CVE-2008-1195
SUNALERT
SynCE -- vdccmUnspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) might allow attackers to cause a denial of service via unspecified vectors.
unknown
2008-03-04
10.0CVE-2007-6703
OTHER-REF
SynCE -- SynCEThe Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679.
unknown
2008-03-04
9.3CVE-2008-1136
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
Vocera Communications -- Vocera Communications BadgeCisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
unknown
2008-03-03
7.8CVE-2008-1113
FULLDISC
FULLDISC
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Barryvan Compo -- Barryvan Compo ManagerPHP remote file inclusion vulnerability in main.php in Barryvan Compo Manager 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the pageURL parameter.
unknown
2008-03-03
6.8CVE-2008-1126
MILW0RM
BSD Perimeter -- pfSenseCross-site scripting (XSS) vulnerability in BSD Perimeter pfSense before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-03-05
4.3CVE-2008-1182
OTHER-REF
BID
SECUNIA
Centreon -- CentreonDirectory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-03-03
5.0CVE-2008-1119
MILW0RM
OTHER-REF
BID
Centreon -- CentreonDirectory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2008-1119.
unknown
2008-03-05
6.8CVE-2008-1178
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
Centreon -- CentreonMultiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters. NOTE: some of these details are obtained from third party information.
unknown
2008-03-05
4.3CVE-2008-1179
OTHER-REF
BID
SECUNIA
XF
Crafty Syntax Live Help -- Crafty Syntax Live HelpMultiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax Live Help (CSLH) before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) livehelp.php, (2) user_questions.php, and (3) leavemessage.php. NOTE: the lostsheep.php vector is covered by CVE-2008-0848.
unknown
2008-03-05
4.3CVE-2008-1183
OTHER-REF
BID
SECUNIA
XF
Crytek -- CrysisFormat string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed.
unknown
2008-03-03
6.0CVE-2008-1127
MILW0RM
BID
Darwin -- Darwin
Cosmicperl -- Directory Pro
Navision -- Financials Server
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND.
unknown
2008-03-04
6.8CVE-2008-1146
OTHER-REF
OTHER-REF
BUGTRAQ
BID
SECUNIA
Darwin -- Darwin
Cosmicperl -- Directory Pro
Navision -- Financials Server
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting.
unknown
2008-03-04
6.8CVE-2008-1147
OTHER-REF
OTHER-REF
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
SECUNIA
Darwin -- Darwin
Cosmicperl -- Directory Pro
Navision -- Financials Server
A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting.
unknown
2008-03-04
6.8CVE-2008-1148
OTHER-REF
OTHER-REF
BUGTRAQ
BID
SECUNIA
DESlock -- DESlockDLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (system crash) via a certain ZERO_MEM DLMFENC_IOCTL request to \\.\DLKPFSD_Device, aka the "ring0 link list zero" vulnerability.
unknown
2008-03-04
4.9CVE-2008-1138
MILW0RM
FRSIRT
SECUNIA
DESlock -- DESlockMemory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (kernel memory consumption) via a series of DLMFENC_IOCTL requests to \\.\DLKPFSD_Device that allocate "link list structures."
unknown
2008-03-04
4.9CVE-2008-1141
MILW0RM
FRSIRT
SECUNIA
DNSSEC-Tools -- DNSSEC-ToolsThe DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks.
unknown
2008-03-05
5.0CVE-2008-1184
OTHER-REF
FEDORA
FEDORA
FRSIRT
SECUNIA
SECUNIA
Dovecot -- DovecotDovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
unknown
2008-03-06
4.1CVE-2008-1199
BUGTRAQ
MLIST
BID
XF
Drupal -- DrupalThe Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
unknown
2008-03-04
4.3CVE-2008-1133
OTHER-REF
BID
SECUNIA
Flicks Software -- AuthentixCross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter.
unknown
2008-03-05
4.3CVE-2008-1174
FULLDISC
BID
SECTRACK
SECUNIA
Flicks Software -- AuthentixCross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter to aspAdmin/deleteUser.asp, a different vector than CVE-2008-1174. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-03-05
4.3CVE-2008-1175
SECUNIA
Flyspray -- FlysprayMultiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information.
