US-CERT: United States Computer Emergency Readiness Team
National Cyber Alert System
Cyber Security Bulletin SB08-350
Last updated December 15, 2008
Cyber Security Bulletin SB08-350
Vulnerability Summary for the Week of December 8, 2008
|
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. |
| High Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
apple -- itunes apple -- quicktime |
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow." | 2008-12-10 | 9.3 | CVE-2008-5406 XF BID MILW0RM |
|
asterisk -- zaptel |
Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZT_SPANCONFIG ioctl. | 2008-12-08 | 7.2 | CVE-2008-5396 MLIST CONFIRM CONFIRM |
|
bandsitecms -- bandsite_cms |
BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true. | 2008-12-12 | 7.5 | CVE-2008-5497 XF BID MILW0RM |
|
bitdefender -- antivirus bitdefender -- bitdefender bullguard -- internet_security software602 -- groupware_server |
Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information. | 2008-12-10 | 9.3 | CVE-2008-5409 BID SECUNIA SECUNIA SECUNIA OSVDB OSVDB MISC MILW0RM |
|
ca -- arcserve_backup |
The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows does not properly verify client data, which allows remote attackers to execute arbitrary code via unspecified vectors. | 2008-12-11 | 10.0 | CVE-2008-5415 CONFIRM |
|
cerulean_studios -- trillian cerulean_studios -- trillian_pro ceruleanstudios -- trillian ceruleanstudios -- trillian_pro |
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." | 2008-12-10 | 10.0 | CVE-2008-5401 FRSIRT |
|
cerulean_studios -- trillian cerulean_studios -- trillian_pro ceruleanstudios -- trillian ceruleanstudios -- trillian_pro |
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." | 2008-12-10 | 10.0 | CVE-2008-5402 XF MISC SECTRACK BID BUGTRAQ FRSIRT SECUNIA MISC |
|
cerulean_studios -- trillian cerulean_studios -- trillian_pro ceruleanstudios -- trillian ceruleanstudios -- trillian_pro |
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. | 2008-12-10 | 10.0 | CVE-2008-5403 FRSIRT |
|
cisco -- wvc54gc |
The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network. | 2008-12-08 | 10.0 | CVE-2008-4390 CERT-VN |
|
cisco -- wvc54gc |
Stack-based buffer overflow in the SetSource method in the NetCamPlayerWeb11gv2 ActiveX control in NetCamPlayerWeb11gv2.ocx on the Cisco Linksys WVC54GC wireless video camera before firmware 1.25 allows remote attackers to execute arbitrary code via long invalid arguments. | 2008-12-08 | 9.3 | CVE-2008-4391 CERT-VN |
|
clip-share -- clipshare |
SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter. | 2008-12-12 | 7.5 | CVE-2008-5489 BID MILW0RM FRSIRT |
|
debian -- shadow |
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. | 2008-12-08 | 7.2 | CVE-2008-5394 XF BUGTRAQ MILW0RM CONFIRM CONFIRM CONFIRM |
|
digitalgreys -- com_contactinfo |
SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 2008-12-12 | 7.5 | CVE-2008-5494 XF BID MILW0RM FRSIRT |
|
e-topbiz -- domain_shop |
SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 allows remote attackers to execute arbitrary SQL commands via the passfromform parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2008-12-12 | 7.5 | CVE-2008-5488 XF BID FRSIRT |
|
emc -- control_center |
Stack-based buffer overflow in SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center 5.2 SP5 and 6.0 allows remote attackers to execute arbitrary code via multiple SST_CTGTRANS requests. | 2008-12-10 | 10.0 | CVE-2008-5419 MISC SECTRACK BID BUGTRAQ FRSIRT SECUNIA OSVDB |
|
emc -- control_center |
The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files. | 2008-12-10 | 7.8 | CVE-2008-5420 XF MISC SECTRACK BID BUGTRAQ FRSIRT SECUNIA OSVDB |
|
ffdshow-tryout -- ffdshow |
Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) before SVN revision 2347 allows remote attackers to execute arbitrary code via a long URL. | 2008-12-08 | 9.3 | CVE-2008-5381 BUGTRAQ FRSIRT MISC SECUNIA SECUNIA |
|
grid2000 -- flexcell_grid_control |
Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the HttpDownloadFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2008-12-10 | 10.0 | CVE-2008-5404 BID SECUNIA |
|
gungho -- loadprgax_control |
Unspecified vulnerability in the GungHo LoadPrgAx ActiveX control 1.0.0.6 and earlier allows remote attackers to execute arbitrary Java applications via unknown vectors. | 2008-12-12 | 9.3 | CVE-2008-5495 BID SECUNIA JVNDB JVN CONFIRM |
