Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB08-021 archive

Vulnerability Summary for the Week of January 14, 2008

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Agares Media -- phpAutoVideo
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.
unknown
2008-01-15
7.5CVE-2008-0262
MILW0RM
MILW0RM
BID
XF
Apple -- Quicktime
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with crafted Image Descriptor (IDSC) atoms, which triggers memory corruption.
unknown
2008-01-15
9.3CVE-2008-0033
APPLE
OTHER-REF
Article Dashboard -- Article Dashboard
SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields.
unknown
2008-01-15
7.5CVE-2008-0286
BUGTRAQ
BID
BinN -- SBuilder
SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter.
unknown
2008-01-15
7.5CVE-2008-0253
MILW0RM
BID
CherryPy -- CherryPy
Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.
unknown
2008-01-11
7.5CVE-2008-0252
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Cisco -- Unified CallManager
Cisco -- Unified Communications Manager
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
unknown
2008-01-16
10.0CVE-2008-0027
BUGTRAQ
OTHER-REF
CISCO
BID
XF
Debian -- apt-listchanges
Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.
unknown
2008-01-16
7.2CVE-2008-0302
OTHER-REF
OTHER-REF
DigitalHive -- DigitalHive
Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php.
unknown
2008-01-15
7.5CVE-2008-0290
MILW0RM
BID
XF
DomPHP -- DomPHP
SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter.
unknown
2008-01-15
7.5CVE-2008-0282
MILW0RM
BID
SECUNIA
XF
Drupal -- Fileshare_Module
Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors.
unknown
2008-01-15
8.5CVE-2008-0277
OTHER-REF
XF
eTicket -- eTicket
Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php.
unknown
2008-01-15
7.5CVE-2008-0267
BUGTRAQ
BID
SECUNIA
XF
Evilsentinel -- Evilsentinel
admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes.
unknown
2008-01-17
7.5CVE-2008-0350
MILW0RM
OTHER-REF
SECUNIA
FaScript -- FaPersian Petition
SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-01-17
7.5CVE-2008-0325
MILW0RM
BID
FaScript -- FaPersianHack
SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php.
unknown
2008-01-17
7.5CVE-2008-0326
MILW0RM
BID
FaScript -- FaMp3
SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-01-17
7.5CVE-2008-0327
MILW0RM
BID
FaScript -- FaName
SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2008-01-17
7.5CVE-2008-0328
MILW0RM
BID
FreeBSD -- FreeBSD
Off-by-one error in the inet_network function in libc in FreeBSD 6.2, 6.3, and 7.0-PRERELEASE and earlier allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
unknown
2008-01-15
10.0CVE-2008-0122
FREEBSD
Funkwerk -- System Software
Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests.
unknown
2008-01-17
7.8CVE-2008-0331
OTHER-REF
SECUNIA
GForge -- GForge
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.
unknown
2008-01-15
7.5CVE-2008-0173
DEBIAN
BID
FRSIRT
Hangzhou Rui-Qiang -- RichStrong CMS
SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter.
unknown
2008-01-16
7.5CVE-2008-0291
MILW0RM
BID
ID-Commerce -- ID-Commerce
SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter.
unknown
2008-01-15
7.5CVE-2008-0281
FULLDISC
FULLDISC
FULLDISC
BID
XF
iGaming -- iGaming
SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter.
unknown
2008-01-15
7.5CVE-2008-0255
MILW0RM
BID
SECUNIA
XF
ImageAlbum -- ImageAlbum
Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action.
unknown
2008-01-15
7.5CVE-2008-0288
BUGTRAQ
MILW0RM
BID
Linux -- Kernel
VFS in the Linux kernel before 2.6.23.14 performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass file permissions.
unknown
2008-01-15
7.2CVE-2008-0001
OTHER-REF
BID
Linux -- Kernel
The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram).
unknown
2008-01-17
7.8CVE-2008-0352
MILW0RM
OTHER-REF
XF
Matteo Binda -- ASP Photo Gallery
Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp.
unknown
2008-01-15
7.5CVE-2008-0256
MILW0RM
BID
SECUNIA
Menalto -- Gallery Publish XP Module
Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors.
unknown
2008-01-16
10.0CVE-2007-6685
OTHER-REF
Menalto -- Gallery
The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller.
unknown
2008-01-16
10.0CVE-2007-6686
OTHER-REF
Menalto -- Gallery
Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder."
unknown
2008-01-16
10.0CVE-2007-6688
OTHER-REF
Menalto -- Gallery
Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module.