unknown
2008-03-05
4.3CVE-2008-1165
OTHER-REF
SECUNIA
Flyspray -- FlysprayFlyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-03-05
5.0CVE-2008-1166
SECUNIA
GoAhead Software -- GoAhead WebServer
GoAhead Software -- FS4104-AW Device
goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603.
unknown
2008-03-04
5.0CVE-2007-6702
MILW0RM
Google -- Android SDKHeap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.
unknown
2008-03-05
6.8CVE-2008-0985
BUGTRAQ
OTHER-REF
OTHER-REF
BID
IBM -- WebSphere MQUnspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel.
unknown
2008-03-03
6.6CVE-2008-1130
AIXAPAR
BID
FRSIRT
SECTRACK
SECUNIA
ImageMagick -- GraphicsMagick
ImageMagick -- ImageMagick
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.
unknown
2008-03-05
6.8CVE-2008-1096
OTHER-REF
OTHER-REF
Juniper -- Secure Access 2000Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the delivery_mode parameter.
unknown
2008-03-05
4.3CVE-2008-1180
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
Juniper -- Secure Access 2000Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message.
unknown
2008-03-05
5.0CVE-2008-1181
BUGTRAQ
BID
SECTRACK
KCWiki -- KCWikiMultiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php.
unknown
2008-03-05
6.8CVE-2008-1170
BUGTRAQ
Learn2 -- STRunnerMultiple stack-based buffer overflows in the Learn2 Corporation STRunner (aka Street Technologies) ActiveX control in iestm32.dll allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2008-03-03
6.8CVE-2007-6252
CERT-VN
Light httpd -- Light httpdmod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source code of CGI scripts instead of a 500 error, which might allow remote attackers to obtain sensitive information.
unknown
2008-03-04
5.0CVE-2008-1111
OTHER-REF
OTHER-REF
MoinMoin -- MoinMoinMultiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.
unknown
2008-03-05
4.3CVE-2008-1098
OTHER-REF
OTHER-REF
OTHER-REF
MoinMoin -- MoinMoin_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages.
unknown
2008-03-05
5.0CVE-2008-1099
OTHER-REF
OTHER-REF
Net Activity Viewer -- Net Activity ViewerUntrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action.
unknown
2008-03-03
4.7CVE-2008-1132
OTHER-REF
SECUNIA
Omegasoft -- INterneSErvicesLosungenOMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports authentication with a cookie that lacks a shared secret, which allows remote attackers to login as an arbitrary user via a modified cookie.
unknown
2008-03-04
6.4CVE-2008-1134
BUGTRAQ
BID
XF
Omegasoft -- INterneSErvicesLosungenOMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames.
unknown
2008-03-04
5.0CVE-2008-1135
BUGTRAQ
BID
XF
phpBB -- 123 Flash Chat Module** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123flashchat.php and (2) phpbb_login_chat.php. NOTE: CVE disputes this issue because $phpbb_root_path is explicitly set to "./" in both programs.
unknown
2008-03-05
6.8CVE-2008-1171
BUGTRAQ
BUGTRAQ
VIM
phpMyAdmin -- phpMyAdminphpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross Site Request Forgery (CSRF) attacks by using crafed cookies.
unknown
2008-03-04
5.1CVE-2008-1149
OTHER-REF
phpMytourney -- phpMytourneyPHP remote file inclusion vulnerability in tourney/index.php in phpMyTourney 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
unknown
2008-03-03
6.8CVE-2008-1128
BUGTRAQ
BID
Podcast Generator -- Podcast GeneratorMultiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to (1) components/xmlparser/loadparser.php; (2) admin.php, (3) categories.php, (4) categories_add.php, (5) categories_remove.php, (6) edit.php, (7) editdel.php, (8) ftpfeature.php, (9) login.php, (10) pgRSSnews.php, (11) showcat.php, and (12) upload.php in core/admin/; and (13) archive_cat.php, (14) archive_nocat.php, and (15) recent_list.php in core/.
unknown
2008-03-03
6.8CVE-2008-1124
MILW0RM
Podcast Generator -- Podcast GeneratorMultiple directory traversal vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) theme_path parameter to core/themes.php and the (2) filename parameter to download.php.
