Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB08-035 archive

Vulnerability Summary for the Week of January 28, 2008

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
phpCMS Version 1.2.2 Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than CVE-2005-1840.
unknown
2008-01-31
8.5CVE-2008-0513
BUGTRAQ
BUGTRAQ
MILW0RM
BID
XF
Bigware -- Bigware Shop
SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to main_bigware_53.php.
unknown
2008-01-30
7.5CVE-2008-0498
MILW0RM
BID
XF
Bubbling Library -- Bubbling Library
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) uri parameter to (a) yui-menu.tpl.php, (b) simple.tpl.php, and (c) advanced.tpl.php in dispatcher/framework/; and the (2) page parameter to (d) yui-menu.php, (e) simple.php, and (f) advanced.php in dispatcher/framework/, different vectors than CVE-2008-0521.
unknown
2008-02-01
7.5CVE-2008-0545
MILW0RM
BID
Comodo -- Comodo AntiVirus
Microsoft -- ActiveX
A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method.
unknown
2008-01-29
9.3CVE-2008-0470
MILW0RM
BID
XF
Connectix -- Connectix Boards
PHP remote file inclusion vulnerability in templates/Official/part_userprofile.php in Connectix Boards 0.8.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the template_path parameter.
unknown
2008-01-31
9.3CVE-2008-0502
MILW0RM
BID
SECUNIA
Coppermine -- Coppermine Photo Gallery
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters. NOTE: some of these details are obtained from third party information.
unknown
2008-01-31
7.5CVE-2008-0506
OTHER-REF
BID
SECUNIA
fedoraproject -- HSQLDB
Unspecified vulnerability in HSQLDB 1.8.0.8, and possibly other versions, has unknown impact and attack vectors.
unknown
2008-01-28
10.0CVE-2007-4576
FEDORA
FEDORA
SECUNIA
Firebird -- Firebird
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
unknown
2008-01-28
7.8CVE-2008-0387
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Firebird -- Firebird
Buffer overflow in Firebird before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via a long username.
unknown
2008-01-28
10.0CVE-2008-0467
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
XF
Flinx -- Flinx
SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-01-29
7.5CVE-2008-0468
MILW0RM
BID
FRSIRT
XF
GE Fanuc -- Proficy Real-Time Information Portal
Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory.
unknown
2008-01-28
7.5CVE-2008-0175
BUGTRAQ
OTHER-REF
CERT-VN
BID
SECTRACK
SECUNIA
GE Fanuc -- CIMPLICITY
Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors.
unknown
2008-01-28
10.0CVE-2008-0176
BUGTRAQ
OTHER-REF
CERT-VN
BID
SECTRACK
SECUNIA
FRSIRT
HFS -- HTTP File Server
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.
unknown
2008-01-28
10.0CVE-2008-0405
BUGTRAQ
OTHER-REF
OTHER-REF
SECUNIA
XF
IBM -- Hardware Management Console
Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Management Console (HMC) 7 R3.2.0 allows remote attackers to cause a denial of service via unspecified vectors.
unknown
2008-01-30
7.8CVE-2008-0495
OTHER-REF
BID
SECUNIA
ICU Project -- International Components for Unicode
libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.
unknown
2008-01-28
7.5CVE-2007-4770
MLIST
OTHER-REF
MANDRIVA
REDHAT
BID
SECTRACK
SECUNIA
SECUNIA
XF
FEDORA
FEDORA
FRSIRT
SECUNIA
ICU Project -- International Components for Unicode
Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.
unknown
2008-01-28
10.0CVE-2007-4771
MLIST
OTHER-REF
MANDRIVA
REDHAT
BID
SECTRACK
SECUNIA
SECUNIA
XF
FEDORA
FEDORA
FRSIRT
SECUNIA
IrfanView -- IrfanView
fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information.
