Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB08-056 archive

Vulnerability Summary for the Week of February 18, 2008

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apache Software Foundation -- mod_jk
F5 -- BIG-IP
Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
unknown
2008-02-18
7.5CVE-2007-6258
BUGTRAQ
OTHER-REF
CERT-VN
BID
FRSIRT
Apple -- iPhoto
The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043.
unknown
2008-02-19
7.5CVE-2008-0830
MILW0RM
BID
aStats -- astatsPRO
Joomla -- com_astatspro
SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-02-20
7.5CVE-2008-0839
MILW0RM
auraCMS -- AuraCMS
Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php.
unknown
2008-02-18
7.5CVE-2008-0811
MILW0RM
BEA Systems -- WebLogic Portal
BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.
unknown
2008-02-20
7.5CVE-2008-0870
BEA
Caroline -- Caroline
Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors.
unknown
2008-02-19
10.0CVE-2008-0824
OTHER-REF
SECUNIA
Caroline -- Caroline
SQL injection vulnerability in Claroline before 1.8.9 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2008-02-19
7.5CVE-2008-0825
OTHER-REF
SECUNIA
com_sg -- com_sg
SQL injection vulnerability in the com_sg component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the pid parameter in an order task.
unknown
2008-02-18
7.5CVE-2008-0816
BUGTRAQ
BID
Dokeos -- Dokeos
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php.
unknown
2008-02-20
7.5CVE-2008-0850
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
Drupal -- Header image
Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors.
unknown
2008-02-19
10.0CVE-2008-0823
OTHER-REF
BID
FRSIRT
SECUNIA
XF
e-Vision -- e-Vision CMS
Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-02-20
7.5CVE-2008-0856
BID
EMC -- Replistor
Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and possibly earlier versions, allow remote attackers to execute arbitrary code via crafted compressed data.
unknown
2008-02-20
7.8CVE-2007-6426
IDEFENSE
freePHPgallery -- freePHPgallery
Multiple directory traversal vulnerabilities in freePHPgallery 0.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie to (1) comment.php, (2) index.php, and (3) show.php.
unknown
2008-02-19
7.5CVE-2008-0818
MILW0RM
OTHER-REF
BID
SECUNIA
jlmZone -- Classifieds
SQL injection vulnerability in index.php in the jlmZone Classifieds module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in an Adsview action.
unknown
2008-02-21
7.5CVE-2008-0873
BUGTRAQ
MILW0RM
BID
Joomla -- com_scheduling Component
Mambo -- com_scheduling Component
SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-02-18
7.5CVE-2008-0810
BUGTRAQ
BID
Joomla -- com_mezun
Egitimhost -- com_mezun
SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task.
unknown
2008-02-18
7.5CVE-2008-0815
BUGTRAQ
BID
XF
Joomla -- Rapid Recipe
Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidrecipe) 1.6.5 and earlier component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) user_id or (2) category_id parameter. NOTE: this might overlap CVE-2008-0754.
unknown
2008-02-20
7.5CVE-2008-0831
MILW0RM
Joomla -- Kemas Antonius com_quran
Mambo -- Kemas Antonius com_quran
SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action.
unknown
2008-02-20
7.5CVE-2008-0832
MILW0RM
Joomla -- com_galeria
SQL injection vulnerability in index.php in the com_galeria component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
unknown
2008-02-20
7.5CVE-2008-0833
MILW0RM
Joomla -- com_clasifier
SQL injection vulnerability in index.php in the Classifier (com_clasifier) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
unknown
2008-02-20
7.5CVE-2008-0842
MILW0RM
Joomla -- com_pccookbook
SQL injection vulnerability in index.php in the PccookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
unknown
2008-02-20
7.5CVE-2008-0844
MILW0RM
Joomla -- com_downloads
Mambo -- com_downloads
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652.
unknown
2008-02-20
7.5CVE-2008-0849
BUGTRAQ
BID
XF
Joomla -- com_detail
Mambo -- com_detail
SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
unknown
2008-02-20
7.5CVE-2008-0853
BUGTRAQ
BID
Joomla -- com_salesrep
Mambo -- com_salesrep
SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php.