unknown
2008-03-03
5.0CVE-2008-1125
MILW0RM
QEMU -- QEMUQemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
unknown
2008-03-03
4.7CVE-2008-0928
MLIST
OTHER-REF
FEDORA
FEDORA
SECUNIA
Sarg -- Squid Analysis Report GeneratorCross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-03-05
4.3CVE-2008-1168
SECUNIA
Sitebuilder -- SiteBuilder EliteMultiple PHP remote file inclusion vulnerabilities in SiteBuilder Elite 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the CarpPath parameter to (1) files/carprss.php and (2) files/amazon-bestsellers.php.
unknown
2008-03-03
6.8CVE-2008-1123
MILW0RM
Sun -- SolarisUnspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands.
unknown
2008-03-03
4.9CVE-2008-1115
SUNALERT
FRSIRT
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186.
unknown
2008-03-06
6.0CVE-2008-1185
SUNALERT
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185.
unknown
2008-03-06
6.0CVE-2008-1186
SUNALERT
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.
unknown
2008-03-06
6.0CVE-2008-1187
SUNALERT
Sun -- JRE
Sun -- JDK
Multiple buffer overflows in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1189.
unknown
2008-03-06
6.0CVE-2008-1188
SUNALERT
Sun -- JRE
Sun -- JDK
Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188.
unknown
2008-03-06
6.0CVE-2008-1189
SUNALERT
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191.
unknown
2008-03-06
6.0CVE-2008-1190
SUNALERT
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190.
unknown
2008-03-06
6.0CVE-2008-1191
SUNALERT
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, 1.4.2_16 and earlier, and 1.3.1_21 and earlier allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors.
unknown
2008-03-06
6.0CVE-2008-1192
SUNALERT
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.
unknown
2008-03-06
6.0CVE-2008-1193
SUNALERT
Sun -- JRE
Sun -- JDK
Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file.
unknown
2008-03-06
6.0CVE-2008-1196
SUNALERT
TorrentTrader -- TorrentTrader Classic
TorrentTrader -- TorrentTrader
Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php in TorrentTrader Classic 1.08 allow remote attackers to perform certain actions as other users, as demonstrated by sending messages.
unknown
2008-03-05
4.3CVE-2008-1172
BUGTRAQ
XF
TorrentTrader -- TorrentTrader Classic
TorrentTrader -- TorrentTrader
Cross-site scripting (XSS) vulnerability in account-inbox.php in TorrentTrader Classic 1.08 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. .
unknown
2008-03-05
4.3CVE-2008-1173
BUGTRAQ
BID
SECUNIA
XF
WEBrick -- WEBrickDirectory traversal vulnerability in WEBrick 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
unknown
2008-03-04
5.0CVE-2008-1145
OTHER-REF
XRMS CRM -- XRMSCross-site scripting (XSS) vulnerability in admin/users/self.php in XRMS CRM allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information.
unknown
2008-03-03
4.3CVE-2008-1129
BUGTRAQ
BID
SECUNIA
XWine -- XWinew_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file.
unknown
2008-03-03
6.3CVE-2008-0931
OTHER-REF
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Acrobat Readeracroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.
unknown
2008-03-05
3.7CVE-2008-0883
OTHER-REF
BID
FRSIRT
SECUNIA
Affiliate Market -- Affiliate MarketCross-site scripting (XSS) vulnerability in function/sideblock.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to inject arbitrary web script or HTML via the sideblock4 parameter.
unknown
2008-03-05
2.6CVE-2008-1176
MILW0RM
XF
Drupal -- DrupalCross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms.
unknown
2008-03-03
3.5CVE-2008-1131
OTHER-REF
BID
SECUNIA
F5 -- Firepass 4100Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.
unknown
2008-03-05
2.6CVE-2007-6704
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
BID
BID
OSVDB
OSVDB
SECTRACK
SECUNIA
XF
XF
Sun -- JRE
Sun -- JDK
Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.