unknown
2008-01-30
9.3CVE-2008-0493
MILW0RM
BID
FRSIRT
SECUNIA
Joomla -- Joomla
Darko Selesi -- EstateAgent
Mambo -- Mambo
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.
unknown
2008-01-31
7.5CVE-2008-0517
MILW0RM
Joomla -- com_recipes
Mambo -- com_recipes
SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
unknown
2008-01-31
7.5CVE-2008-0518
MILW0RM
Joomla -- com_jokes
Mambo -- com_jokes
SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action.
unknown
2008-01-31
7.5CVE-2008-0519
MILW0RM
Linux -- Kernel
The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference.
unknown
2008-01-29
7.8CVE-2007-6694
MLIST
Mambo -- Glossary
Joomla -- Glossary
SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action.
unknown
2008-01-31
7.5CVE-2008-0514
MILW0RM
BID
Mambo -- musepoes_component
Joomla -- musepoes_component
SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.
unknown
2008-01-31
7.5CVE-2008-0515
MILW0RM
BID
MamboXChange -- LaiThai
SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2008-01-30
7.5CVE-2008-0499
OTHER-REF
BID
FRSIRT
SECUNIA
MamboXChange -- LaiThai
Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have unknown impact and attack vectors related to (1) mod_login and (2) mod_template_chooser.
unknown
2008-01-30
10.0CVE-2008-0500
OTHER-REF
BID
FRSIRT
SECUNIA
Move Networks Inc -- Move Media Player
Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX control in QMPUpgrade.dll 1.0.0.1 in Move Networks Upgrade Manager allows remote attackers to execute arbitrary code via a long first argument to the Upgrade method. NOTE: some of these details are obtained from third party information.
unknown
2008-01-29
10.0CVE-2008-0477
MILW0RM
BID
FRSIRT
SECUNIA
XF
PierreEGougelet -- NConvert
PierreEGougelet -- GFL SDK
PierreEGougelet -- XnView
Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file.
unknown
2008-01-31
8.5CVE-2008-0064
OTHER-REF
SECUNIA
SECUNIA
Pre Projects -- Pre Dynamic Institution
Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp. NOTE: some of these details are obtained from third party information.
unknown
2008-02-01
7.5CVE-2008-0543
BUGTRAQ
BID
SECUNIA
XF
PulseAudio -- PulseAudio
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
unknown
2008-01-28
7.2CVE-2008-0008
OTHER-REF
OTHER-REF
OTHER-REF
FEDORA
FEDORA
BID
SECUNIA
DEBIAN
MANDRIVA
FRSIRT
SECUNIA
XF
Radio Toolbox -- Steamcast
Off-by-one error in Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a certain HTTP request that leads to a buffer overflow, as demonstrated by a long User-Agent header.
unknown
2008-02-01
10.0CVE-2008-0550
OTHER-REF
OTHER-REF
XF
SDL -- SDL_image
Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.
unknown
2008-02-01
7.5CVE-2007-6697
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SDL -- SDL_image
Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained from third party information.
unknown
2008-02-01
10.0CVE-2008-0544
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Sejoong Namo -- ActiveSquare
Microsoft -- ActiveX
The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1 and earlier in Namo Web Editor in Sejoong Namo ActiveSquare 6 allows remote attackers to execute arbitrary code via a URL in the argument to the Install method. NOTE: some of these details are obtained from third party information.
unknown
2008-02-01
9.3CVE-2008-0551
MILW0RM
BID
FRSIRT
SECUNIA
ShoppingTree -- CandyPress Store
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter to (b) ajax/ajax_getBrands.asp.
unknown
2008-02-01
7.5CVE-2008-0546
BUGTRAQ
MILW0RM
OTHER-REF
BID
SECUNIA
XF
SQLite Manager -- SQLite Manager
PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in SQLiteManager 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-01-31
9.3CVE-2008-0516
SECUNIA
The Net Guys -- ASPired2Protect
Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: some of these details are obtained from third party information.
