U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB08-350)

Vulnerability Summary for the Week of December 8, 2008

Original release date: December 15, 2008

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities
Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- itunes
apple -- quicktime
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow." 2008-12-10 9.3 CVE-2008-5406
XF
BID
MILW0RM
asterisk -- zaptel
Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZT_SPANCONFIG ioctl. 2008-12-08 7.2 CVE-2008-5396
MLIST
CONFIRM
CONFIRM
bandsitecms -- bandsite_cms
BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true. 2008-12-12 7.5 CVE-2008-5497
XF
BID
MILW0RM
bitdefender -- antivirus
bitdefender -- bitdefender
bullguard -- internet_security
software602 -- groupware_server
Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information. 2008-12-10 9.3 CVE-2008-5409
BID
SECUNIA
SECUNIA
SECUNIA
OSVDB
OSVDB
MISC
MILW0RM
ca -- arcserve_backup
The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows does not properly verify client data, which allows remote attackers to execute arbitrary code via unspecified vectors. 2008-12-11 10.0 CVE-2008-5415
CONFIRM
cerulean_studios -- trillian
cerulean_studios -- trillian_pro
ceruleanstudios -- trillian
ceruleanstudios -- trillian_pro
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." 2008-12-10 10.0 CVE-2008-5401
FRSIRT
cerulean_studios -- trillian
cerulean_studios -- trillian_pro
ceruleanstudios -- trillian
ceruleanstudios -- trillian_pro
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." 2008-12-10 10.0 CVE-2008-5402
XF
MISC
SECTRACK
BID
BUGTRAQ
FRSIRT
SECUNIA
MISC
cerulean_studios -- trillian
cerulean_studios -- trillian_pro
ceruleanstudios -- trillian
ceruleanstudios -- trillian_pro
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. 2008-12-10 10.0 CVE-2008-5403
FRSIRT
cisco -- wvc54gc
The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network. 2008-12-08 10.0 CVE-2008-4390
CERT-VN
cisco -- wvc54gc
Stack-based buffer overflow in the SetSource method in the NetCamPlayerWeb11gv2 ActiveX control in NetCamPlayerWeb11gv2.ocx on the Cisco Linksys WVC54GC wireless video camera before firmware 1.25 allows remote attackers to execute arbitrary code via long invalid arguments. 2008-12-08 9.3 CVE-2008-4391
CERT-VN
clip-share -- clipshare
SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter. 2008-12-12 7.5 CVE-2008-5489
BID
MILW0RM
FRSIRT
debian -- shadow
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. 2008-12-08 7.2 CVE-2008-5394
XF
BUGTRAQ
MILW0RM
CONFIRM
CONFIRM
CONFIRM
digitalgreys -- com_contactinfo
SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. 2008-12-12 7.5 CVE-2008-5494
XF
BID
MILW0RM
FRSIRT
e-topbiz -- domain_shop
SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 allows remote attackers to execute arbitrary SQL commands via the passfromform parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2008-12-12 7.5 CVE-2008-5488
XF
BID
FRSIRT
emc -- control_center
Stack-based buffer overflow in SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center 5.2 SP5 and 6.0 allows remote attackers to execute arbitrary code via multiple SST_CTGTRANS requests. 2008-12-10 10.0 CVE-2008-5419
MISC
SECTRACK
BID
BUGTRAQ
FRSIRT
SECUNIA
OSVDB
emc -- control_center
The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files. 2008-12-10 7.8 CVE-2008-5420
XF
MISC
SECTRACK
BID
BUGTRAQ
FRSIRT
SECUNIA
OSVDB
ffdshow-tryout -- ffdshow
Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) before SVN revision 2347 allows remote attackers to execute arbitrary code via a long URL. 2008-12-08 9.3 CVE-2008-5381
BUGTRAQ
FRSIRT
MISC
SECUNIA
SECUNIA
grid2000 -- flexcell_grid_control
Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the HttpDownloadFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2008-12-10 10.0 CVE-2008-5404
BID
SECUNIA
gungho -- loadprgax_control
Unspecified vulnerability in the GungHo LoadPrgAx ActiveX control 1.0.0.6 and earlier allows remote attackers to execute arbitrary Java applications via unknown vectors. 2008-12-12 9.3 CVE-2008-5495
BID
SECUNIA
JVNDB
JVN
CONFIRM
hp -- hp-ux
Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors. 2008-12-11 7.8 CVE-2008-4418
BID
SECTRACK
HP
HP
ibm -- websphere_application_server
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. 2008-12-09 10.0 CVE-2008-5412
CONFIRM
SECUNIA
ibm -- websphere_application_server
Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken." 2008-12-09 10.0 CVE-2008-5414
CONFIRM
SECUNIA
microsoft -- windows_2000
microsoft -- windows_2003_server
microsoft -- windows_server_2003
microsoft -- windows_server_2008
microsoft -- windows_vista
microsoft -- windows_xp
Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." 2008-12-10 9.3 CVE-2008-2249
MS
microsoft -- windows_media_format_runtime
microsoft -- windows_media_player
microsoft -- windows_media_services
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." 2008-12-10 10.0 CVE-2008-3009
MS
microsoft -- windows_media_player
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." 2008-12-10 10.0 CVE-2008-3010
MS
microsoft -- windows_2000
microsoft -- windows_2003_server
microsoft -- windows_server_2003
microsoft -- windows_server_2008
microsoft -- windows_vista
microsoft -- windows_xp
Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." 2008-12-10 9.3 CVE-2008-3465
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_outlook
microsoft -- office_word
microsoft -- office_word_viewer
microsoft -- open_xml_file_format_converter
microsoft -- works
Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed record, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." 2008-12-10 9.3 CVE-2008-4024
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_outlook
microsoft -- office_word
microsoft -- office_word_viewer
microsoft -- open_xml_file_format_converter
microsoft -- works
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed control word in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability." 2008-12-10 9.3 CVE-2008-4025
