Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB08-014 archive

Vulnerability Summary for the Week of January 7, 2008

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
AOL -- AOLMediaPlaybackControl
Microsoft -- ActiveX
Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by AmpX ActiveX control (AmpX.dll), might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method.
unknown
2008-01-09
9.3CVE-2007-6250
CERT-VN
CCMS -- CCMS
SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page.
unknown
2008-01-04
7.5CVE-2007-6658
BUGTRAQ
MILW0RM
BID
XF
eggblog -- eggblog
SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie.
unknown
2008-01-08
7.5CVE-2008-0159
MILW0RM
BID
XF
EvilBoard -- EvilBoard
SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execute arbitrary SQL commands the c parameter.
unknown
2008-01-08
7.5CVE-2008-0154
MILW0RM
FlexBB -- FlexBB
SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie.
unknown
2008-01-08
7.5CVE-2008-0157
MILW0RM
BID
XF
Gateway -- Weblaunch
Gateway -- CWebLaunchCtl ActiveX Control
Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allow remote attackers to execute arbitrary code via a long string in the (1) second or (2) fourth argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.
unknown
2008-01-10
7.5CVE-2008-0220
FULLDISC
MILW0RM
CERT-VN
BID
FRSIRT
SECUNIA
Gateway -- Weblaunch
Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.
unknown
2008-01-10
9.3CVE-2008-0221
FULLDISC
MILW0RM
FRSIRT
SECUNIA
Georgia SoftWorks -- SSH2 Server
Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allow remote attackers to execute arbitrary code via a (1) a long username, which triggers an overflow in the log function; or (2) a long password.
unknown
2008-01-07
7.5CVE-2008-0096
BUGTRAQ
OTHER-REF
SECUNIA
Georgia SoftWorks -- SSH2 Server
Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username field, as demonstrated by a certain LoginPassword message.
unknown
2008-01-07
7.5CVE-2008-0097
BUGTRAQ
OTHER-REF
SECUNIA
IBM -- WebSphere Application Server
Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 Back to Top has unknown impact and attack vectors, related to "security concerns with monitor role users."
unknown
2008-01-09
10.0CVE-2007-6679
OTHER-REF
AIXAPAR
InstantSoftwares -- Dating_Site
SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021. NOTE: some of these details are obtained from third party information.
unknown
2008-01-08
7.5CVE-2007-6671
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
InstantSoftwares -- Dating_Site
SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-01-08
7.5CVE-2008-0130
SECUNIA
XF
Justsystem -- Ichitaro viewer
Justsystem -- Ichitaro
Justsystem -- Ichitaro Lite2
Buffer overflow in JustSystem JSFC.DLL, as used in multiple JustSystem products, allows remote attackers to execute arbitrary code via a crafted .JTD file.
unknown
2008-01-10
9.3CVE-2008-0223
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Level One -- WBR-3460A
The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access.
unknown
2008-01-10
10.0CVE-2008-0229
BUGTRAQ
BID
SECTRACK
Linksys -- WRT54GL
Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators.
unknown
2008-01-10
9.3CVE-2008-0228
BUGTRAQ
SECUNIA
XF
McAfee -- e-Business Server
The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet.
unknown
2008-01-09
8.8CVE-2008-0127
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
XF
XF
Microsoft -- Windows Server 2003
Microsoft -- windows-nt
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
unknown
2008-01-08
7.1CVE-2007-0066
MS
SECUNIA
CERT
Microsoft -- Windows Server 2003
Microsoft -- Windows Vista
Microsoft -- windows-nt
Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service and execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
unknown
2008-01-08
9.3CVE-2007-0069
MS
SECUNIA
CERT
Microsoft -- Windows Server 2003
Microsoft -- windows-nt
Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
unknown
2008-01-08
7.2CVE-2007-5352
MS
SECUNIA
CERT
Microsoft -- VFP_OLE_Server ActiveX Control
The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method.
unknown
2008-01-10
10.0CVE-2008-0235
OTHER-REF
BID
XF
Motorola -- netOctopus
The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\.\NantSys device interface (nantsys.sys), which allows local users to gain privileges or cause a denial of service (system crash), as demonstrated by modifying the SYSENTER_EIP_MSR CPU Model Specific Register (MSR) value.