unknown
2008-01-30
7.5CVE-2008-0487
BUGTRAQ
BID
SECUNIA
XF
Tiger Php News System -- Tiger Php News System
SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action.
unknown
2008-01-29
7.5CVE-2008-0469
BUGTRAQ
MILW0RM
BID
SECUNIA
XF
FRSIRT
VB Marketing -- VB Marketing
Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter.
unknown
2008-01-30
7.5CVE-2008-0488
BUGTRAQ
BID
XF
WordPress -- WP_Cal Plugin
SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-01-30
7.5CVE-2008-0490
MILW0RM
BID
SECUNIA
XF
WordPress -- fGallery plugin
SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter.
unknown
2008-01-30
7.5CVE-2008-0491
MILW0RM
BID
XF
WordPress -- AdServe
SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-01-31
7.5CVE-2008-0507
MILW0RM
BID
SECUNIA
Yamaha -- RT107e
Yamaha -- RTA50i
Yamaha -- RTA54i
Yamaha -- RTA52i
Yamaha -- RT80i
Yamaha -- RTV700
Yamaha -- RTW65i
Yamaha -- RT57i
Yamaha -- RTX1000
Yamaha -- SRT100
Yamaha -- RT56v
Yamaha -- RTA55i
Yamaha -- RT60w
Yamaha -- RT52pro
Yamaha -- RTX1100
Yamaha -- RTX1500
Yamaha -- RT58i
Yamaha -- RTW65b
Cross-site request forgery (CSRF) vulnerability in the management interface in multiple Yamaha RT series routers allows remote attackers to change password settings and probably other configuration settings as administrators via unspecified vectors.
unknown
2008-01-31
10.0CVE-2008-0524
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
AmpJuke -- AmpJuke
Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 allows remote attackers to inject arbitrary web script or HTML via the limit parameter in a search action.
unknown
2008-01-30
4.3CVE-2008-0496
BUGTRAQ
Bubbling Library -- Bubbling Library
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-????.
unknown
2008-01-31
5.0CVE-2008-0521
MILW0RM
BID
XF
Clansphere -- Clansphere
Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
unknown
2008-01-30
5.0CVE-2008-0489
BUGTRAQ
BID
XF
Coppermine -- Coppermine Photo Gallery
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) util.php and (2) reviewcom.php. NOTE: some of these details are obtained from third party information.
unknown
2008-01-31
6.8CVE-2008-0504
OTHER-REF
BID
SECUNIA
Coppermine -- Coppermine Photo Gallery
Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters. NOTE: some of these details are obtained from third party information.
unknown
2008-01-31
6.0CVE-2008-0505
OTHER-REF
BID
SECUNIA
Dean -- Permalinks Migration Plugin
Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting.
2008-01-11
2008-01-31
6.8CVE-2008-0508
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Drake Team -- Drake CMS
Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter.
unknown
2008-02-01
4.3CVE-2007-6695
OTHER-REF
BID
Endian -- Firewall
Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-01-30
4.3CVE-2008-0494
OTHER-REF
BID
eTicket -- eTicket
Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
unknown
2008-02-01
4.3CVE-2008-0552
BUGTRAQ
OTHER-REF
BID
F5 -- BIG-IP
Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php in F5 BIG-IP Application Security Manager (ASM) 9.4.3 allows remote attackers to inject arbitrary web script or HTML via the report_type parameter.
unknown
2008-02-01
4.3CVE-2008-0539
BUGTRAQ
BID
Francisco Burzi -- PHP-Nuke
SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information.
unknown
2008-01-25
6.8CVE-2008-0461
MILW0RM
BID
FRSIRT
SECUNIA
XF
GE Fanuc -- Proficy Real-Time Information Portal
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges.