|
hp -- hp-ux |
Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors. | 2008-12-11 | 7.8 | CVE-2008-4418 BID SECTRACK HP HP |
|
ibm -- websphere_application_server |
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. | 2008-12-09 | 10.0 | CVE-2008-5412 CONFIRM SECUNIA |
|
ibm -- websphere_application_server |
Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken." | 2008-12-09 | 10.0 | CVE-2008-5414 CONFIRM SECUNIA |
|
microsoft -- windows_2000 microsoft -- windows_2003_server microsoft -- windows_server_2003 microsoft -- windows_server_2008 microsoft -- windows_vista microsoft -- windows_xp |
Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." | 2008-12-10 | 9.3 | CVE-2008-2249 MS |
|
microsoft -- windows_media_format_runtime microsoft -- windows_media_player microsoft -- windows_media_services |
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." | 2008-12-10 | 10.0 | CVE-2008-3009 MS |
|
microsoft -- windows_media_player |
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." | 2008-12-10 | 10.0 | CVE-2008-3010 MS |
|
microsoft -- windows_2000 microsoft -- windows_2003_server microsoft -- windows_server_2003 microsoft -- windows_server_2008 microsoft -- windows_vista microsoft -- windows_xp |
Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." | 2008-12-10 | 9.3 | CVE-2008-3465 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_outlook microsoft -- office_word microsoft -- office_word_viewer microsoft -- open_xml_file_format_converter microsoft -- works |
Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed record, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." | 2008-12-10 | 9.3 | CVE-2008-4024 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_outlook microsoft -- office_word microsoft -- office_word_viewer microsoft -- open_xml_file_format_converter microsoft -- works |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed control word in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability." | 2008-12-10 | 9.3 | CVE-2008-4025 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_outlook microsoft -- office_word microsoft -- office_word_viewer microsoft -- open_xml_file_format_converter microsoft -- works |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." | 2008-12-10 | 9.3 | CVE-2008-4026 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_outlook microsoft -- office_word microsoft -- office_word_viewer microsoft -- open_xml_file_format_converter microsoft -- works |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via malformed control words in (1) an RTF file or (2) a rich text e-mail message, which triggers a "memory calculation error" and memory corruption, aka "Word RTF Object Parsing Vulnerability." | 2008-12-10 | 9.3 | CVE-2008-4027 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_outlook microsoft -- office_word microsoft -- office_word_viewer microsoft -- open_xml_file_format_converter microsoft -- works |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030. | 2008-12-10 | 9.3 | CVE-2008-4028 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_outlook microsoft -- office_word microsoft -- office_word_viewer microsoft -- open_xml_file_format_converter microsoft -- works |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028. | 2008-12-10 | 9.3 | CVE-2008-4030 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_outlook microsoft -- office_word microsoft -- office_word_viewer microsoft -- open_xml_file_format_converter microsoft -- works |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability." | 2008-12-10 | 9.3 | CVE-2008-4031 MS |
|
microsoft -- office_sharepoint_server microsoft -- search_server |
Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." | 2008-12-10 | 7.5 | CVE-2008-4032 MS |
|
microsoft -- office_frontpage microsoft -- project microsoft -- visual_basic microsoft -- visual_foxpro microsoft -- visual_studio_.net |
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability." | 2008-12-10 | 8.5 | CVE-2008-4252 MS |
|
microsoft -- office_frontpage microsoft -- project microsoft -- visual_basic microsoft -- visual_foxpro microsoft -- visual_studio_.net |
The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability." | 2008-12-10 | 8.5 | CVE-2008-4253 MS |
|
microsoft -- office_frontpage microsoft -- project microsoft -- visual_basic microsoft -- visual_foxpro microsoft -- visual_studio_.net |