unknown
2008-03-06
3.5CVE-2008-1194
SUNALERT

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Vocera Communications -- wireless handsetsVocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
unknown
2008-03-03
7.1CVE-2008-1114
FULLDISC
OTHER-REF
OTHER-REF
OTHER-REF
BID
Affiliate Market -- Affiliate MarketSQL injection vulnerability in shop/detail.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-03-05
7.5CVE-2008-1177
MILW0RM
XF
Beehive Software -- SendFile.NETThe outboxWriteUnsent function in FTPThread.class in SendFile.jar for Beehive Software SendFile.NET uses hard-coded credentials for an FTP server, which allows remote attackers to gain privileges.
unknown
2008-03-04
7.5CVE-2008-1079
BUGTRAQ
BID
DESlock -- DESlockDESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, aka the "ring0 link list zero SYSTEM" vulnerability.
unknown
2008-03-04
7.2CVE-2008-1139
MILW0RM
FRSIRT
SECUNIA
DESlock -- DESlockDLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \\.\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the "ring0 SYSTEM" vulnerability.
unknown
2008-03-04
7.2CVE-2008-1140
MILW0RM
FRSIRT
SECUNIA
dream4 -- Koobi ProSQL injection vulnerability in index.php in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter in a downloads procedure.
unknown
2008-03-03
7.5CVE-2008-1122
MILW0RM
eazyPortal -- eazyPortalSQL injection vulnerability in index.php in eazyPortal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the session_vars cookie.
unknown
2008-03-03
7.5CVE-2008-1121
MILW0RM
BID
SECUNIA
freshmeat -- XWinew_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information.
unknown
2008-03-03
7.2CVE-2008-0930
OTHER-REF
SECUNIA
GNOME -- EvolutionFormat string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version: field.
unknown
2008-03-05
9.3CVE-2008-0072
OTHER-REF
DEBIAN
REDHAT
UBUNTU
BID
FRSIRT
SECUNIA
Google -- Android SDKInteger overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.
unknown
2008-03-05
7.5CVE-2008-0986
BUGTRAQ
OTHER-REF
OTHER-REF
BID
ICQ -- Mirabilis ICQFormat string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation.
unknown
2008-03-03
9.3CVE-2008-1120
OTHER-REF
BID
FRSIRT
SECUNIA
ImageMagick -- GraphicsMagick
ImageMagick -- ImageMagick
Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.
unknown
2008-03-05
9.3CVE-2008-1097
OTHER-REF
OTHER-REF
Joomla -- com_garyscookbook
Mambo -- com_garyscookbook
SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
unknown
2008-03-04
7.5CVE-2008-1137
MILW0RM
Microsoft -- Access
Microsoft -- Jet
Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026.
unknown
2008-03-06
8.5CVE-2008-1200
OTHER-REF
BID
PHP Web Scripts -- Dynamic Photo GallerySQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Photo Gallery 1.02 allows remote attackers to execute arbitrary SQL commands via the albumID parameter.
unknown
2008-03-05
7.5CVE-2008-1162
MILW0RM
OTHER-REF
BID
SECUNIA
phpArcadeScript -- phpArcadeScriptSQL injection vulnerability in index.php in phpArcadeScript 1.0 through 3.0 RC2 allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action.
unknown
2008-03-05
7.5CVE-2008-1163
MILW0RM
BID
phpComasy -- phpComasySQL injection vulnerability in index.php in phpComasy 0.8 allows remote attackers to execute arbitrary SQL commands via the mod_project_id parameter in a project_detail action.
unknown
2008-03-05
7.5CVE-2008-1164
MILW0RM
BID
Red Hat -- enterprise_linuxThe default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.
unknown
2008-03-06
7.8CVE-2008-1198
OTHER-REF
OTHER-REF
Rising Antivirus International -- Rising Web Scan ObjectInsecure method vulnerability in the Web Scan Object ActiveX control (OL2005.dll) in Rising Antivirus Online Scanner allows remote attackers to force the download and execution of arbitrary code by setting the BaseURL property and invoking the UpdateEngine method. NOTE: some of these details are obtained from third party information.
unknown
2008-03-03
9.3CVE-2008-1116
MILW0RM
BID
FRSIRT
SECUNIA
Sarg -- Squid Analysis Report GeneratorStack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information.
unknown
2008-03-05
10.0CVE-2008-1167
OTHER-REF
SECUNIA
SIMM-Comm -- SCI Photo ChatDirectory traversal vulnerability in the embedded HTTP server in SCI Photo Chat Server 3.4.9 and earlier allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot forward slash) in the GET command.