unknown
2008-01-16
7.5CVE-2007-6689
OTHER-REF
Menalto -- Gallery
The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors.
unknown
2008-01-16
10.0CVE-2007-6690
OTHER-REF
Menalto -- Gallery
Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules.
unknown
2008-01-16
10.0CVE-2007-6691
OTHER-REF
Menalto -- Gallery WebCam Module
Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request."
unknown
2008-01-16
10.0CVE-2007-6693
OTHER-REF
Microsoft -- Excel
Microsoft -- Excel Viewer
Unspecified vulnerability in Microsoft Excel 2004 and earlier, and Microsoft Office Excel Viewer 2003, allows remote attackers to execute arbitrary code via an Excel file with a malformed header, which triggers memory corruption. NOTE: due to lack of details from the vendor, it is not clear whether this is the same issue as CVE-2007-3490.
unknown
2008-01-16
10.0CVE-2008-0081
OTHER-REF
BID
FRSIRT
SECTRACK
XF
Microsoft -- Visual InterDev
Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long Project line.
unknown
2008-01-11
9.3CVE-2008-0250
MILW0RM
OTHER-REF
BID
MiniWeb HTTP Server -- MiniWeb HTTP Server
Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI.
unknown
2008-01-17
7.5CVE-2008-0337
MILW0RM
OTHER-REF
SECUNIA
MTCMS -- MTCMS
SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter.
unknown
2008-01-15
7.5CVE-2008-0280
BUGTRAQ
MILW0RM
BID
Oracle -- Oracle Database
Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01.
unknown
2008-01-17
10.0CVE-2008-0339
OTHER-REF
HP
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Oracle -- E-Business Suite 11i
Oracle -- Oracle 10g Application Server Release 3
Oracle -- E-Business Suite 12
Oracle -- Application Server 9i Release 1
Oracle -- Oracle 9i Database Release 2
Oracle -- Database 11g
Oracle -- Collaboration Suite 10g
Oracle -- Database 9i
Oracle -- Oracle 10g Database Release 2
Oracle -- Oracle10g Application Server Release 2
Oracle -- Oracle10g Application Server
Oracle -- PeopleSoft Enterprise PeopleTools
Oracle -- Database 10g
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB04).
unknown
2008-01-17
10.0CVE-2008-0340
OTHER-REF
HP
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle Database
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03.
unknown
2008-01-17
10.0CVE-2008-0341
OTHER-REF
HP
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle Database
Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB05.
unknown
2008-01-17
10.0CVE-2008-0342
OTHER-REF
HP
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Oracle -- E-Business Suite 11i
Oracle -- Oracle 10g Application Server Release 3
Oracle -- E-Business Suite 12
Oracle -- Application Server 9i Release 1
Oracle -- Oracle 9i Database Release 2
Oracle -- Database 11g
Oracle -- Collaboration Suite 10g
Oracle -- Database 9i
Oracle -- Oracle 10g Database Release 2
Oracle -- Oracle10g Application Server Release 2
Oracle -- Oracle10g Application Server
Oracle -- PeopleSoft Enterprise PeopleTools
Oracle -- Database 10g
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has unknown impact and remote attack vectors, aka DB06.
unknown
2008-01-17
10.0CVE-2008-0343
OTHER-REF
HP
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Oracle -- E-Business Suite 11i
Oracle -- Oracle 10g Application Server Release 3
Oracle -- E-Business Suite 12
Oracle -- Application Server 9i Release 1
Oracle -- Oracle 9i Database Release 2
Oracle -- Database 11g
Oracle -- Collaboration Suite 10g
Oracle -- Database 9i
Oracle -- Oracle 10g Database Release 2
Oracle -- Oracle10g Application Server Release 2
Oracle -- Oracle10g Application Server
Oracle -- PeopleSoft Enterprise PeopleTools
Oracle -- Database 10g
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack vectors, aka DB07.
unknown
2008-01-17
10.0CVE-2008-0344
OTHER-REF
HP
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Oracle -- E-Business Suite 11i
Oracle -- Oracle 10g Application Server Release 3
Oracle -- E-Business Suite 12
Oracle -- Application Server 9i Release 1
Oracle -- Oracle 9i Database Release 2
Oracle -- Database 11g
Oracle -- Collaboration Suite 10g
Oracle -- Database 9i
Oracle -- Oracle 10g Database Release 2
Oracle -- Oracle10g Application Server Release 2
Oracle -- Oracle10g Application Server
Oracle -- PeopleSoft Enterprise PeopleTools
Oracle -- Database 10g
Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.