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_outlook
microsoft -- office_word
microsoft -- office_word_viewer
microsoft -- open_xml_file_format_converter
microsoft -- works
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." 2008-12-10 9.3 CVE-2008-4026
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_outlook
microsoft -- office_word
microsoft -- office_word_viewer
microsoft -- open_xml_file_format_converter
microsoft -- works
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via malformed control words in (1) an RTF file or (2) a rich text e-mail message, which triggers a "memory calculation error" and memory corruption, aka "Word RTF Object Parsing Vulnerability." 2008-12-10 9.3 CVE-2008-4027
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_outlook
microsoft -- office_word
microsoft -- office_word_viewer
microsoft -- open_xml_file_format_converter
microsoft -- works
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030. 2008-12-10 9.3 CVE-2008-4028
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_outlook
microsoft -- office_word
microsoft -- office_word_viewer
microsoft -- open_xml_file_format_converter
microsoft -- works
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028. 2008-12-10 9.3 CVE-2008-4030
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_outlook
microsoft -- office_word
microsoft -- office_word_viewer
microsoft -- open_xml_file_format_converter
microsoft -- works
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability." 2008-12-10 9.3 CVE-2008-4031
MS
microsoft -- office_sharepoint_server
microsoft -- search_server
Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." 2008-12-10 7.5 CVE-2008-4032
MS
microsoft -- office_frontpage
microsoft -- project
microsoft -- visual_basic
microsoft -- visual_foxpro
microsoft -- visual_studio_.net
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability." 2008-12-10 8.5 CVE-2008-4252
MS
microsoft -- office_frontpage
microsoft -- project
microsoft -- visual_basic
microsoft -- visual_foxpro
microsoft -- visual_studio_.net
The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability." 2008-12-10 8.5 CVE-2008-4253
MS
microsoft -- office_frontpage
microsoft -- project
microsoft -- visual_basic
microsoft -- visual_foxpro
microsoft -- visual_studio_.net
The Hierarchical FlexGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability." 2008-12-10 8.5 CVE-2008-4254
MS
microsoft -- office_frontpage
microsoft -- project
microsoft -- visual_basic
microsoft -- visual_foxpro
microsoft -- visual_studio_.net
The Windows Common ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." 2008-12-10 8.5 CVE-2008-4255
MS
microsoft -- office_frontpage
microsoft -- project
microsoft -- visual_basic
microsoft -- visual_foxpro
microsoft -- visual_studio_.net
The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability." 2008-12-10 8.5 CVE-2008-4256
MS
microsoft -- internet_explorer
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability." 2008-12-10 8.5 CVE-2008-4258
MS
microsoft -- internet_explorer
Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "HTML Objects Memory Corruption Vulnerability." 2008-12-10 9.3 CVE-2008-4259
MS
microsoft -- internet_explorer
Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability." 2008-12-10 8.5 CVE-2008-4260
MS
microsoft -- internet_explorer
Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." 2008-12-10 9.3 CVE-2008-4261
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_excel
microsoft -- office_excel_viewer
microsoft -- open_xml_file_format_converter
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability." 2008-12-10 9.3 CVE-2008-4264
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_excel
microsoft -- office_excel_viewer
microsoft -- open_xml_file_format_converter
Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability." 2008-12-10 9.3 CVE-2008-4265
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_excel
microsoft -- office_excel_viewer
microsoft -- open_xml_file_format_converter
Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers stack corruption during the loading of records from this spreadsheet, aka "Excel Global Array Memory Corruption Vulnerability." 2008-12-10 9.3 CVE-2008-4266
MS
microsoft -- windows_server_2008
microsoft -- windows_vista
The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." 2008-12-10 8.5 CVE-2008-4268
MS
microsoft -- windows_server_2008
microsoft -- windows_vista
The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability." 2008-12-10 8.5 CVE-2008-4269
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_outlook
microsoft -- office_word
microsoft -- office_word_viewer
microsoft -- open_xml_file_format_converter
microsoft -- works
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed record value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." 2008-12-10 9.3 CVE-2008-4837
MS
microsoft -- wordpad
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. 2008-12-10 9.3 CVE-2008-4841
BID
BID
MILW0RM
CONFIRM
SECTRACK
SECUNIA
MISC
microsoft -- sql_server
Heap-based buffer overflow in Microsoft SQL Server 2000 8.00.2050, 8.00.2039, and earlier allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of crafted parameters that trigger memory overwrite. 2008-12-10 9.0 CVE-2008-5416
BID
BUGTRAQ
MISC
SECTRACK
SECUNIA
microsoft -- internet_explorer
Use-after-free vulnerability in mshtml.dll in Microsoft Internet Explorer 7 on Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a crafted XML document containing nested SPAN elements, as exploited in the wild in December 2008. 2008-12-11 9.3 CVE-2008-4844
CERT-VN
BID
MISC
MILW0RM
MILW0RM
CONFIRM
MISC
MISC
SECUNIA
MISC
national_instruments -- electronics_workbench
Stack-based buffer overflow in National Instruments Electronics Workbench allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .ewb file. 2008-12-08 9.3 CVE-2008-5383
XF
BID
MILW0RM
oxid -- cain_and_abel
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string. 2008-12-10 9.3 CVE-2008-5405
XF
BID
MILW0RM
MILW0RM
FRSIRT
SECUNIA
CONFIRM
OSVDB
phpstore -- yahoo_answers
SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter. 2008-12-12 7.5 CVE-2008-5490
BID
MILW0RM
FRSIRT
SECUNIA
phpstore -- wholesale
phpstore -- wholesales
SQL injection vulnerability in track.php in PHPStore Wholesales (aka Wholesale) allows remote attackers to execute arbitrary SQL commands via the id parameter. 2008-12-12 7.5 CVE-2008-5493
BID
MILW0RM
FRSIRT
SECUNIA
MISC
pozscripts -- business_directory_script
SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. 2008-12-12 7.5 CVE-2008-5496
XF
BID
MILW0RM
FRSIRT
SECUNIA
OSVDB
privacy-cd -- unbuntu_privacy_remix
UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kernel support for mounting RAID arrays, which might allow remote attackers to bypass intended isolation mechanisms by (1) reading from or (2) writing to these arrays. 2008-12-08 10.0 CVE-2008-5393
CONFIRM
BID
ruby-lang -- ruby
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5 allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656. 2008-12-08 7.8 CVE-2008-4310
CONFIRM
REDHAT
slimcms -- slimcms
SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter. 2008-12-12 7.5 CVE-2008-5491
BID
MILW0RM
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors. 2008-12-05 10.0 CVE-2008-5340
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows "hidden code" to make unauthorized network connections and "hijack HTTP sessions using cookies stored in the browser" via unknown vectors. 2008-12-05 9.0 CVE-2008-5343
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading. 2008-12-05 7.5 CVE-2008-5344
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make unauthorized connections to localhost via unknown vectors. 2008-12-05 7.5 CVE-2008-5345
SUNALERT
SECUNIA
SECUNIA
REDHAT
REDHAT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file. 2008-12-05 7.1 CVE-2008-5346
SUNALERT
sun -- jdk
sun -- jre
Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages. 2008-12-05 7.5 CVE-2008-5347
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors. 2008-12-05 7.1 CVE-2008-5348
SUNALERT
sun -- jdk
sun -- jre
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key. 2008-12-05 7.1 CVE-2008-5349
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. 2008-12-05 7.5 CVE-2008-5351
SUNALERT
sun -- jdk
sun -- jre
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow. 2008-12-05 9.3 CVE-2008-5352
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets and applications to gain privileges via unknown vectors related to "deserializing calendar objects." 2008-12-05 10.0 CVE-2008-5353
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. 2008-12-05 9.3 CVE-2008-5354
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. 2008-12-05 9.3 CVE-2008-5356
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow. 2008-12-05 9.3 CVE-2008-5357
SUNALERT
IDEFENSE
sun -- jdk
sun -- jre
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. 2008-12-05 9.3 CVE-2008-5358
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via unknown vectors related to "image processing code." 2008-12-05 9.3 CVE-2008-5359
SUNALERT
sun -- solaris
The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions. 2008-12-09 7.8 CVE-2008-5410
CONFIRM
CONFIRM
SECUNIA
sun -- ray_server_software
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. 2008-12-11 7.5 CVE-2008-5422
BID
SUNALERT
CONFIRM
symantec -- backup_exec_for_windows_server
Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. 2008-12-10 9.4 CVE-2008-5407
CONFIRM
CONFIRM
SECUNIA
symantec -- backup_exec_for_windows_server
Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2008-5407. 2008-12-10 9.0 CVE-2008-5408
BID
CONFIRM
CONFIRM
tor -- tor
Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process. 2008-12-08 7.2 CVE-2008-5397
BID
tor -- tor
Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream. 2008-12-08 9.3 CVE-2008-5398
BID
CONFIRM
turnkeyforms -- text_link_sales
SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to execute arbitrary SQL commands via the id parameter. 2008-12-12 7.5 CVE-2008-5486
BID
MILW0RM
twiki -- twiki
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable. 2008-12-09 10.0 CVE-2008-5305
BID
CONFIRM
SECTRACK
SECUNIA
verypdf -- verydoc_pdf_viewer
Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these details are obtained from third party information. 2008-12-12 9.3 CVE-2008-5492
BID
MILW0RM
MISC
SECUNIA
vmware -- esx
vmware -- esxi
vmware -- player
vmware -- server
vmware -- vmware_workstation
Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption. 2008-12-08 7.2 CVE-2008-4917
SECUNIA
CONFIRM
Back to top
Medium Vulnerabilities
Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
5e5 -- teamtek_universal_ftp_server
Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a denial of service (daemon crash or hang) via (1) multiple STOR (aka PUT) commands, or an MKD command followed by (2) a '*' argument, (3) a '|' argument, (4) spaces, or (5) a long string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2008-12-11 5.0 CVE-2006-7235
XF
FRSIRT
BID
SECUNIA
5e5 -- teamtek_universal_ftp_server
Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command. 2008-12-11 5.0 CVE-2008-5431
BUGTRAQ
SECUNIA
apple -- cups
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333. 2008-12-08 6.9 CVE-2008-5377
MISC
MLIST
cmus -- cmus
cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file. 2008-12-08 6.9 CVE-2008-5375
MISC
MLIST
crip -- crip
editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file. 2008-12-08 6.9 CVE-2008-5376
MISC
MLIST
eset -- nod32_antivirus
ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. 2008-12-11 4.3 CVE-2008-5425
BUGTRAQ
BUGTRAQ
MISC
freedesktop -- dbus
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. 2008-12-09 4.6 CVE-2008-4311
FEDORA
CONFIRM
CONFIRM
XF
BID
FRSIRT
SECUNIA
SECUNIA
MLIST
CONFIRM
CONFIRM
gpsdrive -- gpsdrive
gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959. 2008-12-08 6.9 CVE-2008-5380
MLIST
i-o_data -- hlf-f160
i-o_data -- hlf-f250
i-o_data -- hlf-f300
i-o_data -- hlf-f320
Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to (1) change a configuration or (2) delete files as an authenticated user via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2008-12-08 6.8 CVE-2008-5382