unknown
2008-03-05
7.8CVE-2008-1169
OTHER-REF
BID
FRSIRT
XF
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.
unknown
2008-03-06
8.5CVE-2008-1195
SUNALERT
SynCE -- vdccmUnspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) might allow attackers to cause a denial of service via unspecified vectors.
unknown
2008-03-04
10.0CVE-2007-6703
OTHER-REF
SynCE -- SynCEThe Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679.
unknown
2008-03-04
9.3CVE-2008-1136
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
Vocera Communications -- Vocera Communications BadgeCisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
unknown
2008-03-03
7.8CVE-2008-1113
FULLDISC
FULLDISC
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Barryvan Compo -- Barryvan Compo ManagerPHP remote file inclusion vulnerability in main.php in Barryvan Compo Manager 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the pageURL parameter.
unknown
2008-03-03
6.8CVE-2008-1126
MILW0RM
BSD Perimeter -- pfSenseCross-site scripting (XSS) vulnerability in BSD Perimeter pfSense before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-03-05
4.3CVE-2008-1182
OTHER-REF
BID
SECUNIA
Centreon -- CentreonDirectory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-03-03
5.0CVE-2008-1119
MILW0RM
OTHER-REF
BID
Centreon -- CentreonDirectory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2008-1119.
unknown
2008-03-05
6.8CVE-2008-1178
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
Centreon -- CentreonMultiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters. NOTE: some of these details are obtained from third party information.
unknown
2008-03-05
4.3CVE-2008-1179
OTHER-REF
BID
SECUNIA
XF
Crafty Syntax Live Help -- Crafty Syntax Live HelpMultiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax Live Help (CSLH) before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) livehelp.php, (2) user_questions.php, and (3) leavemessage.php. NOTE: the lostsheep.php vector is covered by CVE-2008-0848.
unknown
2008-03-05
4.3CVE-2008-1183
OTHER-REF
BID
SECUNIA
XF
Crytek -- CrysisFormat string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed.
unknown
2008-03-03
6.0CVE-2008-1127
MILW0RM
BID
Darwin -- Darwin
Cosmicperl -- Directory Pro
Navision -- Financials Server
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND.
unknown
2008-03-04
6.8CVE-2008-1146
OTHER-REF
OTHER-REF
BUGTRAQ
BID
SECUNIA
Darwin -- Darwin
Cosmicperl -- Directory Pro
Navision -- Financials Server
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting.
unknown
2008-03-04
6.8CVE-2008-1147
OTHER-REF
OTHER-REF
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
SECUNIA
Darwin -- Darwin
Cosmicperl -- Directory Pro
Navision -- Financials Server
A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting.
unknown
2008-03-04
6.8CVE-2008-1148
OTHER-REF
OTHER-REF
BUGTRAQ
BID
SECUNIA
DESlock -- DESlockDLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (system crash) via a certain ZERO_MEM DLMFENC_IOCTL request to \\.\DLKPFSD_Device, aka the "ring0 link list zero" vulnerability.
unknown
2008-03-04
4.9CVE-2008-1138
MILW0RM
FRSIRT
SECUNIA
DESlock -- DESlockMemory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (kernel memory consumption) via a series of DLMFENC_IOCTL requests to \\.\DLKPFSD_Device that allocate "link list structures."
unknown
2008-03-04
4.9CVE-2008-1141
MILW0RM
FRSIRT
SECUNIA
DNSSEC-Tools -- DNSSEC-ToolsThe DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks.
unknown
2008-03-05
5.0CVE-2008-1184
OTHER-REF
FEDORA
FEDORA
FRSIRT
SECUNIA
SECUNIA
Dovecot -- DovecotDovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
unknown
2008-03-06
4.1CVE-2008-1199
BUGTRAQ
MLIST
BID
XF
Drupal -- DrupalThe Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
unknown
2008-03-04
4.3CVE-2008-1133
OTHER-REF
BID
SECUNIA
Flicks Software -- AuthentixCross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter.
unknown
2008-03-05
4.3CVE-2008-1174
FULLDISC
BID
SECTRACK
SECUNIA
Flicks Software -- AuthentixCross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter to aspAdmin/deleteUser.asp, a different vector than CVE-2008-1174. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-03-05
4.3CVE-2008-1175
SECUNIA
Flyspray -- FlysprayMultiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information.