unknown
2008-01-08
7.2CVE-2007-5761
IDEFENSE
OTHER-REF
BID
FRSIRT
SECUNIA
XF
NetRisk -- NetRisk
SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php).
unknown
2008-01-09
7.5CVE-2008-0185
MILW0RM
OTHER-REF
SECUNIA
Novell -- ZENworks Endpoint Security Management
STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diagnostic reports, which allows local users to gain privileges, as demonstrated by creating a cmd.exe binary in the diagnostic report directory.
unknown
2008-01-08
7.2CVE-2007-5665
IDEFENSE
BID
FRSIRT
SECTRACK
SECUNIA
OpenPegasus -- Management Server
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus) might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.
unknown
2008-01-08
10.0CVE-2008-0003
OTHER-REF
REDHAT
SECUNIA
osDate -- osDate
PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via a URL in the php121dir parameter.
unknown
2008-01-10
7.5CVE-2008-0230
OTHER-REF
BID
XF
peergoal -- MySpace_Content_Zone
admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading (1) a .php file and (2) a .php%00.jpeg file.
unknown
2008-01-07
7.5CVE-2007-6668
MILW0RM
BID
SECUNIA
PHP -- PHP
Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663.
unknown
2008-01-08
7.5CVE-2008-0145
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
XF
php webquest -- php webquest
SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920.
unknown
2008-01-10
7.5CVE-2008-0219
MILW0RM
BID
SECUNIA
PHPCredo -- PHCDownload
SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter.
unknown
2008-01-07
7.5CVE-2007-6670
OTHER-REF
BID
SECUNIA
phpRisk -- NetRisk
PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences.
unknown
2008-01-08
7.5CVE-2008-0144
MILW0RM
PostgreSQL -- PostgreSQL
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
unknown
2008-01-09
10.0CVE-2007-6601
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Pragmatic Utopia -- PU Arcade
Joomla -- Joomla
SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter to index.php.
unknown
2008-01-04
7.5CVE-2007-6663
MILW0RM
BID
OTHER-REF
OTHER-REF
SECUNIA
XF
Real -- RealPlayer
Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
unknown
2008-01-07
10.0CVE-2008-0098
MLIST
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
RunCMS -- RunCMS
SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter.
unknown
2008-01-10
7.5CVE-2008-0224
MILW0RM
BID
SECUNIA
XF
SNETWORKS -- PHP CLASSIFIEDS
PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.
unknown
2008-01-08
7.5CVE-2008-0137
MILW0RM
FRSIRT
Spacial Audio Solutions -- samPHPweb
PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter.
unknown
2008-01-08
7.5CVE-2008-0143
MILW0RM
BID
XF
Spacial Audio Solutions -- samPHPweb
SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the songid parameter.
unknown
2008-01-09
7.5CVE-2008-0187
MILW0RM
BID
XF
SSH Communications Security -- SSH Tectia Server
SSH Communications Security -- SSH Tectia Client
ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors.
unknown
2008-01-09
7.2CVE-2007-5616
OTHER-REF
CERT-VN
BID
Sun -- JRE
Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM.
unknown
2008-01-09
7.1CVE-2007-0012
BUGTRAQ
BID
XF
Thomas Perez -- Tribisur
Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to cat_main.php and the (2) cat parameter to forum.php in a liste action.
unknown
2008-01-08
7.5CVE-2008-0133
MILW0RM
BID
SECUNIA
Tuned Studios -- Music Theme
Tuned Studios -- Orange Cutout
Tuned Studios -- Endless
Tuned Studios -- Subwoofer
Tuned Studios -- Lonely Maple
Tuned Studios -- Freeze Theme
Tuned Studios -- Classic Theme
Multiple directory traversal vulnerabilities in Tune Studio index.php in the (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments.
unknown
2008-01-10
7.5CVE-2008-0231
BUGTRAQ
BID
XF
Tutos -- Tutos
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.
unknown
2008-01-08
10.0CVE-2008-0148
MILW0RM
SECUNIA
VMWare -- ESX Server
OpenPegasus -- Management Server
Buffer overflow in OpenPegasus Management server, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003.
unknown
2008-01-08
7.5CVE-2007-5360
BUGTRAQ
SECUNIA
WebPortal -- WebPortal CMS
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action.
unknown
2008-01-08
7.5CVE-2008-0141
MILW0RM
BID
White_Dune -- White_Dune
Stack-based buffer overflow in the Scene::errorf function in Scene.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via a long string in a .WRL file.