CONFIRM
SECUNIA
OSVDB
JVN
ibm -- aix
crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor. 2008-12-08 6.9 CVE-2008-5384
AIXAPAR
AIXAPAR
AIXAPAR
ibm -- aix
enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors. 2008-12-08 6.9 CVE-2008-5385
AIXAPAR
AIXAPAR
AIXAPAR
ibm -- aix
Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors. 2008-12-08 6.9 CVE-2008-5386
AIXAPAR
AIXAPAR
AIXAPAR
ibm -- aix
Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors. 2008-12-08 6.2 CVE-2008-5387
AIXAPAR
AIXAPAR
AIXAPAR
ibm -- websphere_application_server
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. 2008-12-09 5.0 CVE-2008-5411
BID
FRSIRT
CONFIRM
SECUNIA
ibm -- websphere_application_server
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. 2008-12-09 5.0 CVE-2008-5413
BID
FRSIRT
CONFIRM
incredimail -- incredimail
Incredimail build 5853710 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. 2008-12-11 4.3 CVE-2008-5429
BUGTRAQ
BUGTRAQ
MISC
jonas_smedegaard -- sdm-terminal
sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sdm.autologin.once temporary file. 2008-12-08 6.9 CVE-2008-5372
MLIST
jose_luis_tallon -- bacula_common
mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995. 2008-12-08 6.9 CVE-2008-5373
MISC
MLIST
justin_roy -- punportal_module
Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. 2008-12-10 5.1 CVE-2008-5418
XF
BID
MILW0RM
kaspersky_lab -- kaspersky_internet_security_suite
Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. 2008-12-11 4.3 CVE-2008-5426
BUGTRAQ
BUGTRAQ
MISC
lehrstuhl_fur_mikrobiologie -- arb
arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file. 2008-12-08 6.9 CVE-2008-5378
MLIST
linux -- kernel
net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table. 2008-12-08 4.9 CVE-2008-5079
BUGTRAQ
SECUNIA
MLIST
linux -- kernel
The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated with an attempt to unwind a stack that contains userspace addresses. 2008-12-08 4.9 CVE-2008-5395
XF
BID
SECUNIA
MLIST
CONFIRM
CONFIRM
lukas_ruf -- muttprint
muttprint in muttprint 0.72d allows local users to overwrite arbitrary files via a symlink attack on the /tmp/muttprint.log temporary file. 2008-12-08 6.9 CVE-2008-5368
MLIST
marc_gloor -- screenie
screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file. 2008-12-08 6.9 CVE-2008-5371
MLIST
marco_d'itri -- ppp
The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file. 2008-12-08 6.9 CVE-2008-5366
MLIST
marco_d'itri -- ppp-udeb
ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file. 2008-12-08 6.9 CVE-2008-5367
MLIST
matthias_klose -- bash-doc
bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts. 2008-12-08 6.9 CVE-2008-5374
MISC
MLIST
microsoft -- outlook_express
The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173. 2008-12-11 4.3 CVE-2008-5424
BID
BUGTRAQ
BUGTRAQ
MISC
moodle -- moodle
Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title). 2008-12-11 4.3 CVE-2008-5432
MLIST
CONFIRM
mvnforum -- mvnforum
Cross-site scripting (XSS) vulnerability in the listonlineusers (aka "Who's online") component in mvnForum before 1.2.1 GA allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. 2008-12-10 4.3 CVE-2008-5399
BID
BUGTRAQ
CONFIRM
MISC
SECUNIA
OSVDB
mvnforum -- mvnforum
Multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum before 1.2.1 GA allow remote attackers to (1) create forums, (2) change account privileges, (3) enable accounts, or (4) disable accounts as a product administrator via unspecified vectors, possibly related to HTTP Referer headers. 2008-12-10 6.8 CVE-2008-5400
CONFIRM
netwin -- smsgate
The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service (hang) via (1) a large integer in the Content-Length HTTP header; (2) an invalid value in the Content-Length HTTP header, as demonstrated by a negative integer; or (3) a missing Content-Length HTTP header. 2008-12-11 5.0 CVE-2008-5421
BID
SECUNIA
MISC
no-ip -- no-ip2
noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file. 2008-12-08 6.9 CVE-2008-5369
MLIST
oliver_gorwits -- netdisco_mibs_installer
netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts. 2008-12-08 6.9 CVE-2008-5379
MLIST
opera -- opera
Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. 2008-12-11 4.3 CVE-2008-5428
BUGTRAQ
BUGTRAQ
MISC
punbb -- punbb
Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field. 2008-12-11 4.3 CVE-2008-5433
MLIST
CONFIRM
CONFIRM
punbb -- punbb
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php. 2008-12-11 6.5 CVE-2008-5434
MLIST
CONFIRM
CONFIRM
CONFIRM
punbb -- punbb
Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject. 2008-12-11 4.3 CVE-2008-5435
MLIST
CONFIRM
pvpgn -- pvpgn
pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file. 2008-12-08 6.9 CVE-2008-5370
MLIST
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors. 2008-12-05 5.0 CVE-2008-5339
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors. 2008-12-05 5.0 CVE-2008-5341
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors. 2008-12-05 5.0 CVE-2008-5342
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors. 2008-12-05 5.0 CVE-2008-5350
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors. 2008-12-05 6.4 CVE-2008-5360
SUNALERT
sun -- ray_server_software
Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector. 2008-12-11 4.3 CVE-2008-5423
SUNALERT
CONFIRM
CONFIRM
symantec -- norton_internet_security
Norton Antivirus in Norton Internet Security 15.5.0.23 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. 2008-12-11 4.3 CVE-2008-5427
BUGTRAQ
BUGTRAQ
MISC
turnkeyforms -- text_link_sales
Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter. 2008-12-12 4.3 CVE-2008-5487
BID
MILW0RM
twiki -- twiki
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable. 2008-12-09 4.3 CVE-2008-5304
CONFIRM
Back to top
Low Vulnerabilities
Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
hp -- decnet_plus_for_openvms
HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services. 2008-12-10 2.1 CVE-2008-5417
