U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB08-231)

Vulnerability Summary for the Week of August 11, 2008

Original release date: August 18, 2008

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
21degrees -- symphonySQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.
unknown
2008-08-11
7.5CVE-2008-3591
MILW0RM
BID
21degrees -- symphonyUnrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/.
unknown
2008-08-11
8.5CVE-2008-3592
MILW0RM
CA -- Internet Security Suite 2008
CA -- host_based_intrusion_prevention_system
CA -- personal_firewall_2008
CA -- Internet Security Suite 2007
CA -- personal_firewall_2007
The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request.
unknown
2008-08-12
7.2CVE-2008-2926
OTHER-REF
BID
CalaCode -- atmailCalacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitation of CVE-2008-3395. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-08-10
7.8CVE-2008-3579
XF
comsenz -- discuzSQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action.
unknown
2008-08-08
7.5CVE-2008-3554
MILW0RM
BID
Dayfox Designs -- dayfox_blogMultiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
unknown
2008-08-10
7.5CVE-2008-3564
MILW0RM
BID
Egi Zaberl -- e.z._pollMultiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-08-11
7.5CVE-2008-3590
SECUNIA
GNU -- GnuTLSUse after free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.
unknown
2008-08-08
7.6CVE-2008-2377
MLIST
OTHER-REF
OTHER-REF
Haudenschilt -- battlenet_clan_scriptMultiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522.
unknown
2008-08-08
7.5CVE-2008-3556
BUGTRAQ
BID
Horde -- Groupware Webmail EditionMultiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.
unknown
2008-08-12
9.0CVE-2008-3650
HP -- HP-UXUnspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.
unknown
2008-08-08
7.8CVE-2008-1664
HP
BID
SECTRACK
HP -- HP-UXUnspecified vulnerability in ftpd (aka wu-ftpd 2.4.x) in HP-UX B.11.11 allows remote attackers to gain privileges via unknown vectors.
unknown
2008-08-13
10.0CVE-2008-1668
BID
HP -- Linux Imaging and Printing ProjectThe alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.
unknown
2008-08-14
7.2CVE-2008-2940
REDHAT
SECTRACK
intellitamper -- intellitamperBuffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. NOTE: this might be related to CVE-2008-3360.
unknown
2008-08-10
7.5CVE-2008-3583
MILW0RM
BID
IPsec-Tools -- racoonsrc/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).
unknown
2008-08-12
7.8CVE-2008-3652
MLIST
Joomla -- com_ezstoreSQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
unknown
2008-08-11
7.5CVE-2008-3586
MILW0RM
Joomla -- com_usercomponents/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly restrict access, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
unknown
2008-08-14
7.5CVE-2008-3681
MILW0RM
OTHER-REF
BID
SECTRACK
MagicScripts -- E-Store Kit-1
MagicScripts -- E-Store Kit-2
SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter.
unknown
2008-08-11
7.5CVE-2008-3594
MILW0RM
BID
Microsoft -- Windows MessengerAn ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.
unknown
2008-08-12
10.0CVE-2008-0082
BID
SECTRACK
Microsoft -- office_powerpoint_viewerA "memory allocation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, aka "Memory Allocation Vulnerability."
unknown
2008-08-12
9.3CVE-2008-0120
Microsoft -- office_powerpoint_viewerA "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
unknown
2008-08-12
9.3CVE-2008-0121
MS
Microsoft -- Outlook Express
Microsoft -- Windows Mail
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not properly handle MHTML URL redirections, which allows remote attackers to bypass Internet Explorer domain restrictions via crafted HTTP headers, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
unknown
2008-08-12
7.1CVE-2008-1448
SECTRACK
SECTRACK
Microsoft -- windows-ntArray index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
unknown
2008-08-13
9.0CVE-2008-1456
Microsoft -- windows-ntThe Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
unknown
2008-08-13
9.0CVE-2008-1457
BID
Microsoft -- windows-ntHeap-based buffer overflow in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
unknown
2008-08-12
9.3CVE-2008-2245
SECTRACK
Microsoft -- windows-ntMicrosoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
unknown
2008-08-12
7.8CVE-2008-2246
SECTRACK
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability."
unknown
2008-08-13
9.3CVE-2008-2254
SECTRACK
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability."
unknown
2008-08-13
9.3CVE-2008-2255
SECTRACK
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability."
unknown
2008-08-13
9.3CVE-2008-2256
SECTRACK
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2258, aka "HTML Objects Memory Corruption Vulnerability."
unknown
2008-08-13
9.3CVE-2008-2257
SECTRACK
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2257, aka "HTML Objects Memory Corruption Vulnerability."