The Hierarchical FlexGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability." | 2008-12-10 | 8.5 | CVE-2008-4254 MS |
|
microsoft -- office_frontpage microsoft -- project microsoft -- visual_basic microsoft -- visual_foxpro microsoft -- visual_studio_.net |
The Windows Common ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." | 2008-12-10 | 8.5 | CVE-2008-4255 MS |
|
microsoft -- office_frontpage microsoft -- project microsoft -- visual_basic microsoft -- visual_foxpro microsoft -- visual_studio_.net |
The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability." | 2008-12-10 | 8.5 | CVE-2008-4256 MS |
|
microsoft -- internet_explorer |
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability." | 2008-12-10 | 8.5 | CVE-2008-4258 MS |
|
microsoft -- internet_explorer |
Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "HTML Objects Memory Corruption Vulnerability." | 2008-12-10 | 9.3 | CVE-2008-4259 MS |
|
microsoft -- internet_explorer |
Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | 2008-12-10 | 8.5 | CVE-2008-4260 MS |
|
microsoft -- internet_explorer |
Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." | 2008-12-10 | 9.3 | CVE-2008-4261 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_excel microsoft -- office_excel_viewer microsoft -- open_xml_file_format_converter |
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability." | 2008-12-10 | 9.3 | CVE-2008-4264 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_excel microsoft -- office_excel_viewer microsoft -- open_xml_file_format_converter |
Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability." | 2008-12-10 | 9.3 | CVE-2008-4265 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_excel microsoft -- office_excel_viewer microsoft -- open_xml_file_format_converter |
Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers stack corruption during the loading of records from this spreadsheet, aka "Excel Global Array Memory Corruption Vulnerability." | 2008-12-10 | 9.3 | CVE-2008-4266 MS |
|
microsoft -- windows_server_2008 microsoft -- windows_vista |
The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." | 2008-12-10 | 8.5 | CVE-2008-4268 MS |
|
microsoft -- windows_server_2008 microsoft -- windows_vista |
The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability." | 2008-12-10 | 8.5 | CVE-2008-4269 MS |
|
microsoft -- office microsoft -- office_compatibility_pack_for_word_excel_ppt_2007 microsoft -- office_outlook microsoft -- office_word microsoft -- office_word_viewer microsoft -- open_xml_file_format_converter microsoft -- works |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed record value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." | 2008-12-10 | 9.3 | CVE-2008-4837 MS |
|
microsoft -- wordpad |
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. | 2008-12-10 | 9.3 | CVE-2008-4841 BID BID MILW0RM CONFIRM SECTRACK SECUNIA MISC |
|
microsoft -- sql_server |
Heap-based buffer overflow in Microsoft SQL Server 2000 8.00.2050, 8.00.2039, and earlier allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of crafted parameters that trigger memory overwrite. | 2008-12-10 | 9.0 | CVE-2008-5416 BID BUGTRAQ MISC SECTRACK SECUNIA |
|
microsoft -- internet_explorer |
Use-after-free vulnerability in mshtml.dll in Microsoft Internet Explorer 7 on Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a crafted XML document containing nested SPAN elements, as exploited in the wild in December 2008. | 2008-12-11 | 9.3 | CVE-2008-4844 CERT-VN BID MISC MILW0RM MILW0RM CONFIRM MISC MISC SECUNIA MISC |
|
national_instruments -- electronics_workbench |
Stack-based buffer overflow in National Instruments Electronics Workbench allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .ewb file. | 2008-12-08 | 9.3 | CVE-2008-5383 XF BID MILW0RM |
|
oxid -- cain_and_abel |
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string. | 2008-12-10 | 9.3 | CVE-2008-5405 XF BID MILW0RM MILW0RM FRSIRT SECUNIA CONFIRM OSVDB |
|
phpstore -- yahoo_answers |
SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2008-12-12 | 7.5 | CVE-2008-5490 BID MILW0RM FRSIRT SECUNIA |
|
phpstore -- wholesale phpstore -- wholesales |
SQL injection vulnerability in track.php in PHPStore Wholesales (aka Wholesale) allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2008-12-12 | 7.5 | CVE-2008-5493 BID MILW0RM FRSIRT SECUNIA MISC |
|
pozscripts -- business_directory_script |
SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 2008-12-12 | 7.5 | CVE-2008-5496 XF BID MILW0RM FRSIRT SECUNIA OSVDB |
|
privacy-cd -- unbuntu_privacy_remix |
UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kernel support for mounting RAID arrays, which might allow remote attackers to bypass intended isolation mechanisms by (1) reading from or (2) writing to these arrays. | 2008-12-08 | 10.0 | CVE-2008-5393 CONFIRM BID |
|
ruby-lang -- ruby |
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5 allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656. | 2008-12-08 | 7.8 | CVE-2008-4310 CONFIRM REDHAT |
|
slimcms -- slimcms |
SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter. | 2008-12-12 | 7.5 | CVE-2008-5491 BID MILW0RM |
|
sun -- jdk sun -- jre sun -- sdk |
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors. | 2008-12-05 | 10.0 | CVE-2008-5340 SUNALERT |
|
sun -- jdk sun -- jre sun -- sdk |
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows "hidden code" to make unauthorized network connections and "hijack HTTP sessions using cookies stored in the browser" via unknown vectors. | 2008-12-05 | 9.0 | CVE-2008-5343 SUNALERT |
|
sun -- jdk sun -- jre sun -- sdk |
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading. | 2008-12-05 | 7.5 | CVE-2008-5344 SUNALERT |
|
sun -- jdk sun -- jre sun -- sdk |
Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make unauthorized connections to localhost via unknown vectors. | 2008-12-05 | 7.5 | CVE-2008-5345 SUNALERT SECUNIA SECUNIA REDHAT REDHAT |
|
sun -- jdk sun -- jre sun -- sdk |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file. | 2008-12-05 | 7.1 | CVE-2008-5346 SUNALERT |
|
sun -- jdk sun -- jre |
Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages. | 2008-12-05 | 7.5 | CVE-2008-5347 SUNALERT |
|
sun -- jdk sun -- jre sun -- sdk |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors. | 2008-12-05 | 7.1 | CVE-2008-5348 SUNALERT |
|
sun -- jdk sun -- jre |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key. | 2008-12-05 | 7.1 | CVE-2008-5349 SUNALERT |
|
sun -- jdk sun -- jre sun -- sdk |
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. | 2008-12-05 | 7.5 | CVE-2008-5351 SUNALERT |
|
sun -- jdk sun -- jre |
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow. | 2008-12-05 | 9.3 | CVE-2008-5352 SUNALERT |
|
sun -- jdk sun -- jre sun -- sdk |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets and applications to gain privileges via unknown vectors related to "deserializing calendar objects." | 2008-12-05 | 10.0 | CVE-2008-5353 SUNALERT |
|
sun -- jdk sun -- jre sun -- sdk |
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. | 2008-12-05 | 9.3 | CVE-2008-5354 SUNALERT |
|
sun -- jdk sun -- jre sun -- sdk |
Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. | 2008-12-05 | 9.3 | CVE-2008-5356 SUNALERT |
|
sun -- jdk sun -- jre sun -- sdk |
Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow. | 2008-12-05 | 9.3 | CVE-2008-5357 SUNALERT IDEFENSE |
|
sun -- jdk sun -- jre |
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. | 2008-12-05 | 9.3 | CVE-2008-5358 SUNALERT |
|
sun -- jdk sun -- jre sun -- sdk |
Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via unknown vectors related to "image processing code." | 2008-12-05 | 9.3 | CVE-2008-5359 SUNALERT |
|
sun -- solaris |
The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions. | 2008-12-09 | 7.8 | CVE-2008-5410 CONFIRM CONFIRM SECUNIA |
|
sun -- ray_server_software |
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. | 2008-12-11 | 7.5 | CVE-2008-5422 BID SUNALERT CONFIRM |
|
symantec -- backup_exec_for_windows_server |
Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. | 2008-12-10 | 9.4 | CVE-2008-5407 CONFIRM CONFIRM SECUNIA |
|
symantec -- backup_exec_for_windows_server |
Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2008-5407. | 2008-12-10 | 9.0 | CVE-2008-5408 BID CONFIRM CONFIRM |
|
tor -- tor |
Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process. | 2008-12-08 | 7.2 | CVE-2008-5397 BID |
|
tor -- tor |
Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream. | 2008-12-08 | 9.3 | CVE-2008-5398 BID CONFIRM |
|
turnkeyforms -- text_link_sales |
SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2008-12-12 | 7.5 | CVE-2008-5486 BID MILW0RM |
|
twiki -- twiki |
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable. | 2008-12-09 | 10.0 | CVE-2008-5305 BID CONFIRM SECTRACK SECUNIA |
|