unknown
2008-03-05
4.3CVE-2008-1165
OTHER-REF
SECUNIA
Flyspray -- FlysprayFlyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-03-05
5.0CVE-2008-1166
SECUNIA
GoAhead Software -- GoAhead WebServer
GoAhead Software -- FS4104-AW Device
goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603.
unknown
2008-03-04
5.0CVE-2007-6702
MILW0RM
Google -- Android SDKHeap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.
unknown
2008-03-05
6.8CVE-2008-0985
BUGTRAQ
OTHER-REF
OTHER-REF
BID
IBM -- WebSphere MQUnspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel.
unknown
2008-03-03
6.6CVE-2008-1130
AIXAPAR
BID
FRSIRT
SECTRACK
SECUNIA
ImageMagick -- GraphicsMagick
ImageMagick -- ImageMagick
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.
unknown
2008-03-05
6.8CVE-2008-1096
OTHER-REF
OTHER-REF
Juniper -- Secure Access 2000Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the delivery_mode parameter.
unknown
2008-03-05
4.3CVE-2008-1180
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
Juniper -- Secure Access 2000Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message.
unknown
2008-03-05
5.0CVE-2008-1181
BUGTRAQ
BID
SECTRACK
KCWiki -- KCWikiMultiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php.
unknown
2008-03-05
6.8CVE-2008-1170
BUGTRAQ
Learn2 -- STRunnerMultiple stack-based buffer overflows in the Learn2 Corporation STRunner (aka Street Technologies) ActiveX control in iestm32.dll allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2008-03-03
6.8CVE-2007-6252
CERT-VN
Light httpd -- Light httpdmod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source code of CGI scripts instead of a 500 error, which might allow remote attackers to obtain sensitive information.
unknown
2008-03-04
5.0CVE-2008-1111
OTHER-REF
OTHER-REF
MoinMoin -- MoinMoinMultiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.
unknown
2008-03-05
4.3CVE-2008-1098
OTHER-REF
OTHER-REF
OTHER-REF
MoinMoin -- MoinMoin_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages.
unknown
2008-03-05
5.0CVE-2008-1099
OTHER-REF
OTHER-REF
Net Activity Viewer -- Net Activity ViewerUntrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action.
unknown
2008-03-03
4.7CVE-2008-1132
OTHER-REF
SECUNIA
Omegasoft -- INterneSErvicesLosungenOMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports authentication with a cookie that lacks a shared secret, which allows remote attackers to login as an arbitrary user via a modified cookie.
unknown
2008-03-04
6.4CVE-2008-1134
BUGTRAQ
BID
XF
Omegasoft -- INterneSErvicesLosungenOMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames.
unknown
2008-03-04
5.0CVE-2008-1135
BUGTRAQ
BID
XF
phpBB -- 123 Flash Chat Module** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123flashchat.php and (2) phpbb_login_chat.php. NOTE: CVE disputes this issue because $phpbb_root_path is explicitly set to "./" in both programs.
unknown
2008-03-05
6.8CVE-2008-1171
BUGTRAQ
BUGTRAQ
VIM
phpMyAdmin -- phpMyAdminphpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross Site Request Forgery (CSRF) attacks by using crafed cookies.
unknown
2008-03-04
5.1CVE-2008-1149
OTHER-REF
phpMytourney -- phpMytourneyPHP remote file inclusion vulnerability in tourney/index.php in phpMyTourney 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
unknown
2008-03-03
6.8CVE-2008-1128
BUGTRAQ
BID
Podcast Generator -- Podcast GeneratorMultiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to (1) components/xmlparser/loadparser.php; (2) admin.php, (3) categories.php, (4) categories_add.php, (5) categories_remove.php, (6) edit.php, (7) editdel.php, (8) ftpfeature.php, (9) login.php, (10) pgRSSnews.php, (11) showcat.php, and (12) upload.php in core/admin/; and (13) archive_cat.php, (14) archive_nocat.php, and (15) recent_list.php in core/.