unknown
2008-08-13
9.3CVE-2008-2258
SECTRACK
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability."
unknown
2008-08-13
9.3CVE-2008-2259
SECTRACK
Microsoft -- Office
Microsoft -- office_excel_viewer
Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability."
unknown
2008-08-12
9.3CVE-2008-3004
Microsoft -- OfficeMicrosoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac, do not properly validate an unspecified array index when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Index Array Vulnerability."
unknown
2008-08-12
9.3CVE-2008-3005
Microsoft -- Office
Microsoft -- SharePoint Server
Microsoft -- office_compatibility_pack
Microsoft -- office_excel_viewer
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability."
unknown
2008-08-12
9.3CVE-2008-3006
Microsoft -- office_converter_pack
Microsoft -- Office
Microsoft -- Works
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021.
unknown
2008-08-12
9.3CVE-2008-3018
MS
Microsoft -- office_converter_pack
Microsoft -- Office
Microsoft -- Works
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability."
unknown
2008-08-12
9.3CVE-2008-3019
Microsoft -- office_converter_pack
Microsoft -- Office
Microsoft -- Works
Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability."
unknown
2008-08-12
9.3CVE-2008-3020
Microsoft -- office_converter_pack
Microsoft -- Office
Microsoft -- Works
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018.
unknown
2008-08-12
9.3CVE-2008-3021
Microsoft -- office_converter_pack
Microsoft -- Office
Microsoft -- Works
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability."
unknown
2008-08-12
9.3CVE-2008-3460
MS
Microsoft -- windows-ntnslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
unknown
2008-08-12
9.3CVE-2008-3648
OTHER-REF
BID
openimpro -- openimproSQL injection vulnerability in image.php in OpenImpro 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-08-12
7.5CVE-2008-3599
MILW0RM
PHP -- PHPBuffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
unknown
2008-08-14
7.5CVE-2008-3658
OTHER-REF
OTHER-REF
OTHER-REF
MLIST
MLIST
phsBlog -- phsBlogMultiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to comments.php, (2) cid parameter to index.php, and the (3) urltitle parameter to entries.php.
unknown
2008-08-11
7.5CVE-2008-3588
MILW0RM
pozscripts -- greencart_php_shopping_cartMultiple SQL injection vulnerabilities in PozScripts GreenCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) product_desc.php and (2) store_info.php.
unknown
2008-08-11
7.5CVE-2008-3585
MILW0RM
BID
pozscripts -- classified_adsSQL injection vulnerability in showcategory.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-????. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-08-13
7.5CVE-2008-3672
pozscripts -- classified_adsSQL injection vulnerability in browsecats.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-????.
unknown
2008-08-13
7.5CVE-2008-3673
MILW0RM
BID
pozscripts -- tubeguru_video_sharing_scriptSQL injection vulnerability in ugroups.php in PozScripts TubeGuru Video Sharing Script allows remote attackers to execute arbitrary SQL commands via the UID parameter.
unknown
2008-08-13
7.5CVE-2008-3674
MILW0RM
BID
psi-labs -- psipussMultiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php.
unknown
2008-08-12
7.5CVE-2008-3598
MILW0RM
BID
psychdaily -- php_ring_webring_systemadmin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
unknown
2008-08-12
7.5CVE-2008-3602
MILW0RM
BID
Quicksilver Forums -- Quicksilver ForumsSQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action.
unknown
2008-08-12
7.5CVE-2008-3601
MILW0RM
BID
ruby-lang -- RubyAlgorithmic complexity vulnerability in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.
unknown
2008-08-12
7.8CVE-2008-3656
OTHER-REF
OTHER-REF
ruby-lang -- RubyThe dl module in Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
unknown
2008-08-12
7.5CVE-2008-3657
OTHER-REF
OTHER-REF
Sun -- opensolaris
Sun -- Solaris
Unspecified vulnerability in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allows remote attackers to execute arbitrary code via a crafted SMB packet, a different vulnerability than CVE-2008-0965.
unknown
2008-08-08
10.0CVE-2008-0964
SUNALERT
BID
XF
Sun -- opensolaris
Sun -- Solaris
Unspecified vulnerability in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allows remote attackers to execute arbitrary code via a crafted SMB packet, a different vulnerability than CVE-2008-0964.
unknown
2008-08-08
10.0CVE-2008-0965
SUNALERT
BID
XF
Sun -- opensolaris
Sun -- Solaris
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured; and (2) local users to cause a denial of service (panic) via a call to sendfilev or sendfile.