unknown
2008-01-07
7.5CVE-2008-0100
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
White_Dune -- White_Dune
Format string vulnerability in the swDebugf function in DuneApp.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a .WRL file.
unknown
2008-01-07
7.5CVE-2008-0101
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
WordPress -- WordPress
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1.
unknown
2008-01-09
7.5CVE-2008-0194
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
WordPress -- FileManager
Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors.
unknown
2008-01-10
7.5CVE-2008-0222
MILW0RM
BID
XF
Xfce -- Xfce
Double-free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management."
unknown
2008-01-09
10.0CVE-2007-6532
OTHER-REF
OTHER-REF
yaSSL -- yaSSL
MySQL -- MySQL
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
unknown
2008-01-10
7.5CVE-2008-0226
BUGTRAQ
BUGTRAQ
BID
SECUNIA
yaSSL -- yaSSL
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.
unknown
2008-01-10
7.5CVE-2008-0227
BUGTRAQ
BID
SECUNIA
Zero CMS -- Zero CMS
Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or the (2) f or t parameters to forums/index.php.
unknown
2008-01-10
7.5CVE-2008-0232
OTHER-REF
BID
XF
Zero CMS -- Zero CMS
Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg.
unknown
2008-01-10
7.5CVE-2008-0233
OTHER-REF
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apache Software Foundation -- Apache HTTP Server
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-01-08
4.3CVE-2007-6388
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECTRACK
Apache Software Foundation -- Apache HTTP Server
Cross-site scripting (XSS) vulnerability in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2008-01-08
4.3CVE-2007-6421
OTHER-REF
FRSIRT
Apple -- Quicktime
Stack-based buffer overflow in Apple Quicktime Player 7.3.1.70, when running on Windows, allows remote attackers to execute arbitrary code via a long error message response to an rtsp:// request.
unknown
2008-01-10
6.8CVE-2008-0234
BUGTRAQ
BUGTRAQ
MILW0RM
CERT-VN
BID
aruba_networks -- Aruba Mobility Controllers
Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access.
unknown
2008-01-08
6.8CVE-2008-0150
BUGTRAQ
OTHER-REF
BID
SECUNIA
Asterisk -- s800i
Asterisk -- Asterisk Business Edition
Asterisk -- Asterisk Appliance Developer Kit
Asterisk -- AsteriskNOW
Asterisk -- Open Source
The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
unknown
2008-01-07
5.0CVE-2008-0095
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
AwesomeTemplateEngine -- AwesomeTemplateEngine
Multiple cross-site scripting (XSS) vulnerabilities in templates/example_template.php in AwesomeTemplateEngine allow remote attackers to inject arbitrary web script or HTML via the (1) data[title], (2) data[message], (3) data[table][1][item], (4) data[table][1][url], or (5) data[poweredby] parameter.
unknown
2008-01-09
4.3CVE-2008-0190
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
BID
XF
Bitweaver -- Bitweaver
Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter.
unknown
2008-01-04
5.0CVE-2007-6651
MILW0RM
OTHER-REF
BUGTRAQ
BID
XF
eTicket -- eTicket
Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters.
unknown
2008-01-07
4.3CVE-2008-0093
OTHER-REF
SECUNIA
EvilBoard -- EvilBoard
Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter.
unknown
2008-01-08
4.3CVE-2008-0155
MILW0RM
ExpressionEngine -- ExpressionEngine
Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter.
unknown
2008-01-09
4.3CVE-2008-0201
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
ExpressionEngine -- ExpressionEngine
CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.
unknown
2008-01-09
4.3CVE-2008-0202
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
Foxit -- WAC Server
Foxit WAC Server 2.1.0.910 and earlier allows remote attackers to cause a denial of service (crash) via a Telnet request with long options.
unknown
2008-01-08
5.0CVE-2008-0151
BUGTRAQ
OTHER-REF
BID
SECUNIA
Horde -- IMP
Horde -- Groupware Webmail Edition
Horde -- Framework
Horde -- Horde
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
unknown
2008-01-10
5.8CVE-2007-6018
OTHER-REF
BID
SECUNIA
Hughes Technologies -- W3-mSQL
Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the top-level URI.