unknown
2008-01-17
10.0CVE-2008-0345
OTHER-REF
HP
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Oracle -- E-Business Suite 11i
Oracle -- Oracle 10g Application Server Release 3
Oracle -- E-Business Suite 12
Oracle -- Application Server 9i Release 1
Oracle -- Oracle 9i Database Release 2
Oracle -- Database 11g
Oracle -- Collaboration Suite 10g
Oracle -- Database 9i
Oracle -- Oracle 10g Database Release 2
Oracle -- Oracle10g Application Server Release 2
Oracle -- Oracle10g Application Server
Oracle -- PeopleSoft Enterprise PeopleTools
Oracle -- Database 10g
Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01.
unknown
2008-01-17
10.0CVE-2008-0346
OTHER-REF
HP
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Oracle -- E-Business Suite 11i
Oracle -- Oracle 10g Application Server Release 3
Oracle -- E-Business Suite 12
Oracle -- Application Server 9i Release 1
Oracle -- Oracle 9i Database Release 2
Oracle -- Database 11g
Oracle -- Collaboration Suite 10g
Oracle -- Database 9i
Oracle -- Oracle 10g Database Release 2
Oracle -- Oracle10g Application Server Release 2
Oracle -- Oracle10g Application Server
Oracle -- PeopleSoft Enterprise PeopleTools
Oracle -- Database 10g
Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2 and Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka OCS01.
unknown
2008-01-17
10.0CVE-2008-0347
OTHER-REF
HP
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Oracle -- E-Business Suite 11i
Oracle -- Oracle 10g Application Server Release 3
Oracle -- E-Business Suite 12
Oracle -- Application Server 9i Release 1
Oracle -- Oracle 9i Database Release 2
Oracle -- Database 11g
Oracle -- Collaboration Suite 10g
Oracle -- Database 9i
Oracle -- Oracle 10g Database Release 2
Oracle -- Oracle10g Application Server Release 2
Oracle -- Oracle10g Application Server
Oracle -- PeopleSoft Enterprise PeopleTools
Oracle -- Database 10g
Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18, 8.48.15, and 8.49.07 have unknown impact and remote attack vectors, aka (1) PSE01, (2) PSE03, and (3) PSE04.
unknown
2008-01-17
10.0CVE-2008-0348
OTHER-REF
HP
CERT
BID
FRSIRT
SECTRACK
SECUNIA
Oracle -- E-Business Suite 11i
Oracle -- Oracle 10g Application Server Release 3
Oracle -- E-Business Suite 12
Oracle -- Application Server 9i Release 1
Oracle -- Oracle 9i Database Release 2
Oracle -- Database 11g
Oracle -- Collaboration Suite 10g
Oracle -- Database 9i
Oracle -- Oracle 10g Database Release 2
Oracle -- Oracle10g Application Server Release 2
Oracle -- Oracle10g Application Server
Oracle -- PeopleSoft Enterprise PeopleTools
Oracle -- Database 10g
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02.
unknown
2008-01-17
10.0CVE-2008-0349
OTHER-REF
HP
CERT
BID
FRSIRT
SECTRACK
SECUNIA
PhotoPost -- Photopost vBGallery
Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.
unknown
2008-01-11
10.0CVE-2008-0251
OTHER-REF
OTHER-REF
SECUNIA
XF
Radiator -- RADIUS_Server
Radiator before 4.0 allows remote attackers to cause a denial of service (daemon crash) via malformed RADIUS requests, as demonstrated by packets sent by nmap.
unknown
2008-01-17
7.8CVE-2008-0330
OTHER-REF
SECUNIA
Tibco -- SmartSockets RTserver
Tibco -- RTworks
Tibco -- Enterprise Message Service
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.
unknown
2008-01-15
10.0CVE-2007-5655
IDEFENSE
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
Tibco -- SmartSockets RTserver
Tibco -- RTworks
Tibco -- Enterprise Message Service
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory.
unknown
2008-01-15
10.0CVE-2007-5656
IDEFENSE
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
Tibco -- SmartSockets RTserver
Tibco -- RTworks
Tibco -- Enterprise Message Service
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.
unknown
2008-01-15
10.0CVE-2007-5657
IDEFENSE
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
Tibco -- SmartSockets RTserver
Tibco -- RTworks
Tibco -- Enterprise Message Service
Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow.