unknown
2008-03-03
6.8CVE-2008-1124
MILW0RM
Podcast Generator -- Podcast GeneratorMultiple directory traversal vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) theme_path parameter to core/themes.php and the (2) filename parameter to download.php.
unknown
2008-03-03
5.0CVE-2008-1125
MILW0RM
QEMU -- QEMUQemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
unknown
2008-03-03
4.7CVE-2008-0928
MLIST
OTHER-REF
FEDORA
FEDORA
SECUNIA
Sarg -- Squid Analysis Report GeneratorCross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-03-05
4.3CVE-2008-1168
SECUNIA
Sitebuilder -- SiteBuilder EliteMultiple PHP remote file inclusion vulnerabilities in SiteBuilder Elite 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the CarpPath parameter to (1) files/carprss.php and (2) files/amazon-bestsellers.php.
unknown
2008-03-03
6.8CVE-2008-1123
MILW0RM
Sun -- SolarisUnspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands.
unknown
2008-03-03
4.9CVE-2008-1115
SUNALERT
FRSIRT
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186.
unknown
2008-03-06
6.0CVE-2008-1185
SUNALERT
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185.
unknown
2008-03-06
6.0CVE-2008-1186
SUNALERT
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.
unknown
2008-03-06
6.0CVE-2008-1187
SUNALERT
Sun -- JRE
Sun -- JDK
Multiple buffer overflows in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1189.
unknown
2008-03-06
6.0CVE-2008-1188
SUNALERT
Sun -- JRE
Sun -- JDK
Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188.
unknown
2008-03-06
6.0CVE-2008-1189
SUNALERT
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191.
unknown
2008-03-06
6.0CVE-2008-1190
SUNALERT
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190.
unknown
2008-03-06
6.0CVE-2008-1191
SUNALERT
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, 1.4.2_16 and earlier, and 1.3.1_21 and earlier allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors.
unknown
2008-03-06
6.0CVE-2008-1192
SUNALERT
Sun -- JRE
Sun -- JDK
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.
unknown
2008-03-06
6.0CVE-2008-1193
SUNALERT
Sun -- JRE
Sun -- JDK
Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file.
unknown
2008-03-06
6.0CVE-2008-1196
SUNALERT
TorrentTrader -- TorrentTrader Classic
TorrentTrader -- TorrentTrader
Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php in TorrentTrader Classic 1.08 allow remote attackers to perform certain actions as other users, as demonstrated by sending messages.
unknown
2008-03-05
4.3CVE-2008-1172
BUGTRAQ
XF
TorrentTrader -- TorrentTrader Classic
TorrentTrader -- TorrentTrader
Cross-site scripting (XSS) vulnerability in account-inbox.php in TorrentTrader Classic 1.08 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. .
unknown
2008-03-05
4.3CVE-2008-1173
BUGTRAQ
BID
SECUNIA
XF
WEBrick -- WEBrickDirectory traversal vulnerability in WEBrick 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
unknown
2008-03-04
5.0CVE-2008-1145
OTHER-REF
XRMS CRM -- XRMSCross-site scripting (XSS) vulnerability in admin/users/self.php in XRMS CRM allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information.
unknown
2008-03-03
4.3CVE-2008-1129
BUGTRAQ
BID
SECUNIA
XWine -- XWinew_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file.
unknown
2008-03-03
6.3CVE-2008-0931
OTHER-REF
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Acrobat Readeracroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.
unknown
2008-03-05
3.7CVE-2008-0883
OTHER-REF
BID
FRSIRT
SECUNIA
Affiliate Market -- Affiliate MarketCross-site scripting (XSS) vulnerability in function/sideblock.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to inject arbitrary web script or HTML via the sideblock4 parameter.
unknown
2008-03-05
2.6CVE-2008-1176
MILW0RM
XF
Drupal -- DrupalCross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms.
unknown
2008-03-03
3.5CVE-2008-1131
OTHER-REF
BID
SECUNIA
F5 -- Firepass 4100Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.
unknown
2008-03-05
2.6CVE-2007-6704
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
BID
BID
OSVDB
OSVDB
SECTRACK
SECUNIA
XF
XF
Sun -- JRE
Sun -- JDK
Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.
unknown
2008-03-06
3.5CVE-2008-1194
SUNALERT

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top