SECTRACK
SECUNIA
CONFIRM
Back to top


High Vulnerabilities
Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- itunes
apple -- quicktime
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow." 2008-12-10 9.3 CVE-2008-5406
XF
BID
MILW0RM
asterisk -- zaptel
Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZT_SPANCONFIG ioctl. 2008-12-08 7.2 CVE-2008-5396
MLIST
CONFIRM
CONFIRM
bandsitecms -- bandsite_cms
BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true. 2008-12-12 7.5 CVE-2008-5497
XF
BID
MILW0RM
bitdefender -- antivirus
bitdefender -- bitdefender
bullguard -- internet_security
software602 -- groupware_server
Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information. 2008-12-10 9.3 CVE-2008-5409
BID
SECUNIA
SECUNIA
SECUNIA
OSVDB
OSVDB
MISC
MILW0RM
ca -- arcserve_backup
The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows does not properly verify client data, which allows remote attackers to execute arbitrary code via unspecified vectors. 2008-12-11 10.0 CVE-2008-5415
CONFIRM
cerulean_studios -- trillian
cerulean_studios -- trillian_pro
ceruleanstudios -- trillian
ceruleanstudios -- trillian_pro
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." 2008-12-10 10.0 CVE-2008-5401
FRSIRT
cerulean_studios -- trillian
cerulean_studios -- trillian_pro
ceruleanstudios -- trillian
ceruleanstudios -- trillian_pro
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." 2008-12-10 10.0 CVE-2008-5402
XF
MISC
SECTRACK
BID
BUGTRAQ
FRSIRT
SECUNIA
MISC
cerulean_studios -- trillian
cerulean_studios -- trillian_pro
ceruleanstudios -- trillian
ceruleanstudios -- trillian_pro
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. 2008-12-10 10.0 CVE-2008-5403
FRSIRT
cisco -- wvc54gc
The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network. 2008-12-08 10.0 CVE-2008-4390
CERT-VN
cisco -- wvc54gc
Stack-based buffer overflow in the SetSource method in the NetCamPlayerWeb11gv2 ActiveX control in NetCamPlayerWeb11gv2.ocx on the Cisco Linksys WVC54GC wireless video camera before firmware 1.25 allows remote attackers to execute arbitrary code via long invalid arguments. 2008-12-08 9.3 CVE-2008-4391
CERT-VN
clip-share -- clipshare
SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter. 2008-12-12 7.5 CVE-2008-5489
BID
MILW0RM
FRSIRT
debian -- shadow
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. 2008-12-08 7.2 CVE-2008-5394
XF
BUGTRAQ
MILW0RM
CONFIRM
CONFIRM
CONFIRM
digitalgreys -- com_contactinfo
SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. 2008-12-12 7.5 CVE-2008-5494
XF
BID
MILW0RM
FRSIRT
e-topbiz -- domain_shop
SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 allows remote attackers to execute arbitrary SQL commands via the passfromform parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2008-12-12 7.5 CVE-2008-5488
XF
BID
FRSIRT
emc -- control_center
Stack-based buffer overflow in SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center 5.2 SP5 and 6.0 allows remote attackers to execute arbitrary code via multiple SST_CTGTRANS requests. 2008-12-10 10.0 CVE-2008-5419
MISC
SECTRACK
BID
BUGTRAQ
FRSIRT
SECUNIA
OSVDB
emc -- control_center
The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files. 2008-12-10 7.8 CVE-2008-5420
XF
MISC
SECTRACK
BID
BUGTRAQ
FRSIRT
SECUNIA
OSVDB
ffdshow-tryout -- ffdshow
Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) before SVN revision 2347 allows remote attackers to execute arbitrary code via a long URL. 2008-12-08 9.3 CVE-2008-5381
BUGTRAQ
FRSIRT
MISC
SECUNIA
SECUNIA
grid2000 -- flexcell_grid_control
Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the HttpDownloadFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2008-12-10 10.0 CVE-2008-5404
BID
SECUNIA
gungho -- loadprgax_control
Unspecified vulnerability in the GungHo LoadPrgAx ActiveX control 1.0.0.6 and earlier allows remote attackers to execute arbitrary Java applications via unknown vectors. 2008-12-12 9.3 CVE-2008-5495
BID
SECUNIA
JVNDB
JVN
CONFIRM
hp -- hp-ux
Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors. 2008-12-11 7.8 CVE-2008-4418
BID
SECTRACK
HP
HP
ibm -- websphere_application_server
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. 2008-12-09 10.0 CVE-2008-5412
CONFIRM
SECUNIA
ibm -- websphere_application_server
Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken." 2008-12-09 10.0 CVE-2008-5414
CONFIRM
SECUNIA
microsoft -- windows_2000
microsoft -- windows_2003_server
microsoft -- windows_server_2003
microsoft -- windows_server_2008
microsoft -- windows_vista
microsoft -- windows_xp
Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." 2008-12-10 9.3 CVE-2008-2249
MS
microsoft -- windows_media_format_runtime
microsoft -- windows_media_player
microsoft -- windows_media_services
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." 2008-12-10 10.0 CVE-2008-3009
MS
microsoft -- windows_media_player
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." 2008-12-10 10.0 CVE-2008-3010
MS
microsoft -- windows_2000
microsoft -- windows_2003_server
microsoft -- windows_server_2003
microsoft -- windows_server_2008
microsoft -- windows_vista
microsoft -- windows_xp
Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." 2008-12-10 9.3 CVE-2008-3465
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_outlook
microsoft -- office_word
microsoft -- office_word_viewer
microsoft -- open_xml_file_format_converter
microsoft -- works
Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed record, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." 2008-12-10 9.3 CVE-2008-4024
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_outlook
microsoft -- office_word
microsoft -- office_word_viewer
microsoft -- open_xml_file_format_converter
microsoft -- works
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed control word in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability." 2008-12-10 9.3 CVE-2008-4025
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_outlook
microsoft -- office_word
microsoft -- office_word_viewer
microsoft -- open_xml_file_format_converter
microsoft -- works