unknown
2008-08-13
7.1CVE-2008-3666
SUNALERT
BID
syzygycms -- syzygycmsDirectory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
unknown
2008-08-11
7.5CVE-2008-3593
MILW0RM
Tibco -- Runtime Agent
Tibco -- mainframe_service_tracker
Tibco -- Hawk
Tibco -- iprocess_engine
Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message.
unknown
2008-08-13
10.0CVE-2008-3338
OTHER-REF
TikiWiki -- tikiki_cms_groupwareMultiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.
unknown
2008-08-12
10.0CVE-2008-3653
OTHER-REF
TikiWiki -- tikiki_cms_groupwareUnspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.
unknown
2008-08-12
7.8CVE-2008-3654
OTHER-REF
OTHER-REF
txtsql -- txtsqlPHP remote file inclusion vulnerability in examples/txtSQLAdmin/startup.php in txtSQL 2.2 Final allows remote attackers to execute arbitrary PHP code via a URL in the CFG[txtsql][class] parameter.
unknown
2008-08-12
9.3CVE-2008-3595
MILW0RM
BID
Vacation Rentals -- Vacation Rental ScriptSQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections action.
unknown
2008-08-12
7.5CVE-2008-3603
MILW0RM
BID
Xerox -- phaserThe Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900.
unknown
2008-08-10
7.8CVE-2008-3571
MILW0RM
BID
zeescripts -- zeebuddySQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
unknown
2008-08-12
7.5CVE-2008-3604
MILW0RM
BID
XF
zeescripts -- zeereviewsSQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
unknown
2008-08-13
7.5CVE-2008-3669
MILW0RM
BID
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Acronis -- true_image_echo_serverAcronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-08-13
5.0CVE-2008-3671
BID
Adobe -- presenterMultiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516.
unknown
2008-08-12
4.3CVE-2008-3515
Adobe -- presenterMultiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3515.
unknown
2008-08-12
4.3CVE-2008-3516
Apache Friends -- XAMPPMultiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php.
unknown
2008-08-10
4.3CVE-2008-3569
BUGTRAQ
BID
Apache Software Foundation -- TomcatDirectory traversal vulnerability in Apache Tomcat 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370.
unknown
2008-08-12
4.3CVE-2008-2938
MILW0RM
BID
articlefriendly -- article_friendlySQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter.
unknown
2008-08-12
6.8CVE-2008-3649
MILW0RM
BID
articlefriendly -- article_friendlySQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter.
unknown
2008-08-13
6.8CVE-2008-3670
MILW0RM
BID
Computer Associates -- Internet Security Suite
Computer Associates -- personal_firewall
Computer Associates -- host_based_intrusion_prevention_system
Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related to "insufficient validation."
unknown
2008-08-12
5.0CVE-2008-3174
OTHER-REF
BID
Damian Hickey -- freewayCross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway before 1.4.2.197 allows remote attackers to inject arbitrary web script or HTML via the URL.
unknown
2008-08-14
4.3CVE-2008-3678
OTHER-REF
Flagship Industries -- VentriloThe decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet to TCP port 3784.
unknown
2008-08-14
5.0CVE-2008-3680
BUGTRAQ
OTHER-REF
OTHER-REF
BID
gelatocms -- gelatocmsDirectory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) full pathname in the img parameter. NOTE: some of these details are obtained from third party information.
unknown
2008-08-14
5.0CVE-2008-3675
MILW0RM
harmoni -- harmoniCross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allows remote attackers to inject arbitrary web script or HTML via the Username field, which is inserted into logs that could be rendered when viewed by an administrator.
unknown
2008-08-12
4.3CVE-2008-3596
OTHER-REF
BID
havp -- havp
havp -- http_antivirus_proxy
sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable.
unknown
2008-08-14
4.3CVE-2008-3688
OTHER-REF
hMailServer -- hMailServerUnspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands.
unknown
2008-08-14
4.3CVE-2008-3676
BUGTRAQ
HP -- Linux Imaging and Printing ProjectThe hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207.
unknown
2008-08-14
4.9CVE-2008-2941
REDHAT
SECTRACK
iDevspot -- PhpLinkExchangeMultiple cross-site scripting (XSS) vulnerabilities in index.php in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a (1) user_add, (2) recip, (3) tellafriend, or (4) contact action, or (5) in a request without an action; or (6) the id parameter in a tellafriend action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-08-14
4.3CVE-2008-3679
OTHER-REF
BID
XF
Linux -- KernelThe (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 does not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.
unknown
2008-08-12
4.9CVE-2008-3275
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
BID
Linux -- ipsec_tools_racoon_daemonMemory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.