unknown
2008-01-15
10.0CVE-2007-5658
IDEFENSE
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
VideoLAN -- VLC
Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
unknown
2008-01-16
7.5CVE-2007-6681
BUGTRAQ
MLIST
MLIST
VideoLAN -- VLC
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
unknown
2008-01-16
7.5CVE-2007-6682
BUGTRAQ
VideoLAN -- VLC Media Player
Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.
unknown
2008-01-16
8.5CVE-2008-0295
OTHER-REF
BID
FRSIRT
SECUNIA
VideoLAN -- VLC Media Player
Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.
unknown
2008-01-16
10.0CVE-2008-0296
OTHER-REF
FRSIRT
Xforum -- Xforum
SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter. NOTE: the categorie parameter might also be affected.
unknown
2008-01-15
7.5CVE-2008-0279
MILW0RM
BID
XF
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
AfterLogic -- MailBee WebMail Pro
Microsoft -- ASP.NET
Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter.
unknown
2008-01-17
5.0CVE-2008-0333
MILW0RM
Apple -- Quicktime
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execurte arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.
unknown
2008-01-15
5.8CVE-2008-0031
APPLE
OTHER-REF
Apple -- Quicktime
Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.
unknown
2008-01-15
5.8CVE-2008-0032
IDEFENSE
APPLE
OTHER-REF
Apple -- iPhone
Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls.
unknown
2008-01-15
4.6CVE-2008-0034
APPLE
OTHER-REF
Apple -- Safari
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2 and iPod touch 1.1 through 1.1.2 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.
unknown
2008-01-15
6.8CVE-2008-0035
APPLE
OTHER-REF
Apple -- Quicktime
Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding.
unknown
2008-01-15
6.8CVE-2008-0036
APPLE
OTHER-REF
Apple -- Safari
KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element.
unknown
2008-01-16
4.3CVE-2008-0298
BUGTRAQ
OTHER-REF
BID
XF
Aria -- Aria
Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
unknown
2008-01-17
5.0CVE-2008-0332
MILW0RM
Boost -- Boost
Boost -- Boost Regex Library
regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.
unknown
2008-01-17
5.0CVE-2008-0171
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
BID
Boost -- Boost
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.
unknown
2008-01-17
5.0CVE-2008-0172
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
BID
Bugtracker.NET -- Bugtracker.NET
Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field.
unknown
2008-01-17
4.3CVE-2008-0335
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
Bugtracker.NET -- Bugtracker.NET
Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx.
unknown
2008-01-17
4.3CVE-2008-0336
OTHER-REF
OTHER-REF
SECUNIA
XF
Cisco -- VPN Client
Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.
unknown
2008-01-16
4.9CVE-2008-0324
MILW0RM
BID
XF
Dansie -- Search Engine
Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search Engine 2.7 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-01-15
4.3CVE-2008-0257
SECUNIA
Dansie -- Photo Album
Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-01-16
4.3CVE-2008-0292
SECUNIA
XF
DomPHP -- DomPHP
PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
unknown
2008-01-15
6.8CVE-2008-0283
MILW0RM
BID
Drupal -- Meta_Tags_Module
Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 module for Drupal, when images are permitted in node bodies, allows remote authenticated users to execute arbitrary code via unspecified vectors involving creation of a node.
unknown
2008-01-15
6.8CVE-2008-0264
OTHER-REF
FRSIRT
SECUNIA
Drupal -- BUEditor
The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces.
unknown
2008-01-15
4.3CVE-2008-0271
OTHER-REF
SECUNIA
XF
Drupal -- Drupal
Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.
unknown
2008-01-15
4.3CVE-2008-0272
OTHER-REF
BID
SECUNIA
XF
Drupal -- Drupal
Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism.
unknown
2008-01-15
4.3CVE-2008-0273
OTHER-REF
BID
SECUNIA
XF
Drupal -- Atom Module
The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content.
unknown
2008-01-15
5.0CVE-2008-0275
OTHER-REF
XF
Drupal -- Drupal
Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table.
unknown
2008-01-15
4.3CVE-2008-0276
OTHER-REF
XF
eTicket -- eTicket
Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
unknown
2008-01-15
5.8CVE-2008-0268
BUGTRAQ
BID
SECUNIA
XF
Evilsentinel -- Evilsentinel
admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php.
unknown
2008-01-17
5.0CVE-2008-0351
MILW0RM
F5 -- BIG-IP
Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories.
unknown
2008-01-15
4.3CVE-2008-0265
BUGTRAQ
FreeBSD -- FreeBSD
The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script.