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." 2008-12-10 9.3 CVE-2008-4026
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_outlook
microsoft -- office_word
microsoft -- office_word_viewer
microsoft -- open_xml_file_format_converter
microsoft -- works
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via malformed control words in (1) an RTF file or (2) a rich text e-mail message, which triggers a "memory calculation error" and memory corruption, aka "Word RTF Object Parsing Vulnerability." 2008-12-10 9.3 CVE-2008-4027
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_outlook
microsoft -- office_word
microsoft -- office_word_viewer
microsoft -- open_xml_file_format_converter
microsoft -- works
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030. 2008-12-10 9.3 CVE-2008-4028
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_outlook
microsoft -- office_word
microsoft -- office_word_viewer
microsoft -- open_xml_file_format_converter
microsoft -- works
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028. 2008-12-10 9.3 CVE-2008-4030
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_outlook
microsoft -- office_word
microsoft -- office_word_viewer
microsoft -- open_xml_file_format_converter
microsoft -- works
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability." 2008-12-10 9.3 CVE-2008-4031
MS
microsoft -- office_sharepoint_server
microsoft -- search_server
Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." 2008-12-10 7.5 CVE-2008-4032
MS
microsoft -- office_frontpage
microsoft -- project
microsoft -- visual_basic
microsoft -- visual_foxpro
microsoft -- visual_studio_.net
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability." 2008-12-10 8.5 CVE-2008-4252
MS
microsoft -- office_frontpage
microsoft -- project
microsoft -- visual_basic
microsoft -- visual_foxpro
microsoft -- visual_studio_.net
The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability." 2008-12-10 8.5 CVE-2008-4253
MS
microsoft -- office_frontpage
microsoft -- project
microsoft -- visual_basic
microsoft -- visual_foxpro
microsoft -- visual_studio_.net
The Hierarchical FlexGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability." 2008-12-10 8.5 CVE-2008-4254
MS
microsoft -- office_frontpage
microsoft -- project
microsoft -- visual_basic
microsoft -- visual_foxpro
microsoft -- visual_studio_.net
The Windows Common ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." 2008-12-10 8.5 CVE-2008-4255
MS
microsoft -- office_frontpage
microsoft -- project
microsoft -- visual_basic
microsoft -- visual_foxpro
microsoft -- visual_studio_.net
The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability." 2008-12-10 8.5 CVE-2008-4256
MS
microsoft -- internet_explorer
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability." 2008-12-10 8.5 CVE-2008-4258
MS
microsoft -- internet_explorer
Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "HTML Objects Memory Corruption Vulnerability." 2008-12-10 9.3 CVE-2008-4259
MS
microsoft -- internet_explorer
Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability." 2008-12-10 8.5 CVE-2008-4260
MS
microsoft -- internet_explorer
Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." 2008-12-10 9.3 CVE-2008-4261
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_excel
microsoft -- office_excel_viewer
microsoft -- open_xml_file_format_converter
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability." 2008-12-10 9.3 CVE-2008-4264
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_excel
microsoft -- office_excel_viewer
microsoft -- open_xml_file_format_converter
Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability." 2008-12-10 9.3 CVE-2008-4265
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_excel
microsoft -- office_excel_viewer
microsoft -- open_xml_file_format_converter
Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers stack corruption during the loading of records from this spreadsheet, aka "Excel Global Array Memory Corruption Vulnerability." 2008-12-10 9.3 CVE-2008-4266
MS
microsoft -- windows_server_2008
microsoft -- windows_vista
The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." 2008-12-10 8.5 CVE-2008-4268
MS
microsoft -- windows_server_2008
microsoft -- windows_vista
The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability." 2008-12-10 8.5 CVE-2008-4269
MS
microsoft -- office
microsoft -- office_compatibility_pack_for_word_excel_ppt_2007
microsoft -- office_outlook
microsoft -- office_word
microsoft -- office_word_viewer
microsoft -- open_xml_file_format_converter
microsoft -- works
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed record value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." 2008-12-10 9.3 CVE-2008-4837
MS
microsoft -- wordpad
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. 2008-12-10 9.3 CVE-2008-4841
BID
BID
MILW0RM
CONFIRM
SECTRACK
SECUNIA
MISC
microsoft -- sql_server
Heap-based buffer overflow in Microsoft SQL Server 2000 8.00.2050, 8.00.2039, and earlier allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of crafted parameters that trigger memory overwrite. 2008-12-10 9.0 CVE-2008-5416
BID
BUGTRAQ
MISC
SECTRACK
SECUNIA
microsoft -- internet_explorer
Use-after-free vulnerability in mshtml.dll in Microsoft Internet Explorer 7 on Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a crafted XML document containing nested SPAN elements, as exploited in the wild in December 2008. 2008-12-11 9.3 CVE-2008-4844
CERT-VN
BID
MISC
MILW0RM
MILW0RM
CONFIRM
MISC
MISC
SECUNIA
MISC
national_instruments -- electronics_workbench
Stack-based buffer overflow in National Instruments Electronics Workbench allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .ewb file. 2008-12-08 9.3 CVE-2008-5383
XF
BID
MILW0RM
oxid -- cain_and_abel
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string. 2008-12-10 9.3 CVE-2008-5405
XF
BID
MILW0RM
MILW0RM
FRSIRT
SECUNIA
CONFIRM
OSVDB
phpstore -- yahoo_answers
SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter. 2008-12-12 7.5 CVE-2008-5490
BID
MILW0RM
FRSIRT
SECUNIA
phpstore -- wholesale