unknown
2008-08-12
4.0CVE-2008-3651
MLIST
OTHER-REF
Linux -- KernelThe rt6_fill_node function in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference.
unknown
2008-08-14
4.9CVE-2008-3686
MLIST
MLIST
Marcello Brandao -- yogurt_social_network_moduleMultiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap.
unknown
2008-08-13
4.3CVE-2008-3668
OTHER-REF
BID
BID
XF
XF
Maxthon -- maxthon_browserStack-based buffer overflow in Maxthon Browser 2.0 and earlier allows remote attackers to execute arbitrary code via a long Content-type HTTP header.
unknown
2008-08-13
6.8CVE-2008-3667
OTHER-REF
BID
XF
McAfee -- encrypted_usb_managerUnspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, when the Re-use Threshold for passwords is nonzero, allows remote attackers to conduct offline brute force attacks via unknown vectors.
unknown
2008-08-12
6.8CVE-2008-3605
Menalto -- GalleryDirectory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action.
unknown
2008-08-12
6.8CVE-2008-3600
BUGTRAQ
MILW0RM
OTHER-REF
Microsoft -- office_powerpoint
Microsoft -- office_powerpoint_viewer
Microsoft -- Office
Microsoft -- compatibility_pack_word_excel_powerpoint
A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka "Parsing Overflow Vulnerability."
unknown
2008-08-12
6.8CVE-2008-1455
Microsoft -- OfficeMicrosoft Office Excel 2007 Gold and SP1, does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
unknown
2008-08-12
6.6CVE-2008-3003
mozilo -- mozilocmsDirectory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.
unknown
2008-08-11
4.3CVE-2008-3589
MILW0RM
BID
needscripts -- homes_4_saleCross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter.
unknown
2008-08-11
4.3CVE-2008-3587
BUGTRAQ
BID
noticeware -- email_serverThe IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via multiple long LOGIN commands.
unknown
2008-08-12
5.0CVE-2008-3607
BUGTRAQ
BID
openfreeway -- FreewayDirectory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors.
unknown
2008-08-14
6.8CVE-2008-3677
OTHER-REF
OpenTTD -- OpenTTDBuffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttd_main function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments.
unknown
2008-08-10
4.6CVE-2008-3577
OTHER-REF
BID
PHP -- PHPBuffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.
unknown
2008-08-14
6.4CVE-2008-3659
OTHER-REF
OTHER-REF
MLIST
MLIST
MLIST
MLIST
PHP -- PHPPHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.
unknown
2008-08-14
5.0CVE-2008-3660
OTHER-REF
MLIST
MLIST
Pidgin -- PidginThe NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
unknown
2008-08-08
6.8CVE-2008-3532
OTHER-REF
OTHER-REF
OTHER-REF
Powergap -- shopsystemSQL injection vulnerability in s03.php in Powergap Shopsystem, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the ag parameter.
unknown
2008-08-10
6.8CVE-2008-3561
OTHER-REF
BID
Qbik -- WinGateHeap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information.
unknown
2008-08-12
6.5CVE-2008-3606
BUGTRAQ
BID
SECTRACK
Red Hat -- Network Satellite Servermanzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.
unknown
2008-08-14
6.4CVE-2008-2369
REDHAT
BID
SECTRACK
ruby-lang -- RubyThe regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
unknown
2008-08-14
5.0CVE-2008-3443
MILW0RM
ruby-lang -- RubyRuby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.
unknown
2008-08-12
6.4CVE-2008-3655
OTHER-REF
OTHER-REF
Skulltag Team -- SkulltagSkulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game.
unknown
2008-08-12
5.0CVE-2008-3597
OTHER-REF
XF
Sun -- Java System Web Proxy ServerUnspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service (failure to accept connections) via unknown vectors, probably related to exhaustion of file descriptors.
unknown
2008-08-14
5.0CVE-2008-3683
VMWare -- VirtualCenterUnspecified vulnerability in VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 allows attackers to determine valid user names via an "attempt to assign permissions to other system users."
unknown
2008-08-13
5.0CVE-2008-3514
BUGTRAQ
BID
Xen -- Xen
Xen -- xen_flask_module
Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall.
unknown
2008-08-14
6.8CVE-2008-3687
OTHER-REF
OTHER-REF
ypninc -- php_realtySQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter.
unknown
2008-08-14
6.8CVE-2008-3682
OTHER-REF
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
amaroK -- AmarokThe MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.
unknown
2008-08-14
1.9CVE-2008-3699
OTHER-REF
OTHER-REF
OTHER-REF
Pluck -- PluckMultiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php.