unknown
2008-01-28
5.0CVE-2008-0174
BUGTRAQ
OTHER-REF
CERT-VN
SECTRACK
Gerd Tentler -- Simple Forum
Multiple cross-site scripting (XSS) vulnerabilities in forum.php in Gerd Tentler Simple Forum 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) open and (2) date_show parameters.
unknown
2008-02-01
4.3CVE-2008-0541
MILW0RM
BID
Gerd Tentler -- Simple Forum
Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
unknown
2008-02-01
5.0CVE-2008-0542
MILW0RM
BID
Hal Networks -- Perl _CGI_cart
Hal Networks -- PHP_cart
Hal Networks -- Shop_hal_v1
Cross-site scripting (XSS) vulnerability in multiple Hal Networks shopping-cart products allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-01-31
4.3CVE-2008-0522
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
HFS -- HTTP File Server
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.
unknown
2008-01-28
5.0CVE-2008-0406
BUGTRAQ
OTHER-REF
OTHER-REF
SECUNIA
XF
HFS -- HTTP File Server
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
unknown
2008-01-28
5.0CVE-2008-0407
BUGTRAQ
OTHER-REF
OTHER-REF
SECUNIA
XF
HFS -- HTTP File Server
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
unknown
2008-01-28
6.4CVE-2008-0408
BUGTRAQ
OTHER-REF
OTHER-REF
SECUNIA
XF
HFS -- HTTP File Server
Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL.
unknown
2008-01-28
4.3CVE-2008-0409
BUGTRAQ
OTHER-REF
OTHER-REF
SECUNIA
XF
HFS -- HTTP File Server
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.
unknown
2008-01-28
5.0CVE-2008-0410
BUGTRAQ
OTHER-REF
OTHER-REF
SECUNIA
XF
IBM -- AIX
Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25remote, related to piox25remote.sh.
unknown
2008-01-31
5.5CVE-2008-0509
AIXAPAR
BID
FRSIRT
SECUNIA
Joomla -- com_mamml Component
SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
unknown
2008-01-31
6.8CVE-2008-0511
MILW0RM
BID
Joomla -- com_fq Component
SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
unknown
2008-01-31
6.8CVE-2008-0512
MILW0RM
BID
Linux -- Linux
cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.
unknown
2008-01-31
6.9CVE-2007-4998
OTHER-REF
OTHER-REF
LiquidSilverCMS -- LiquidSilverCMS
Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter.
unknown
2008-01-25
6.8CVE-2008-0459
MILW0RM
BID
SECUNIA
FRSIRT
XF
Lumension Security -- PatchLink Update
PatchLink Update client for Unix allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script.
unknown
2008-01-31
4.6CVE-2008-0525
BUGTRAQ
SECTRACK
SECUNIA
XF
XF
Mambo -- Mambo Open Source 4.5
SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
unknown
2008-01-31
6.8CVE-2008-0510
MILW0RM
BID
ManageEngine -- Applications Manager
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-01-29
4.3CVE-2008-0474
BID
SECUNIA
XF
ManageEngine -- Applications Manager
ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-01-29
5.0CVE-2008-0475
BID
SECUNIA
XF
ManageEngine -- Applications Manager
ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-01-29
6.4CVE-2008-0476
BID
SECUNIA
XF
Microsoft -- ie
MediaWiki -- MediaWiki BotQuery Ext
MediaWiki -- MediaWiki
Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-01-25
4.3CVE-2008-0460
MLIST
SECUNIA
FRSIRT
XF
Netwerk -- Smart Publisher
Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter.
unknown
2008-01-31
6.8CVE-2008-0503
MILW0RM
BID
SECUNIA
Nucleus CMS -- Nucleus CMS
Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, which is not quoted when processing PHP_SELF.
unknown
2008-01-30
4.3CVE-2008-0497
BUGTRAQ
BUGTRAQ
OTHER-REF
Persits Software -- XUpload
Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. NOTE: some of these details are obtained from third party information.