phpstore -- wholesales
SQL injection vulnerability in track.php in PHPStore Wholesales (aka Wholesale) allows remote attackers to execute arbitrary SQL commands via the id parameter. 2008-12-12 7.5 CVE-2008-5493
BID
MILW0RM
FRSIRT
SECUNIA
MISC
pozscripts -- business_directory_script
SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. 2008-12-12 7.5 CVE-2008-5496
XF
BID
MILW0RM
FRSIRT
SECUNIA
OSVDB
privacy-cd -- unbuntu_privacy_remix
UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kernel support for mounting RAID arrays, which might allow remote attackers to bypass intended isolation mechanisms by (1) reading from or (2) writing to these arrays. 2008-12-08 10.0 CVE-2008-5393
CONFIRM
BID
ruby-lang -- ruby
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5 allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656. 2008-12-08 7.8 CVE-2008-4310
CONFIRM
REDHAT
slimcms -- slimcms
SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter. 2008-12-12 7.5 CVE-2008-5491
BID
MILW0RM
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors. 2008-12-05 10.0 CVE-2008-5340
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows "hidden code" to make unauthorized network connections and "hijack HTTP sessions using cookies stored in the browser" via unknown vectors. 2008-12-05 9.0 CVE-2008-5343
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading. 2008-12-05 7.5 CVE-2008-5344
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make unauthorized connections to localhost via unknown vectors. 2008-12-05 7.5 CVE-2008-5345
SUNALERT
SECUNIA
SECUNIA
REDHAT
REDHAT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file. 2008-12-05 7.1 CVE-2008-5346
SUNALERT
sun -- jdk
sun -- jre
Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages. 2008-12-05 7.5 CVE-2008-5347
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors. 2008-12-05 7.1 CVE-2008-5348
SUNALERT
sun -- jdk
sun -- jre
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key. 2008-12-05 7.1 CVE-2008-5349
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. 2008-12-05 7.5 CVE-2008-5351
SUNALERT
sun -- jdk
sun -- jre
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow. 2008-12-05 9.3 CVE-2008-5352
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets and applications to gain privileges via unknown vectors related to "deserializing calendar objects." 2008-12-05 10.0 CVE-2008-5353
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. 2008-12-05 9.3 CVE-2008-5354
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. 2008-12-05 9.3 CVE-2008-5356
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow. 2008-12-05 9.3 CVE-2008-5357
SUNALERT
IDEFENSE
sun -- jdk
sun -- jre
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. 2008-12-05 9.3 CVE-2008-5358
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via unknown vectors related to "image processing code." 2008-12-05 9.3 CVE-2008-5359
SUNALERT
sun -- solaris
The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions. 2008-12-09 7.8 CVE-2008-5410
CONFIRM
CONFIRM
SECUNIA
sun -- ray_server_software
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. 2008-12-11 7.5 CVE-2008-5422
BID
SUNALERT
CONFIRM
symantec -- backup_exec_for_windows_server
Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. 2008-12-10 9.4 CVE-2008-5407
CONFIRM
CONFIRM
SECUNIA
symantec -- backup_exec_for_windows_server
Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2008-5407. 2008-12-10 9.0 CVE-2008-5408
BID
CONFIRM
CONFIRM
tor -- tor
Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process. 2008-12-08 7.2 CVE-2008-5397
BID
tor -- tor
Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream. 2008-12-08 9.3 CVE-2008-5398
BID
CONFIRM
turnkeyforms -- text_link_sales
SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to execute arbitrary SQL commands via the id parameter. 2008-12-12 7.5 CVE-2008-5486
BID
MILW0RM
twiki -- twiki
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable. 2008-12-09 10.0 CVE-2008-5305
BID
CONFIRM
SECTRACK
SECUNIA
verypdf -- verydoc_pdf_viewer
Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these details are obtained from third party information. 2008-12-12 9.3 CVE-2008-5492
BID
MILW0RM
MISC
SECUNIA
vmware -- esx
vmware -- esxi
vmware -- player
vmware -- server
vmware -- vmware_workstation
Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption. 2008-12-08 7.2 CVE-2008-4917
SECUNIA
CONFIRM
Back to top
Medium Vulnerabilities
Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
5e5 -- teamtek_universal_ftp_server
Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a denial of service (daemon crash or hang) via (1) multiple STOR (aka PUT) commands, or an MKD command followed by (2) a '*' argument, (3) a '|' argument, (4) spaces, or (5) a long string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2008-12-11 5.0 CVE-2006-7235
XF
FRSIRT
BID
SECUNIA
5e5 -- teamtek_universal_ftp_server
Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command. 2008-12-11 5.0 CVE-2008-5431
BUGTRAQ
SECUNIA
apple -- cups
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333. 2008-12-08 6.9 CVE-2008-5377
MISC
MLIST
cmus -- cmus
cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file. 2008-12-08 6.9 CVE-2008-5375
MISC
MLIST
crip -- crip
editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file. 2008-12-08 6.9 CVE-2008-5376
MISC
MLIST
eset -- nod32_antivirus
ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. 2008-12-11 4.3 CVE-2008-5425
BUGTRAQ
BUGTRAQ
MISC
freedesktop -- dbus
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. 2008-12-09 4.6 CVE-2008-4311
FEDORA
CONFIRM
CONFIRM
XF
BID
FRSIRT
SECUNIA
SECUNIA
MLIST
CONFIRM
CONFIRM
gpsdrive -- gpsdrive
gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959. 2008-12-08 6.9 CVE-2008-5380
MLIST
i-o_data -- hlf-f160
i-o_data -- hlf-f250
i-o_data -- hlf-f300
i-o_data -- hlf-f320
Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to (1) change a configuration or (2) delete files as an authenticated user via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2008-12-08 6.8 CVE-2008-5382