unknown
2008-08-10
2.6CVE-2008-3574
BUGTRAQ

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
21degrees -- symphonySQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.
unknown
2008-08-11
7.5CVE-2008-3591
MILW0RM
BID
21degrees -- symphonyUnrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/.
unknown
2008-08-11
8.5CVE-2008-3592
MILW0RM
CA -- Internet Security Suite 2008
CA -- host_based_intrusion_prevention_system
CA -- personal_firewall_2008
CA -- Internet Security Suite 2007
CA -- personal_firewall_2007
The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request.
unknown
2008-08-12
7.2CVE-2008-2926
OTHER-REF
BID
CalaCode -- atmailCalacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitation of CVE-2008-3395. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-08-10
7.8CVE-2008-3579
XF
comsenz -- discuzSQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action.
unknown
2008-08-08
7.5CVE-2008-3554
MILW0RM
BID
Dayfox Designs -- dayfox_blogMultiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
unknown
2008-08-10
7.5CVE-2008-3564
MILW0RM
BID
Egi Zaberl -- e.z._pollMultiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-08-11
7.5CVE-2008-3590
SECUNIA
GNU -- GnuTLSUse after free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.
unknown
2008-08-08
7.6CVE-2008-2377
MLIST
OTHER-REF
OTHER-REF
Haudenschilt -- battlenet_clan_scriptMultiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522.
unknown
2008-08-08
7.5CVE-2008-3556
BUGTRAQ
BID
Horde -- Groupware Webmail EditionMultiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.
unknown
2008-08-12
9.0CVE-2008-3650
HP -- HP-UXUnspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.
unknown
2008-08-08
7.8CVE-2008-1664
HP
BID
SECTRACK
HP -- HP-UXUnspecified vulnerability in ftpd (aka wu-ftpd 2.4.x) in HP-UX B.11.11 allows remote attackers to gain privileges via unknown vectors.
unknown
2008-08-13
10.0CVE-2008-1668
BID
HP -- Linux Imaging and Printing ProjectThe alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.
unknown
2008-08-14
7.2CVE-2008-2940
REDHAT
SECTRACK
intellitamper -- intellitamperBuffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. NOTE: this might be related to CVE-2008-3360.
unknown
2008-08-10
7.5CVE-2008-3583
MILW0RM
BID
IPsec-Tools -- racoonsrc/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).
unknown
2008-08-12
7.8CVE-2008-3652
MLIST
Joomla -- com_ezstoreSQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
unknown
2008-08-11
7.5CVE-2008-3586
MILW0RM
Joomla -- com_usercomponents/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly restrict access, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
unknown
2008-08-14
7.5CVE-2008-3681
MILW0RM
OTHER-REF
BID
SECTRACK
MagicScripts -- E-Store Kit-1
MagicScripts -- E-Store Kit-2
SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter.
unknown
2008-08-11
7.5CVE-2008-3594
MILW0RM
BID
Microsoft -- Windows MessengerAn ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.
unknown
2008-08-12
10.0CVE-2008-0082
BID
SECTRACK
Microsoft -- office_powerpoint_viewerA "memory allocation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, aka "Memory Allocation Vulnerability."
unknown
2008-08-12
9.3CVE-2008-0120
Microsoft -- office_powerpoint_viewerA "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
unknown
2008-08-12
9.3CVE-2008-0121
MS
Microsoft -- Outlook Express
Microsoft -- Windows Mail
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not properly handle MHTML URL redirections, which allows remote attackers to bypass Internet Explorer domain restrictions via crafted HTTP headers, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
unknown
2008-08-12
7.1CVE-2008-1448
SECTRACK
SECTRACK
Microsoft -- windows-ntArray index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
unknown
2008-08-13
9.0CVE-2008-1456
Microsoft -- windows-ntThe Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
unknown
2008-08-13
9.0CVE-2008-1457
BID
Microsoft -- windows-ntHeap-based buffer overflow in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
unknown
2008-08-12
9.3CVE-2008-2245
SECTRACK
Microsoft -- windows-ntMicrosoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
unknown
2008-08-12
7.8CVE-2008-2246
SECTRACK
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability."
unknown
2008-08-13
9.3CVE-2008-2254
SECTRACK
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability."
unknown
2008-08-13
9.3CVE-2008-2255
SECTRACK
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability."
unknown
2008-08-13
9.3CVE-2008-2256
SECTRACK
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2258, aka "HTML Objects Memory Corruption Vulnerability."
unknown
2008-08-13
9.3CVE-2008-2257
SECTRACK
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2257, aka "HTML Objects Memory Corruption Vulnerability."