unknown
2008-01-08
4.3CVE-2008-0146
BUGTRAQ
BID
SECUNIA
InstantSoftwares -- Dating_Site
Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-01-08
4.3CVE-2008-0131
SECUNIA
Layton Technology -- HelpBox
Unrestricted file upload vulnerability in uploadrequest.asp in Layton HelpBox 3.7.1 allows remote authenticated users to upload and execute arbitrary ASP files, related to not properly checking file extensions.
unknown
2008-01-09
6.5CVE-2007-5401
OTHER-REF
BID
SECUNIA
Layton Technology -- HelpBox
Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow (1) remote attackers to execute arbitrary SQL commands via the sys_request_id parameter to editrequestenduser.asp; and allow remote authenticated users to execute arbitrary SQL commands via (2) the oldpassword parameter to writepwdenduser.asp, and the sys_request_id parameter to (3) changerequeststatus.asp, (4) editrequestuser.asp, (5) requestcommentsuser.asp, and (6) useractions.asp, different vectors than CVE-2004-2551.
unknown
2008-01-09
6.5CVE-2007-5402
OTHER-REF
BID
SECUNIA
Layton Technology -- HelpBox
Layton HelpBox 3.7.1 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames.
unknown
2008-01-09
5.0CVE-2007-5404
OTHER-REF
BID
SECUNIA
LoudBlog -- LoudBlog
Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter.
unknown
2008-01-08
6.8CVE-2008-0139
MILW0RM
BID
SECUNIA
Makale Scripti -- Makale Scripti
Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action.
unknown
2008-01-08
4.3CVE-2007-6673
BID
SECUNIA
MediaLand -- RotaBanner Local
Multiple cross-site scripting (XSS) vulnerabilities in account/index.html in RotaBanner Local 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) drop parameter.
unknown
2008-01-09
4.3CVE-2008-0200
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
Merak -- IceWarp Mail Server
Cross-site scripting (XSS) vulnerability in admin/index.html in Merak IceWarp Mail Server allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-01-10
4.3CVE-2008-0218
OTHER-REF
BID
XF
Microsoft -- Visual Fox Pro
An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method.
unknown
2008-01-10
5.8CVE-2008-0236
OTHER-REF
BID
XF
Microsoft -- Rich Textbox Control
The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method.
unknown
2008-01-10
6.8CVE-2008-0237
OTHER-REF
BID
XF
Million Dollar Script -- Million Dollar Script
Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter.
unknown
2008-01-08
5.0CVE-2008-0156
BUGTRAQ
BID
XF
MODxCMS -- MODxCMS
Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php.
unknown
2008-01-07
6.4CVE-2008-0094
BUGTRAQ
OTHER-REF
BID
BID
SECUNIA
Mortbay Jetty -- Jetty
Directory traversal vulnerability in Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read arbitrary files via directory traversal sequences in the URI, as demonstrated by files in WEB-INF, related to improper handling of consecutive '/' (slash) characters.
unknown
2008-01-08
5.0CVE-2007-6672
OTHER-REF
OTHER-REF
CERT-VN
MyPHP Forum -- MyPHP Forum
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors.
unknown
2008-01-07
6.8CVE-2008-0099
MILW0RM
Novell -- Netware Client
Novell -- NICM.SYS driver
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.
unknown
2008-01-09
6.9CVE-2007-5762
IDEFENSE
OTHER-REF
Peters Software -- Random Anti-Spam Image
WordPress -- WordPress
Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form.
unknown
2008-01-09
4.3CVE-2007-6677
OTHER-REF
PHPCredo -- PHCDownload
Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the string parameter.
unknown
2008-01-07
4.3CVE-2007-6669
OTHER-REF
BID
SECUNIA
phpRisk -- NetRisk
Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to CVE-2008-0144.
unknown
2008-01-09
4.3CVE-2008-0186
MILW0RM
PostgreSQL -- PostgreSQL
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
unknown
2008-01-09
6.8CVE-2007-4769
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
PostgreSQL -- PostgreSQL
The TCL regular expression parser, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, allows remote authenticated users to cause a denial of service (infinite loop) via a crafted regular expression.
unknown
2008-01-09
4.0CVE-2007-4772
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
PostgreSQL -- PostgreSQL
Algorithmic complexity vulnerability in the TCL regular expression parser, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
unknown
2008-01-09
6.8CVE-2007-6067
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
PostgreSQL -- PostgreSQL
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
unknown
2008-01-09
5.5CVE-2007-6600
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Pragma Systems -- FortressSSH
Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username.