CONFIRM
SECUNIA
OSVDB
JVN
ibm -- aix
crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor. 2008-12-08 6.9 CVE-2008-5384
AIXAPAR
AIXAPAR
AIXAPAR
ibm -- aix
enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors. 2008-12-08 6.9 CVE-2008-5385
AIXAPAR
AIXAPAR
AIXAPAR
ibm -- aix
Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors. 2008-12-08 6.9 CVE-2008-5386
AIXAPAR
AIXAPAR
AIXAPAR
ibm -- aix
Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors. 2008-12-08 6.2 CVE-2008-5387
AIXAPAR
AIXAPAR
AIXAPAR
ibm -- websphere_application_server
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. 2008-12-09 5.0 CVE-2008-5411
BID
FRSIRT
CONFIRM
SECUNIA
ibm -- websphere_application_server
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. 2008-12-09 5.0 CVE-2008-5413
BID
FRSIRT
CONFIRM
incredimail -- incredimail
Incredimail build 5853710 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. 2008-12-11 4.3 CVE-2008-5429
BUGTRAQ
BUGTRAQ
MISC
jonas_smedegaard -- sdm-terminal
sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sdm.autologin.once temporary file. 2008-12-08 6.9 CVE-2008-5372
MLIST
jose_luis_tallon -- bacula_common
mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995. 2008-12-08 6.9 CVE-2008-5373
MISC
MLIST
justin_roy -- punportal_module
Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. 2008-12-10 5.1 CVE-2008-5418
XF
BID
MILW0RM
kaspersky_lab -- kaspersky_internet_security_suite
Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. 2008-12-11 4.3 CVE-2008-5426
BUGTRAQ
BUGTRAQ
MISC
lehrstuhl_fur_mikrobiologie -- arb
arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file. 2008-12-08 6.9 CVE-2008-5378
MLIST
linux -- kernel
net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table. 2008-12-08 4.9 CVE-2008-5079
BUGTRAQ
SECUNIA
MLIST
linux -- kernel
The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated with an attempt to unwind a stack that contains userspace addresses. 2008-12-08 4.9 CVE-2008-5395
XF
BID
SECUNIA
MLIST
CONFIRM
CONFIRM
lukas_ruf -- muttprint
muttprint in muttprint 0.72d allows local users to overwrite arbitrary files via a symlink attack on the /tmp/muttprint.log temporary file. 2008-12-08 6.9 CVE-2008-5368
MLIST
marc_gloor -- screenie
screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file. 2008-12-08 6.9 CVE-2008-5371
MLIST
marco_d'itri -- ppp
The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file. 2008-12-08 6.9 CVE-2008-5366
MLIST
marco_d'itri -- ppp-udeb
ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file. 2008-12-08 6.9 CVE-2008-5367
MLIST
matthias_klose -- bash-doc
bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts. 2008-12-08 6.9 CVE-2008-5374
MISC
MLIST
microsoft -- outlook_express
The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173. 2008-12-11 4.3 CVE-2008-5424
BID
BUGTRAQ
BUGTRAQ
MISC
moodle -- moodle
Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title). 2008-12-11 4.3 CVE-2008-5432
MLIST
CONFIRM
mvnforum -- mvnforum
Cross-site scripting (XSS) vulnerability in the listonlineusers (aka "Who's online") component in mvnForum before 1.2.1 GA allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. 2008-12-10 4.3 CVE-2008-5399
BID
BUGTRAQ
CONFIRM
MISC
SECUNIA
OSVDB
mvnforum -- mvnforum
Multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum before 1.2.1 GA allow remote attackers to (1) create forums, (2) change account privileges, (3) enable accounts, or (4) disable accounts as a product administrator via unspecified vectors, possibly related to HTTP Referer headers. 2008-12-10 6.8 CVE-2008-5400
CONFIRM
netwin -- smsgate
The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service (hang) via (1) a large integer in the Content-Length HTTP header; (2) an invalid value in the Content-Length HTTP header, as demonstrated by a negative integer; or (3) a missing Content-Length HTTP header. 2008-12-11 5.0 CVE-2008-5421
BID
SECUNIA
MISC
no-ip -- no-ip2
noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file. 2008-12-08 6.9 CVE-2008-5369
MLIST
oliver_gorwits -- netdisco_mibs_installer
netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts. 2008-12-08 6.9 CVE-2008-5379
MLIST
opera -- opera
Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. 2008-12-11 4.3 CVE-2008-5428
BUGTRAQ
BUGTRAQ
MISC
punbb -- punbb
Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field. 2008-12-11 4.3 CVE-2008-5433
MLIST
CONFIRM
CONFIRM
punbb -- punbb
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php. 2008-12-11 6.5 CVE-2008-5434
MLIST
CONFIRM
CONFIRM
CONFIRM
punbb -- punbb
Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject. 2008-12-11 4.3 CVE-2008-5435
MLIST
CONFIRM
pvpgn -- pvpgn
pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file. 2008-12-08 6.9 CVE-2008-5370
MLIST
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors. 2008-12-05 5.0 CVE-2008-5339
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors. 2008-12-05 5.0 CVE-2008-5341
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors. 2008-12-05 5.0 CVE-2008-5342
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors. 2008-12-05 5.0 CVE-2008-5350
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors. 2008-12-05 6.4 CVE-2008-5360
SUNALERT
sun -- ray_server_software
Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector. 2008-12-11 4.3 CVE-2008-5423
SUNALERT
CONFIRM
CONFIRM
symantec -- norton_internet_security
Norton Antivirus in Norton Internet Security 15.5.0.23 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. 2008-12-11 4.3 CVE-2008-5427
BUGTRAQ
BUGTRAQ
MISC
turnkeyforms -- text_link_sales
Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter. 2008-12-12 4.3 CVE-2008-5487
BID
MILW0RM
twiki -- twiki
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable. 2008-12-09 4.3 CVE-2008-5304
CONFIRM
Back to top
Low Vulnerabilities
Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
hp -- decnet_plus_for_openvms
HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services. 2008-12-10 2.1 CVE-2008-5417
SECTRACK
SECUNIA
CONFIRM
Back to top


Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top