verypdf -- verydoc_pdf_viewer |
Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these details are obtained from third party information. | 2008-12-12 | 9.3 | CVE-2008-5492 BID MILW0RM MISC SECUNIA |
|
vmware -- esx vmware -- esxi vmware -- player vmware -- server vmware -- vmware_workstation |
Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption. | 2008-12-08 | 7.2 | CVE-2008-4917 SECUNIA CONFIRM |
| Back to top | ||||
| Medium Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
5e5 -- teamtek_universal_ftp_server |
Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a denial of service (daemon crash or hang) via (1) multiple STOR (aka PUT) commands, or an MKD command followed by (2) a '*' argument, (3) a '|' argument, (4) spaces, or (5) a long string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2008-12-11 | 5.0 | CVE-2006-7235 XF FRSIRT BID SECUNIA |
|
5e5 -- teamtek_universal_ftp_server |
Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command. | 2008-12-11 | 5.0 | CVE-2008-5431 BUGTRAQ SECUNIA |
|
apple -- cups |
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333. | 2008-12-08 | 6.9 | CVE-2008-5377 MISC MLIST |
|
cmus -- cmus |
cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file. | 2008-12-08 | 6.9 | CVE-2008-5375 MISC MLIST |
|
crip -- crip |
editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file. | 2008-12-08 | 6.9 | CVE-2008-5376 MISC MLIST |
|
eset -- nod32_antivirus |
ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | 2008-12-11 | 4.3 | CVE-2008-5425 BUGTRAQ BUGTRAQ MISC |
|
freedesktop -- dbus |
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. | 2008-12-09 | 4.6 | CVE-2008-4311 FEDORA CONFIRM CONFIRM XF BID FRSIRT SECUNIA SECUNIA MLIST CONFIRM CONFIRM |
|
gpsdrive -- gpsdrive |
gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959. | 2008-12-08 | 6.9 | CVE-2008-5380 MLIST |
|
i-o_data -- hlf-f160 i-o_data -- hlf-f250 i-o_data -- hlf-f300 i-o_data -- hlf-f320 |
Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to (1) change a configuration or (2) delete files as an authenticated user via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2008-12-08 | 6.8 | CVE-2008-5382 CONFIRM SECUNIA OSVDB JVN |
|
ibm -- aix |
crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor. | 2008-12-08 | 6.9 | CVE-2008-5384 AIXAPAR AIXAPAR AIXAPAR |
|
ibm -- aix |
enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors. | 2008-12-08 | 6.9 | CVE-2008-5385 AIXAPAR AIXAPAR AIXAPAR |
|
ibm -- aix |
Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors. | 2008-12-08 | 6.9 | CVE-2008-5386 AIXAPAR AIXAPAR AIXAPAR |
|
ibm -- aix |
Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors. | 2008-12-08 | 6.2 | CVE-2008-5387 AIXAPAR AIXAPAR AIXAPAR |
|
ibm -- websphere_application_server |
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 2008-12-09 | 5.0 | CVE-2008-5411 BID FRSIRT CONFIRM SECUNIA |
|
ibm -- websphere_application_server |
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. | 2008-12-09 | 5.0 | CVE-2008-5413 BID FRSIRT CONFIRM |
|
incredimail -- incredimail |
Incredimail build 5853710 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | 2008-12-11 | 4.3 | CVE-2008-5429 BUGTRAQ BUGTRAQ MISC |
|
jonas_smedegaard -- sdm-terminal |
sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sdm.autologin.once temporary file. | 2008-12-08 | 6.9 | CVE-2008-5372 MLIST |
|
jose_luis_tallon -- bacula_common |
mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995. | 2008-12-08 | 6.9 | CVE-2008-5373 MISC MLIST |
|
justin_roy -- punportal_module |
Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. | 2008-12-10 | 5.1 | CVE-2008-5418 XF BID MILW0RM |
|
kaspersky_lab -- kaspersky_internet_security_suite |
Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | 2008-12-11 | 4.3 | CVE-2008-5426 BUGTRAQ BUGTRAQ MISC |
|
lehrstuhl_fur_mikrobiologie -- arb |
arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file. | 2008-12-08 | 6.9 | CVE-2008-5378 MLIST |
|
linux -- kernel |
net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table. | 2008-12-08 | 4.9 | CVE-2008-5079 BUGTRAQ SECUNIA MLIST |
|
linux -- kernel |
The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated with an attempt to unwind a stack that contains userspace addresses. | 2008-12-08 | 4.9 | CVE-2008-5395 XF BID SECUNIA MLIST CONFIRM CONFIRM |
|
lukas_ruf -- muttprint |