unknown
2008-02-20
7.5CVE-2008-0854
BUGTRAQ
BID
XF
Joomlapixel -- Jooget
Mambo -- Mambo
Joomla -- Joomla
SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.
unknown
2008-02-19
7.5CVE-2008-0829
MILW0RM
OTHER-REF
OTHER-REF
BID
SECUNIA
Kerio -- Kerio MailServer
VisNetic -- VisNetic AntiVirus Plug-in for Mail Server
Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2008-02-20
7.5CVE-2008-0858
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Kerio -- AVG Plugin
Kerio -- Kerio MailServer
Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vectors related to null DACLs.
unknown
2008-02-20
10.0CVE-2008-0860
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Lyris -- List Manager
Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitrary mailing lists via unknown vectors related to modification of client-side information; and (3) allow remote authenticated administrators to modify other account data by creating "new accounts that collide with existing accounts."
unknown
2008-02-19
10.0CVE-2007-6319
BUGTRAQ
BID
Mambo -- com_filebase Component
Joomla -- com_filebase Component
SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.
unknown
2008-02-18
7.5CVE-2008-0817
BUGTRAQ
BID
Mambo -- com_ricette component
Joomla -- com_ricette component
SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-02-20
7.5CVE-2008-0841
MILW0RM
BID
Mambo -- com_profile
Joomla -- com_profile
SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter.
unknown
2008-02-20
7.5CVE-2008-0846
BUGTRAQ
BID
Mambo -- com_facileforms
Joomla -- com_facileforms
SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
unknown
2008-02-20
7.5CVE-2008-0855
BUGTRAQ
MySQL -- MySQL Community Server
MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.
unknown
2008-02-18
7.8CVE-2007-6313
OTHER-REF
OpenCA -- OpenCA PKI
Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, and possibly earlier versions, allows remote attackers to perform unauthorized actions as authorized users via a link or IMG tag to RAServer.
unknown
2008-02-18
7.5CVE-2008-0556
FULLDISC
OTHER-REF
SECUNIA
XF
OSI Codes Inc. -- PHPLive
SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action.
unknown
2008-02-19
7.5CVE-2008-0821
MILW0RM
BID
PCRE -- PCRE
Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.
unknown
2008-02-18
7.5CVE-2008-0674
OTHER-REF
OTHER-REF
FRSIRT
PHPNuke -- Book
SQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
unknown
2008-02-19
7.5CVE-2008-0827
MILW0RM
BID
PHPNuke -- Web_Links Module
SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.
unknown
2008-02-21
7.5CVE-2008-0879
BUGTRAQ
BID
PHPNuke -- EasyContent Module
SQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
unknown
2008-02-21
7.5CVE-2008-0880
MILW0RM
BID
PHPNuke -- Okul Module
SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action.
unknown
2008-02-21
7.5CVE-2008-0881
MILW0RM
Reality -- Medias PHPizabi
Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures.
unknown
2008-02-18
9.3CVE-2008-0805
MILW0RM
BID
FRSIRT
RunCMS -- MyAnnonces
SQL injection vulnerability in index.php in the MyAnnonces 1.7 and earlier module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
unknown
2008-02-21
7.5CVE-2008-0878
MILW0RM
FRSIRT
Simple CMS -- Simple CMS
SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter.
unknown
2008-02-20
7.5CVE-2008-0835
MILW0RM
BID
Symantec -- Veritas Storage Foundation
Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size.
unknown
2008-02-21
9.3CVE-2008-0638
OTHER-REF
OTHER-REF
BID
SECTRACK
WoltLab -- Burning Board
SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page.
unknown
2008-02-20
7.5CVE-2008-0857
BUGTRAQ
BID
WordPress -- Dean Logan WP-People plugin
SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter.
unknown
2008-02-20
7.5CVE-2008-0845
BUGTRAQ
XOOPS -- myTopics
SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter.
unknown
2008-02-20
7.5CVE-2008-0847
MILW0RM
BID
XF
XOOPS -- eEmpregos Module
SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
unknown
2008-02-21
7.5CVE-2008-0874
BUGTRAQ
MILW0RM
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Safari
Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420.