unknown
2008-01-30
6.8CVE-2008-0492
MILW0RM
BID
FRSIRT
SECUNIA
XF
phpBB -- phpBB
Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action.
unknown
2008-01-29
4.3CVE-2008-0471
BUGTRAQ
SECUNIA
phpIP -- phpIP Management
Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to login.php, the (2) id parameter to display.php, and unspecified other vectors. NOTE: some of these details are obtained from third party information.
unknown
2008-02-01
6.8CVE-2008-0538
FULLDISC
MILW0RM
SECUNIA
Radio Toolbox -- Steamcast
Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails.
unknown
2008-02-01
5.0CVE-2008-0548
OTHER-REF
XF
Radio Toolbox -- Steamcast
Integer overflow in the OggHeaderParse function in Steamcast 0.9.75 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via a long Ogg tag.
unknown
2008-02-01
5.0CVE-2008-0549
OTHER-REF
OTHER-REF
XF
SeagullProject.org -- Seagull
Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter.
unknown
2008-01-25
5.0CVE-2008-0465
MILW0RM
BID
OTHER-REF
FRSIRT
SECUNIA
XF
SetCMS -- SetCMS
Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set parameter, as demonstrated by sending a certain CLIENT_IP HTTP header in an enter action to index.php, and injecting PHP sequences into files/enter.set, which is then included by index.php.
unknown
2008-01-29
5.8CVE-2008-0478
MILW0RM
BID
XF
ShoppingTree -- CandyPress Store
Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and probably earlier 4.x and 3.x versions, allows remote attackers to inject arbitrary web script or HTML via the helpfield parameter.
unknown
2008-02-01
4.3CVE-2008-0547
BUGTRAQ
MILW0RM
OTHER-REF
BID
SECUNIA
XF
SoftCart -- SoftCart
Multiple cross-site scripting (XSS) vulnerabilities in SoftCart.exe in SoftCart 5.1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) License_Plate, (2) License_State, (3) Ticket_Date, and (4) Ticket_Number parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-01-31
4.3CVE-2008-0523
SECUNIA
SourceForge -- phpMyClub
Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI.
unknown
2008-01-30
5.8CVE-2008-0501
MILW0RM
BID
XF
trixbox -- trixbox
Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/.
unknown
2008-02-01
4.3CVE-2008-0540
OTHER-REF
BID
Web Wiz -- Text Editor
Web Wiz -- Forums
Web Wiz -- NewsPad
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
unknown
2008-01-28
5.0CVE-2008-0466
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
SECTRACK
BUGTRAQ
MILW0RM
OTHER-REF
Web Wiz -- Rich Text Editor
RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors.
unknown
2008-01-29
6.4CVE-2008-0473
BUGTRAQ
MILW0RM
OTHER-REF
BID
SECTRACK
Web Wiz -- NewsPad
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter.
unknown
2008-01-29
5.0CVE-2008-0479
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
SECTRACK
SECUNIA
XF
Web Wiz -- Web Wiz Forums
Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp.
unknown
2008-01-29
5.0CVE-2008-0480
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
SECTRACK
SECUNIA
XF
Web Wiz -- Rich Text Editor
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action.
unknown
2008-01-29
5.0CVE-2008-0481
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
SECTRACK
SECUNIA
XF
WoltLab -- Burning Board
Cross-site request forgery (CSRF) vulnerability in modcp.php in Woltlab Burning Board (wBB) 2.3.6 PL2 allows remote attackers to delete threads as moderators or administrators via a thread_del action.
unknown
2008-01-29
4.3CVE-2008-0472
BUGTRAQ
SECUNIA
XF
WordPress -- WassUp Plugin
Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php.
unknown
2008-01-31
6.5CVE-2008-0520
MILW0RM
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
WebCalendar -- WebCalendar
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication.
unknown
2008-02-01
2.1CVE-2007-6696
OTHER-REF
BID
Back to top



Last updated February 04, 2008