unknown
2008-08-13
9.3CVE-2008-2258
SECTRACK
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability."
unknown
2008-08-13
9.3CVE-2008-2259
SECTRACK
Microsoft -- Office
Microsoft -- office_excel_viewer
Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability."
unknown
2008-08-12
9.3CVE-2008-3004
Microsoft -- OfficeMicrosoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac, do not properly validate an unspecified array index when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Index Array Vulnerability."
unknown
2008-08-12
9.3CVE-2008-3005
Microsoft -- Office
Microsoft -- SharePoint Server
Microsoft -- office_compatibility_pack
Microsoft -- office_excel_viewer
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability."
unknown
2008-08-12
9.3CVE-2008-3006
Microsoft -- office_converter_pack
Microsoft -- Office
Microsoft -- Works
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021.
unknown
2008-08-12
9.3CVE-2008-3018
MS
Microsoft -- office_converter_pack
Microsoft -- Office
Microsoft -- Works
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability."
unknown
2008-08-12
9.3CVE-2008-3019
Microsoft -- office_converter_pack
Microsoft -- Office
Microsoft -- Works
Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability."
unknown
2008-08-12
9.3CVE-2008-3020
Microsoft -- office_converter_pack
Microsoft -- Office
Microsoft -- Works
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018.
unknown
2008-08-12
9.3CVE-2008-3021
Microsoft -- office_converter_pack
Microsoft -- Office
Microsoft -- Works
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability."
unknown
2008-08-12
9.3CVE-2008-3460
MS
Microsoft -- windows-ntnslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
unknown
2008-08-12
9.3CVE-2008-3648
OTHER-REF
BID
openimpro -- openimproSQL injection vulnerability in image.php in OpenImpro 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-08-12
7.5CVE-2008-3599
MILW0RM
PHP -- PHPBuffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
unknown
2008-08-14
7.5CVE-2008-3658
OTHER-REF
OTHER-REF
OTHER-REF
MLIST
MLIST
phsBlog -- phsBlogMultiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to comments.php, (2) cid parameter to index.php, and the (3) urltitle parameter to entries.php.
unknown
2008-08-11
7.5CVE-2008-3588
MILW0RM
pozscripts -- greencart_php_shopping_cartMultiple SQL injection vulnerabilities in PozScripts GreenCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) product_desc.php and (2) store_info.php.
unknown
2008-08-11
7.5CVE-2008-3585
MILW0RM
BID
pozscripts -- classified_adsSQL injection vulnerability in showcategory.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-????. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-08-13
7.5CVE-2008-3672
pozscripts -- classified_adsSQL injection vulnerability in browsecats.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-????.
unknown
2008-08-13
7.5CVE-2008-3673
MILW0RM
BID
pozscripts -- tubeguru_video_sharing_scriptSQL injection vulnerability in ugroups.php in PozScripts TubeGuru Video Sharing Script allows remote attackers to execute arbitrary SQL commands via the UID parameter.
unknown
2008-08-13
7.5CVE-2008-3674
MILW0RM
BID
psi-labs -- psipussMultiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php.
unknown
2008-08-12
7.5CVE-2008-3598
MILW0RM
BID
psychdaily -- php_ring_webring_systemadmin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
unknown
2008-08-12
7.5CVE-2008-3602
MILW0RM
BID
Quicksilver Forums -- Quicksilver ForumsSQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action.
unknown
2008-08-12
7.5CVE-2008-3601
MILW0RM
BID
ruby-lang -- RubyAlgorithmic complexity vulnerability in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.
unknown
2008-08-12
7.8CVE-2008-3656
OTHER-REF
OTHER-REF
ruby-lang -- RubyThe dl module in Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
unknown
2008-08-12
7.5CVE-2008-3657
OTHER-REF
OTHER-REF
Sun -- opensolaris
Sun -- Solaris
Unspecified vulnerability in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allows remote attackers to execute arbitrary code via a crafted SMB packet, a different vulnerability than CVE-2008-0965.
unknown
2008-08-08
10.0CVE-2008-0964
SUNALERT
BID
XF
Sun -- opensolaris
Sun -- Solaris
Unspecified vulnerability in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allows remote attackers to execute arbitrary code via a crafted SMB packet, a different vulnerability than CVE-2008-0964.
unknown
2008-08-08
10.0CVE-2008-0965
SUNALERT
BID
XF
Sun -- opensolaris
Sun -- Solaris
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured; and (2) local users to cause a denial of service (panic) via a call to sendfilev or sendfile.