unknown
2008-02-21
6.8CVE-2008-0894
BUGTRAQ
OTHER-REF
ATutor -- ATutor
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes like style and onmouseover in (a) forum post or (b) mail; or (2) HTML tags in the website field of the profile.
unknown
2008-02-19
4.3CVE-2008-0828
BUGTRAQ
BID
BanPro -- NET BanPro DMS
Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the action parameter.
unknown
2008-02-18
6.4CVE-2008-0812
BUGTRAQ
BID
SECUNIA
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks.
unknown
2008-02-20
5.0CVE-2008-0863
BEA
SECTRACK
BEA Systems -- WebLogic Portal
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.
unknown
2008-02-20
5.0CVE-2008-0864
BEA
BEA Systems -- WebLogic Portal
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors.
unknown
2008-02-20
5.0CVE-2008-0865
BEA
BEA Systems -- WebLogic Workshop
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Workshop allow remote attackers to inject arbitrary web script or HTML via an invalid action URI, which is not properly handled by NetUI page flows.
unknown
2008-02-20
4.3CVE-2008-0866
BEA
BEA Systems -- AquaLogic Interaction
BEA Systems -- Plumtree Foundation
Cross-site scripting (XSS) vulnerability in the portal for BEA Plumtree Foundation 6.0 through SP1 and AquaLogic Interaction 6.1 through Maintenance Pack 1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
unknown
2008-02-20
4.3CVE-2008-0867
BEA
BEA Systems -- WebLogic Portal
Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors.
unknown
2008-02-20
4.3CVE-2008-0868
BEA
BEA Systems -- WebLogic
BEA Systems -- WebLogic Workshop
Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
unknown
2008-02-20
4.3CVE-2008-0869
BEA
Caroline -- Caroline
Cross-site scripting (XSS) vulnerability in Claroline before 1.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-02-19
4.3CVE-2008-0826
OTHER-REF
SECUNIA
Crafty Syntax Live Help -- Crafty Syntax Live Help
Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty Syntax Live Help (CSLH) 2.4.13 and 2.4.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original researcher are likely incorrect.
unknown
2008-02-20
4.3CVE-2008-0848
BUGTRAQ
BID
XF
cups -- CUPS
Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information.
unknown
2008-02-21
6.4CVE-2008-0882
OTHER-REF
SECUNIA
Dokeos -- E-Learning System
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to main/admin/course_category.php, (4) message parameter to main/admin/session_list.php in a show_message action, and (5) an avatar image to main/auth/profile.php.
unknown
2008-02-20
4.3CVE-2008-0851
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
Etomite -- Etomite
** DISPUTED ** Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER['PHP_INFO']. NOTE: the vendor disputes this issue in a followup, stating that the affected variable is $_SERVER['PHP_SELF'], and "This is not an Etomite specific exploit and I would like the report rescinded."
unknown
2008-02-19
4.3CVE-2008-0820
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
freeSSHd -- freeSSHd
freeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference.
unknown
2008-02-20
5.0CVE-2008-0852
OTHER-REF
BID
FRSIRT
SECUNIA
Hitachi -- EUR Print Manager
Unspecified vulnerability in Hitachi EUR Print Manager, and related Client and Local Server products, 05-06 through 05-06-/B and 05-08 allows remote attackers to cause a denial of service (service hang or termination) via unspecified vectors related to "unexpected data."
unknown
2008-02-21
6.4CVE-2008-0875
OTHER-REF
BID
FRSIRT
SECUNIA
Hitachi -- SEWB3 PLATFORM
Hitachi -- SEWB3 MI-PLATFORM
Unspecified vulnerability in the SEWB3 messaging service in Hitachi SEWB3/PLATFORM and SEWB3/MI-PLATFORM 01-00 through 02-14-/A allows remote attackers to cause a denial of service (service outage) via "invalid data."
unknown
2008-02-21
5.8CVE-2008-0876
OTHER-REF
BID
FRSIRT
SECUNIA
Horde -- Turba Contact Manager
Horde -- Groupware
Horde -- Groupware Webmail Edition
lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.