unknown
2008-01-08
5.0CVE-2008-0132
OTHER-REF
OTHER-REF
XF
BUGTRAQ
BID
Pragma Systems -- Pragma TelnetServer
telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers to cause a denial of service (process crash and resource exhaustion) via a crafted TELOPT PRAGMA LOGON telnet option, which triggers a NULL pointer dereference.
unknown
2008-01-08
5.0CVE-2008-0153
BUGTRAQ
OTHER-REF
BID
Prenotazioni On Line -- SysHotel On Line System
Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter.
unknown
2008-01-09
6.4CVE-2008-0184
BUGTRAQ
BID
PRO_Search -- PRO_Search
PRO-Search 0.17 and earlier allows remote attackers to cause a denial of service via certain values of the show_page and time parameters to the default URI.
unknown
2008-01-09
5.0CVE-2008-0199
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
OTHER-REF
PRO_Search -- PRO_Search
Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prot, (2) host, (3) path, (4) name, (5) ext, (6) size, (7) search_days, or (8) show_page parameter to the default URI.
unknown
2008-01-09
4.3CVE-2008-0207
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
RapidShare -- Database
Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attackers to inject arbitrary web script or HTML via the Arayalim parameter.
unknown
2008-01-08
4.3CVE-2007-6674
OTHER-REF
SECUNIA
Seattle Lab Software -- SLNet RF Telnet Server
SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unpsecified telnet options, which triggers a NULL pointer dereference. NOTE: the crash is not user-assisted when the server is running in debug mode.
unknown
2008-01-08
4.3CVE-2008-0152
BUGTRAQ
OTHER-REF
BID
SECUNIA
Shop-Script -- Shop-Script
Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter.
unknown
2008-01-08
5.0CVE-2008-0158
OTHER-REF
BID
XF
SiteAtSchool -- SiteAtSchool
SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the album_name parameter.
unknown
2008-01-08
6.8CVE-2008-0129
MILW0RM
BID
XF
SmallNuke -- SmallNuke
SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action.
unknown
2008-01-08
6.8CVE-2008-0147
MILW0RM
BID
SECUNIA
Snitz Forums 2000 -- Snitz Forums
Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter.
unknown
2008-01-08
4.3CVE-2008-0134
OTHER-REF
OTHER-REF
SECUNIA
Snitz Forums 2000 -- Snitz Forums
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
unknown
2008-01-08
5.0CVE-2008-0135
OTHER-REF
OTHER-REF
Snitz Forums 2000 -- Snitz Forums
Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path.
unknown
2008-01-08
5.0CVE-2008-0136
OTHER-REF
OTHER-REF
Snitz Forums 2000 -- Snitz Forums
Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter.
unknown
2008-01-09
4.3CVE-2008-0208
OTHER-REF
OTHER-REF
SECUNIA
Snitz Forums 2000 -- Snitz Forums
Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter.
unknown
2008-01-09
5.8CVE-2008-0209
OTHER-REF
OTHER-REF
SuSE -- YaST2
SuSE -- SuSE Linux
Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious module in the current working directory.
unknown
2008-01-09
6.9CVE-2007-6678
SUSE
Tutos -- Tutos
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function.
unknown
2008-01-08
5.0CVE-2008-0149
MILW0RM
SECUNIA
Uber Uploader -- Uber Uploader
The default configuration of Uber Uploader (UU) 5.3.6 and earlier does not block uploads of (1) .html, (2) .asp, and other possibly dangerous extensions, which allows remote attackers to use these extensions in uploads via (a) uu_file_upload.php, related to uu_file_upload.js and (b) uber_uploader_file.php, related to uber_uploader_file.js, a different issue than CVE-2007-0123. NOTE: the vendor disputes the severity of the issue, noting that it is the administrator's responsibility to "add file extensions that you may or may not want uploaded."
unknown
2008-01-08
5.0CVE-2007-6676
BUGTRAQ
BUGTRAQ
UebiMiau -- Webmail
Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172.
unknown
2008-01-08
6.4CVE-2008-0140
MILW0RM
VIM
BID
UebiMiau -- Webmail
Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140.