unknown
2008-08-13
7.1CVE-2008-3666
SUNALERT
BID
syzygycms -- syzygycmsDirectory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
unknown
2008-08-11
7.5CVE-2008-3593
MILW0RM
Tibco -- Runtime Agent
Tibco -- mainframe_service_tracker
Tibco -- Hawk
Tibco -- iprocess_engine
Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message.
unknown
2008-08-13
10.0CVE-2008-3338
OTHER-REF
TikiWiki -- tikiki_cms_groupwareMultiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.
unknown
2008-08-12
10.0CVE-2008-3653
OTHER-REF
TikiWiki -- tikiki_cms_groupwareUnspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.
unknown
2008-08-12
7.8CVE-2008-3654
OTHER-REF
OTHER-REF
txtsql -- txtsqlPHP remote file inclusion vulnerability in examples/txtSQLAdmin/startup.php in txtSQL 2.2 Final allows remote attackers to execute arbitrary PHP code via a URL in the CFG[txtsql][class] parameter.
unknown
2008-08-12
9.3CVE-2008-3595
MILW0RM
BID
Vacation Rentals -- Vacation Rental ScriptSQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections action.
unknown
2008-08-12
7.5CVE-2008-3603
MILW0RM
BID
Xerox -- phaserThe Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900.
unknown
2008-08-10
7.8CVE-2008-3571
MILW0RM
BID
zeescripts -- zeebuddySQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
unknown
2008-08-12
7.5CVE-2008-3604
MILW0RM
BID
XF
zeescripts -- zeereviewsSQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
unknown
2008-08-13
7.5CVE-2008-3669
MILW0RM
BID
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Acronis -- true_image_echo_serverAcronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-08-13
5.0CVE-2008-3671
BID
Adobe -- presenterMultiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516.
unknown
2008-08-12
4.3CVE-2008-3515
Adobe -- presenterMultiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3515.
unknown
2008-08-12
4.3CVE-2008-3516
Apache Friends -- XAMPPMultiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php.
unknown
2008-08-10
4.3CVE-2008-3569
BUGTRAQ
BID
Apache Software Foundation -- TomcatDirectory traversal vulnerability in Apache Tomcat 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370.
unknown
2008-08-12
4.3CVE-2008-2938
MILW0RM
BID
articlefriendly -- article_friendlySQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter.
unknown
2008-08-12
6.8CVE-2008-3649
MILW0RM
BID
articlefriendly -- article_friendlySQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter.
unknown
2008-08-13
6.8CVE-2008-3670
MILW0RM
BID
Computer Associates -- Internet Security Suite
Computer Associates -- personal_firewall
Computer Associates -- host_based_intrusion_prevention_system
Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related to "insufficient validation."
unknown
2008-08-12
5.0CVE-2008-3174
OTHER-REF
BID
Damian Hickey -- freewayCross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway before 1.4.2.197 allows remote attackers to inject arbitrary web script or HTML via the URL.
unknown
2008-08-14
4.3CVE-2008-3678
OTHER-REF
Flagship Industries -- VentriloThe decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet to TCP port 3784.
unknown
2008-08-14
5.0CVE-2008-3680
BUGTRAQ
OTHER-REF
OTHER-REF
BID
gelatocms -- gelatocmsDirectory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) full pathname in the img parameter. NOTE: some of these details are obtained from third party information.
unknown
2008-08-14
5.0CVE-2008-3675
MILW0RM
harmoni -- harmoniCross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allows remote attackers to inject arbitrary web script or HTML via the Username field, which is inserted into logs that could be rendered when viewed by an administrator.
unknown
2008-08-12
4.3CVE-2008-3596
OTHER-REF
BID
havp -- havp
havp -- http_antivirus_proxy
sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable.
unknown
2008-08-14
4.3CVE-2008-3688
OTHER-REF
hMailServer -- hMailServerUnspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands.
unknown
2008-08-14
4.3CVE-2008-3676
BUGTRAQ
HP -- Linux Imaging and Printing ProjectThe hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207.
unknown
2008-08-14
4.9CVE-2008-2941
REDHAT
SECTRACK
iDevspot -- PhpLinkExchangeMultiple cross-site scripting (XSS) vulnerabilities in index.php in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a (1) user_add, (2) recip, (3) tellafriend, or (4) contact action, or (5) in a request without an action; or (6) the id parameter in a tellafriend action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-08-14
4.3CVE-2008-3679
OTHER-REF
BID
XF
Linux -- KernelThe (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 does not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.
unknown
2008-08-12
4.9CVE-2008-3275
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
BID
Linux -- ipsec_tools_racoon_daemonMemory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.
unknown
2008-08-12
4.0CVE-2008-3651
MLIST
OTHER-REF
Linux -- KernelThe rt6_fill_node function in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference.