unknown
2008-01-15
6.9CVE-2008-0217
FREEBSD
FreeSeat -- FreeSeat
Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function.
unknown
2008-01-16
6.8CVE-2008-0293
OTHER-REF
SECUNIA
XF
FreeSeat -- FreeSeat
Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors.
unknown
2008-01-16
5.0CVE-2008-0294
OTHER-REF
BID
SECUNIA
XF
Ingate -- Ingate_SIParator
Ingate -- firewall
The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors.
unknown
2008-01-15
5.0CVE-2008-0263
OTHER-REF
BID
FRSIRT
SECTRACK
SECTRACK
SECUNIA
Julien_Plesniak -- LulieBlog
LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter.
unknown
2008-01-17
5.0CVE-2008-0329
MILW0RM
BID
SECUNIA
XF
Keil Software -- PhotoKorn
PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output.
unknown
2008-01-16
5.0CVE-2008-0297
MILW0RM
XF
Mambo -- Mambo Open Source
Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors.
unknown
2008-01-15
5.0CVE-2008-0261
OTHER-REF
BID
SECUNIA
XF
Mansion Productions -- Member Area System
PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter.
unknown
2008-01-15
6.8CVE-2008-0289
BUGTRAQ
BID
XF
Menalto -- Gallery
Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules; or via (3) HTTP PROPPATCH in the WebDAV module.
unknown
2008-01-16
4.3CVE-2007-6687
OTHER-REF
Menalto -- Gallery
Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules.
unknown
2008-01-16
6.4CVE-2007-6692
OTHER-REF
minimal design -- minimal Gallery
Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters.
unknown
2008-01-15
6.4CVE-2008-0259
MILW0RM
BID
SECUNIA
minimal design -- minimal Gallery
minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function.
unknown
2008-01-15
5.0CVE-2008-0260
MILW0RM
SECUNIA
MiniWeb HTTP Server -- MiniWeb HTTP Server
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.
unknown
2008-01-17
5.0CVE-2008-0338
MILW0RM
OTHER-REF
SECUNIA
ngIRCd -- ngIRCd
ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference.
unknown
2008-01-15
5.0CVE-2008-0285
OTHER-REF
OTHER-REF
OTHER-REF
PHP Running Management -- phpRunMan
Cross-site scripting (XSS) vulnerability in index.php in PHP Running Management (phpRunMan) before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
unknown
2008-01-15
4.3CVE-2008-0258
OTHER-REF
OTHER-REF
BID
SECUNIA
Python Software Foundation -- Paramiko
common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.
unknown
2008-01-16
4.3CVE-2008-0299
OTHER-REF
OTHER-REF
OTHER-REF
Simple Machines -- Simple Machines SMF
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments.
unknown
2008-01-15
4.3CVE-2008-0284
BUGTRAQ
XF
Sun -- Solaris
Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors.
unknown
2008-01-15
4.9CVE-2008-0269
SUNALERT
TaskFreak -- TaskFreak
SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter.
unknown
2008-01-15
6.0CVE-2008-0270
MILW0RM
VideoLAN -- VLC
The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.
unknown
2008-01-16
5.0CVE-2007-6683
MLIST
OTHER-REF
OTHER-REF
VideoLAN -- VLC
The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.
unknown
2008-01-16
5.0CVE-2007-6684
MLIST
OTHER-REF
VisionBurst -- vcart
PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php.
unknown
2008-01-15
6.8CVE-2008-0287
MILW0RM
BID
SECUNIA
Wavelink Media -- TutorialCMS
SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter.
unknown
2008-01-15
6.8CVE-2008-0254
MILW0RM
BID
SECUNIA
X7 Group -- X7 Chat
SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action.
unknown
2008-01-15
6.5CVE-2008-0278
MILW0RM
BID
XF
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Drupal -- Drupal
Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.
unknown
2008-01-15
2.6CVE-2008-0274
OTHER-REF
BID
SECUNIA
XF
eTicket -- eTicket
Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability.
unknown
2008-01-15
2.6CVE-2008-0266
BUGTRAQ
BID
SECUNIA
XF
FreeBSD -- FreeBSD
The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user.
unknown
2008-01-15
2.1CVE-2008-0216
FREEBSD
pMachine -- PMachine Pro
Cross-site scripting (XSS) vulnerability in pm/language/spanish/preferences.php in PMachine Pro 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the L_PREF_NAME[855] parameter.
unknown
2008-01-17
2.6CVE-2008-0334
OTHER-REF
BID
Back to top



Last updated January 21, 2008