unknown
2008-02-18
4.9CVE-2008-0807
MLIST
MLIST
MLIST
MLIST
OTHER-REF
BID
SECUNIA
IBM -- Lotus Quickr
Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-02-20
4.3CVE-2008-0834
OTHER-REF
BID
SECUNIA
IBM -- Lotus Quickplace
Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus Quickplace 7.0 allows remote attackers to inject arbitrary web script or HTML via an h_SearchString sub-parameter in the PreSetFields parameter of an EditDocument action.
unknown
2008-02-20
4.3CVE-2008-0861
OTHER-REF
BID
SECTRACK
IBM -- Lotus Notes
IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection.
unknown
2008-02-20
4.3CVE-2008-0862
OTHER-REF
FRSIRT
SECUNIA
Ikiwiki -- Ikiwiki
Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.
unknown
2008-02-18
4.3CVE-2008-0808
OTHER-REF
OTHER-REF
SECUNIA
Ikiwiki -- Ikiwiki
Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.
unknown
2008-02-18
4.3CVE-2008-0809
OTHER-REF
SECUNIA
Jinzora -- Jinzora
Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php.
unknown
2008-02-21
4.3CVE-2008-0877
BUGTRAQ
SECUNIA
John Godley -- Search Unleashed
WordPress -- Search Unleashed plugin
Cross-site scripting (XSS) vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the administrator views the log file.
unknown
2008-02-20
4.3CVE-2008-0837
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
Kerio -- Kerio MailServer
Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to decoding of uuencoded input, which triggers memory corruption.
unknown
2008-02-20
5.0CVE-2008-0859
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
NOW -- SMS_MMS Gateway
Multiple stack-based buffer overflows in Now SMS/MMS Gateway 2007.06.27 and earlier allow remote attackers to execute arbitrary code via a (1) long password in an Authorization header to the HTTP service or a (2) large packet to the SMPP service.
unknown
2008-02-21
6.8CVE-2008-0871
OTHER-REF
BID
FRSIRT
SECUNIA
SmarterTools -- SmarterMail
Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message.
unknown
2008-02-21
6.0CVE-2008-0872
BUGTRAQ
OTHER-REF
BID
SECUNIA
Sophos -- ES4000
Sophos -- ES1000
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page.
unknown
2008-02-20
4.3CVE-2008-0838
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
StatCounteX -- StatCounteX
StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp.
unknown
2008-02-20
6.4CVE-2008-0843
BUGTRAQ
SECUNIA
Sun -- Solaris
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 9 and 10 on x86 architectures allows local users to cause a denial of service (panic) via unspecified vectors that trigger a NULL pointer dereference in the vuid3ps2 module, a different issue than CVE-2007-5319.
unknown
2008-02-20
4.9CVE-2008-0836
SUNALERT
FRSIRT
SECUNIA
Symantec Veritas -- Storage Foundation
The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via malformed packets.
unknown
2008-02-21
4.3CVE-2007-4516
IDEFENSE
OTHER-REF
BID
SECTRACK
Thecus -- N5200Pro NAS Server Control Panel
PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code via a URL in the name parameter.
unknown
2008-02-18
6.8CVE-2008-0804
MILW0RM
BID
TRUC -- TRUC
Directory traversal vulnerability in download.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the upload_filename parameter.
unknown
2008-02-18
6.4CVE-2008-0814
MILW0RM
BID
XPWeb -- XPWeb
Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
unknown
2008-02-18
5.0CVE-2008-0813
MILW0RM
BID
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Paul Pelzl -- wyrd
wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file.
unknown
2008-02-18
3.6CVE-2008-0806
OTHER-REF
BID
SECUNIA
PlutoStatus -- PlutoStatus Locator
Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
unknown
2008-02-19
3.6CVE-2008-0819
BUGTRAQ
BID
Public Warehouse -- Light Blog
Directory traversal vulnerability in view_member.php in Public Warehouse LightBlog 9.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the username parameter.
unknown
2008-02-20
3.6CVE-2008-0840
MILW0RM
BID
Scribe -- Scribe
Directory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter.
unknown
2008-02-19
3.6CVE-2008-0822
BUGTRAQ
MILW0RM
BID
Back to top



Last updated February 25, 2008