unknown
2008-08-14
4.9CVE-2008-3686
MLIST
MLIST
Marcello Brandao -- yogurt_social_network_moduleMultiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap.
unknown
2008-08-13
4.3CVE-2008-3668
OTHER-REF
BID
BID
XF
XF
Maxthon -- maxthon_browserStack-based buffer overflow in Maxthon Browser 2.0 and earlier allows remote attackers to execute arbitrary code via a long Content-type HTTP header.
unknown
2008-08-13
6.8CVE-2008-3667
OTHER-REF
BID
XF
McAfee -- encrypted_usb_managerUnspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, when the Re-use Threshold for passwords is nonzero, allows remote attackers to conduct offline brute force attacks via unknown vectors.
unknown
2008-08-12
6.8CVE-2008-3605
Menalto -- GalleryDirectory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action.
unknown
2008-08-12
6.8CVE-2008-3600
BUGTRAQ
MILW0RM
OTHER-REF
Microsoft -- office_powerpoint
Microsoft -- office_powerpoint_viewer
Microsoft -- Office
Microsoft -- compatibility_pack_word_excel_powerpoint
A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka "Parsing Overflow Vulnerability."
unknown
2008-08-12
6.8CVE-2008-1455
Microsoft -- OfficeMicrosoft Office Excel 2007 Gold and SP1, does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
unknown
2008-08-12
6.6CVE-2008-3003
mozilo -- mozilocmsDirectory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.
unknown
2008-08-11
4.3CVE-2008-3589
MILW0RM
BID
needscripts -- homes_4_saleCross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter.
unknown
2008-08-11
4.3CVE-2008-3587
BUGTRAQ
BID
noticeware -- email_serverThe IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via multiple long LOGIN commands.
unknown
2008-08-12
5.0CVE-2008-3607
BUGTRAQ
BID
openfreeway -- FreewayDirectory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors.
unknown
2008-08-14
6.8CVE-2008-3677
OTHER-REF
OpenTTD -- OpenTTDBuffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttd_main function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments.
unknown
2008-08-10
4.6CVE-2008-3577
OTHER-REF
BID
PHP -- PHPBuffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.
unknown
2008-08-14
6.4CVE-2008-3659
OTHER-REF
OTHER-REF
MLIST
MLIST
MLIST
MLIST
PHP -- PHPPHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.
unknown
2008-08-14
5.0CVE-2008-3660
OTHER-REF
MLIST
MLIST
Pidgin -- PidginThe NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
unknown
2008-08-08
6.8CVE-2008-3532
OTHER-REF
OTHER-REF
OTHER-REF
Powergap -- shopsystemSQL injection vulnerability in s03.php in Powergap Shopsystem, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the ag parameter.
unknown
2008-08-10
6.8CVE-2008-3561
OTHER-REF
BID
Qbik -- WinGateHeap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information.
unknown
2008-08-12
6.5CVE-2008-3606
BUGTRAQ
BID
SECTRACK
Red Hat -- Network Satellite Servermanzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.
unknown
2008-08-14
6.4CVE-2008-2369
REDHAT
BID
SECTRACK
ruby-lang -- RubyThe regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
unknown
2008-08-14
5.0CVE-2008-3443
MILW0RM
ruby-lang -- RubyRuby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.
unknown
2008-08-12
6.4CVE-2008-3655
OTHER-REF
OTHER-REF
Skulltag Team -- SkulltagSkulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game.
unknown
2008-08-12
5.0CVE-2008-3597
OTHER-REF
XF
Sun -- Java System Web Proxy ServerUnspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service (failure to accept connections) via unknown vectors, probably related to exhaustion of file descriptors.
unknown
2008-08-14
5.0CVE-2008-3683
VMWare -- VirtualCenterUnspecified vulnerability in VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 allows attackers to determine valid user names via an "attempt to assign permissions to other system users."
unknown
2008-08-13
5.0CVE-2008-3514
BUGTRAQ
BID
Xen -- Xen
Xen -- xen_flask_module
Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall.
unknown
2008-08-14
6.8CVE-2008-3687
OTHER-REF
OTHER-REF
ypninc -- php_realtySQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter.
unknown
2008-08-14
6.8CVE-2008-3682
OTHER-REF
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
amaroK -- AmarokThe MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.
unknown
2008-08-14
1.9CVE-2008-3699
OTHER-REF
OTHER-REF
OTHER-REF
Pluck -- PluckMultiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php.
unknown
2008-08-10
2.6CVE-2008-3574
BUGTRAQ

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top