unknown
2008-01-09
6.4CVE-2008-0210
MILW0RM
BID
WebPortal -- WebPortal CMS
Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors.
unknown
2008-01-08
6.8CVE-2008-0142
MILW0RM
WordPress -- WordPress
WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure.
unknown
2008-01-09
5.0CVE-2008-0191
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
XF
WordPress -- WordPress
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.
unknown
2008-01-09
4.3CVE-2008-0192
FULLDISC
OTHER-REF
OTHER-REF
BID
XF
WordPress -- WordPress
Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php.
unknown
2008-01-09
4.3CVE-2008-0193
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
BID
WordPress -- WordPress
WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.
unknown
2008-01-09
5.0CVE-2008-0195
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
WordPress -- WordPress
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php.
unknown
2008-01-09
5.0CVE-2008-0196
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
WordPress -- WP-ContactForm
Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wpcf_email, (2) wpcf_subject, (3) wpcf_question, (4) wpcf_answer, (5) wpcf_success_msg, (6) wpcf_error_msg, or (7) wpcf_msg parameter to wp-admin/admin.php, or (8) the SRC attribute of an IFRAME element.
unknown
2008-01-09
4.3CVE-2008-0197
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
WordPress -- WordPress
Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.
unknown
2008-01-09
4.3CVE-2008-0198
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
WordPress -- Cryptographp
Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3) bgimg, (4) charR, (5) charG, (6) charB, (7) charclear, (8) tfont, (9) charel, (10) charelc, (11) charelv, (12) charnbmin, (13) charnbmax, (14) charspace, (15) charsizemin, (16) charsizemax, (17) charanglemax, (18) noisepxmin, (19) noisepxmax, (20) noiselinemin, (21) noiselinemax, (22) nbcirclemin, (23) nbcirclemax, or (24) brushsize parameter to wp-admin/options-general.php.
unknown
2008-01-09
4.3CVE-2008-0203
BUGTRAQ
FULLDISC
OTHER-REF
WordPress -- Math Comment Spam Protection Plugin
Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php.
unknown
2008-01-09
4.3CVE-2008-0204
BUGTRAQ
FULLDISC
OTHER-REF
WordPress -- Math Comment Spam Protection Plugin
Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php.
unknown
2008-01-09
4.3CVE-2008-0205
BUGTRAQ
FULLDISC
OTHER-REF
WordPress -- Captcha
Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) captcha_ttffolder, (2) captcha_numchars, (3) captcha_ttfrange, or (4) captcha_secret parameter.
unknown
2008-01-09
4.3CVE-2008-0206
BUGTRAQ
FULLDISC
OTHER-REF
Xfce -- Xfce
Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow (over-read) in the xfce_mkdirhier function was also reported, but it might not be exploitable for a crash or code execution, so it is not a vulnerability.
unknown
2008-01-09
5.0CVE-2007-6531
OTHER-REF
OTHER-REF
OTHER-REF
xine -- xine-lib
Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.
unknown
2008-01-10
6.4CVE-2008-0225
OTHER-REF
SECUNIA
XOOPS -- Xoops
The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules.
unknown
2008-01-08
5.0CVE-2007-6675
OTHER-REF
OTHER-REF
BID
SECUNIA
XOOPS -- XoopsGallery Module
PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.
unknown
2008-01-08
6.8CVE-2008-0138
MILW0RM
BID
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apache Software Foundation -- Apache HTTP Server
Unspecified vulnerability in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via a crafted request.
unknown
2008-01-08
3.5CVE-2007-6422
OTHER-REF
FRSIRT
IBM -- AIX
Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy.
unknown
2008-01-10
2.1CVE-2007-6680
AIXAPAR
BID
FRSIRT
SECTRACK
SECUNIA
Layton Technology -- HelpBox
Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Filter field to statsrequestypereport.asp; and the (6) sys_request_id parameter to requestattach.asp; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) Asset, (8) Location, and (9) Problem fields to editrequestenduser.asp; the (10) Asset, (11) Asset Location, (12) Problem Desc, and (13) Solution Desc fields to editrequestuser.asp; and the (14) End User and (15) Description fields to usersearchrequests.asp. NOTE: vectors 5 and 6 do not require authentication to exploit.
unknown
2008-01-09
3.5CVE-2007-5403
OTHER-REF
BID
SECUNIA
Back to top



=
Last updated January 14, 2008