muttprint in muttprint 0.72d allows local users to overwrite arbitrary files via a symlink attack on the /tmp/muttprint.log temporary file. | 2008-12-08 | 6.9 | CVE-2008-5368 MLIST |
|
marc_gloor -- screenie |
screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file. | 2008-12-08 | 6.9 | CVE-2008-5371 MLIST |
|
marco_d'itri -- ppp |
The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file. | 2008-12-08 | 6.9 | CVE-2008-5366 MLIST |
|
marco_d'itri -- ppp-udeb |
ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file. | 2008-12-08 | 6.9 | CVE-2008-5367 MLIST |
|
matthias_klose -- bash-doc |
bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts. | 2008-12-08 | 6.9 | CVE-2008-5374 MISC MLIST |
|
microsoft -- outlook_express |
The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173. | 2008-12-11 | 4.3 | CVE-2008-5424 BID BUGTRAQ BUGTRAQ MISC |
|
moodle -- moodle |
Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title). | 2008-12-11 | 4.3 | CVE-2008-5432 MLIST CONFIRM |
|
mvnforum -- mvnforum |
Cross-site scripting (XSS) vulnerability in the listonlineusers (aka "Who's online") component in mvnForum before 1.2.1 GA allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 2008-12-10 | 4.3 | CVE-2008-5399 BID BUGTRAQ CONFIRM MISC SECUNIA OSVDB |
|
mvnforum -- mvnforum |
Multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum before 1.2.1 GA allow remote attackers to (1) create forums, (2) change account privileges, (3) enable accounts, or (4) disable accounts as a product administrator via unspecified vectors, possibly related to HTTP Referer headers. | 2008-12-10 | 6.8 | CVE-2008-5400 CONFIRM |
|
netwin -- smsgate |
The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service (hang) via (1) a large integer in the Content-Length HTTP header; (2) an invalid value in the Content-Length HTTP header, as demonstrated by a negative integer; or (3) a missing Content-Length HTTP header. | 2008-12-11 | 5.0 | CVE-2008-5421 BID SECUNIA MISC |
|
no-ip -- no-ip2 |
noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file. | 2008-12-08 | 6.9 | CVE-2008-5369 MLIST |
|
oliver_gorwits -- netdisco_mibs_installer |
netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts. | 2008-12-08 | 6.9 | CVE-2008-5379 MLIST |
|
opera -- opera |
Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | 2008-12-11 | 4.3 | CVE-2008-5428 BUGTRAQ BUGTRAQ MISC |
|
punbb -- punbb |
Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field. | 2008-12-11 | 4.3 | CVE-2008-5433 MLIST CONFIRM CONFIRM |
|
punbb -- punbb |
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php. | 2008-12-11 | 6.5 | CVE-2008-5434 MLIST CONFIRM CONFIRM CONFIRM |
|
punbb -- punbb |
Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject. | 2008-12-11 | 4.3 | CVE-2008-5435 MLIST CONFIRM |
|
pvpgn -- pvpgn |
pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file. | 2008-12-08 | 6.9 | CVE-2008-5370 MLIST |
|
sun -- jdk sun -- jre sun -- sdk |
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors. | 2008-12-05 | 5.0 | CVE-2008-5339 SUNALERT |
|
sun -- jdk sun -- jre sun -- sdk |
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors. | 2008-12-05 | 5.0 | CVE-2008-5341 SUNALERT |
|
sun -- jdk sun -- jre sun -- sdk |
Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors. | 2008-12-05 | 5.0 | CVE-2008-5342 SUNALERT |
|
sun -- jdk sun -- jre sun -- sdk |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors. | 2008-12-05 | 5.0 | CVE-2008-5350 SUNALERT |
|
sun -- jdk sun -- jre sun -- sdk |
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors. | 2008-12-05 | 6.4 | CVE-2008-5360 SUNALERT |
|
sun -- ray_server_software |
Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector. | 2008-12-11 | 4.3 | CVE-2008-5423 SUNALERT CONFIRM CONFIRM |
|
symantec -- norton_internet_security |
Norton Antivirus in Norton Internet Security 15.5.0.23 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | 2008-12-11 | 4.3 | CVE-2008-5427 BUGTRAQ BUGTRAQ MISC |
|
turnkeyforms -- text_link_sales |
Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 2008-12-12 | 4.3 | CVE-2008-5487 BID MILW0RM |
|
twiki -- twiki |
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable. | 2008-12-09 | 4.3 | CVE-2008-5304 CONFIRM |
| Back to top | ||||
| Low Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
hp -- decnet_plus_for_openvms |
HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services. | 2008-12-10 | 2.1 | CVE-2008-5417 SECTRACK SECUNIA CONFIRM |
| Back to top | ||||
PDF Version