Software Vulnerability
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Archives
| Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |Thu, 31 Jan 08
phpMyClub
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0501
Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI.
Thu, 31 Jan 08
LaiThai
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0500
Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have unknown impact and attack vectors related to (1) mod_login and (2) mod_template_chooser.
Thu, 31 Jan 08
LaiThai
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0499
SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Thu, 31 Jan 08
Bigware Shop
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0498
SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to main_bigware_53.php.
Thu, 31 Jan 08
Nucleus CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0497
Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, which is not quoted when processing PHP_SELF.
Thu, 31 Jan 08
AmpJuke
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0496
Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 allows remote attackers to inject arbitrary web script or HTML via the limit parameter in a search action.
Thu, 31 Jan 08
Hardware Management Console
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0495
Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Management Console (HMC) 7 R3.2.0 allows remote attackers to cause a denial of service via unspecified vectors.
Thu, 31 Jan 08
Firewall
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0494
Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 31 Jan 08
IrfanView
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0493
fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information.
Thu, 31 Jan 08
XUpload
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0492
Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. NOTE: some of these details are obtained from third party information.
Thu, 31 Jan 08
fGallery plugin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0491
SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter.
Thu, 31 Jan 08
WP_Cal Plugin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0490
SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
Thu, 31 Jan 08
Clansphere
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0489
Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
Thu, 31 Jan 08
VB Marketing
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0488
Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter.
Thu, 31 Jan 08
ASPired2Protect
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0487
Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: some of these details are obtained from third party information.
Thu, 31 Jan 08
Rich Text Editor
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0481
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a ..... in the sub parameter in a save action.
Thu, 31 Jan 08
Web Wiz Forums
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0480
Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a ..... in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp.
Thu, 31 Jan 08
NewsPad
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0479
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a ..... in the sub parameter.
Thu, 31 Jan 08
SetCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0478
Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set parameter, as demonstrated by sending a certain CLIENT_IP HTTP header in an enter action to index.php, and injecting PHP sequences into files/enter.set, which is then included by index.php.
Thu, 31 Jan 08
Move Media Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0477
Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX control in QMPUpgrade.dll 1.0.0.1 in Move Networks Upgrade Manager allows remote attackers to execute arbitrary code via a long first argument to the Upgrade method. NOTE: some of these details are obtained from third party information.
Thu, 31 Jan 08
Applications Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0476
ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 31 Jan 08
Applications Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0475
ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 31 Jan 08
Applications Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0474
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) sh...
Thu, 31 Jan 08
Rich Text Editor
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0473
RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors.
Thu, 31 Jan 08
Burning Board
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0472
Cross-site request forgery (CSRF) vulnerability in modcp.php in Woltlab Burning Board (wBB) 2.3.6 PL2 allows remote attackers to delete threads as moderators or administrators via a thread_del action.
Thu, 31 Jan 08
phpBB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0471
Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action.
Thu, 31 Jan 08
Comodo AntiVirus, ActiveX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0470
A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method.
Thu, 31 Jan 08
Tiger Php News System
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0469
SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action.
Thu, 31 Jan 08
Flinx
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0468
SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Thu, 31 Jan 08
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6694
The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference.
Thu, 31 Jan 08
Firebird
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0467
Buffer overflow in Firebird before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via a long username.
Thu, 31 Jan 08
Firebird
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0387
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
Thu, 31 Jan 08
CIMPLICITY
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0176
Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors.
Thu, 31 Jan 08
Proficy Real-Time Information Portal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0175
Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory.
Thu, 31 Jan 08
Proficy Real-Time Information Portal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0174
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges.
Thu, 31 Jan 08
HSQLDB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4576
Unspecified vulnerability in HSQLDB 1.8.0.8, and possibly other versions, has unknown impact and attack vectors.
Thu, 31 Jan 08
Text Editor
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0466
RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
Thu, 31 Jan 08
HTTP File Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0410
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as
Thu, 31 Jan 08
HTTP File Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0409
Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL.
Thu, 31 Jan 08
HTTP File Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0408
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
Thu, 31 Jan 08
HTTP File Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0407
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
Thu, 31 Jan 08
HTTP File Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0406
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.
Thu, 31 Jan 08
HTTP File Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0405
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.
Thu, 31 Jan 08
PulseAudio
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0008
PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
Thu, 31 Jan 08
International Components for Unicode
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4771
Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.
Thu, 31 Jan 08
International Components for Unicode
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4770
libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka �), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.
Sat, 26 Jan 08
Seagull PHP Framework
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0465
Directory traversal vulnerability in optimizer.php in Seagull PHP Framework 0.6.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter.
Sat, 26 Jan 08
aconon Mail Enterprise SQL
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0464
Directory traversal vulnerability in archiv.cgi in absofort aconon Mail 2007 Enterprise SQL 11.7.0 and Mail 2004 Enterprise SQL 11.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
Sat, 26 Jan 08
Workflow
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0463
Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties.
Sat, 26 Jan 08
Archive Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0462
Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Sat, 26 Jan 08
PHP-Nuke
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0461
SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information.
Sat, 26 Jan 08
MediaWiki, ie, MediaWiki BotQuery Ext
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0460
Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Sat, 26 Jan 08
LiquidSilverCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0459
Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter.
Sat, 26 Jan 08
SLAED CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0458
Directory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlang parameter to index.php.
Sat, 26 Jan 08
Apache HTTP Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0456
CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple C...
Sat, 26 Jan 08
Apache HTTP Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0455
Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is o...
Sat, 26 Jan 08
Skype, ie
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0454
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS."
Sat, 26 Jan 08
AIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5764
Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option.
Sat, 26 Jan 08
PHP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4850
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a x00 sequence, a different vulnerability than CVE-2006-2563.
Sat, 26 Jan 08
Recipe Website Script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0453
SQL injection vulnerability in list.php in Easysitenetwork Recipe allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
Sat, 26 Jan 08
Siteman
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0452
Directory traversal vulnerability in articles.php in Siteman 1.1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the cat parameter in a viewart action.
Sat, 26 Jan 08
PacerCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0451
Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/.
Sat, 26 Jan 08
Blog CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0450
Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c allow remote attackers to execute arbitrary PHP code via a URL in the (1) DIR_PLUGINS parameter to (a) index.php, and the (2) DIR_LIBS parameter to (b) media.php and (c) xmlrpc/server.php in admin/.
Sat, 26 Jan 08
VP_ASP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0449
SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 26 Jan 08
phpSearch
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0448
PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.php in phpSearch allows remote attackers to execute arbitrary PHP code via a URL in the libcurlemuinc parameter.
Sat, 26 Jan 08
PHP Weblog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0447
SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter.
Sat, 26 Jan 08
LulieBlog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0446
SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 26 Jan 08
ELOG
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0445
The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information.
Sat, 26 Jan 08
ELOG
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0444
Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components.
Sat, 26 Jan 08
CVE-2008-0443 (FileUploader.dll)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0443
Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control in FileUploader.dll 2.0.0.2 in Lycos FileUploader Module allows remote attackers to execute arbitrary code via a long HandwriterFilename property value. NOTE: some of these details are obtained from third party information.
Sat, 26 Jan 08
Weblog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0442
PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CVE-2008-0376. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 26 Jan 08
Tivoli Business Service Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0441
IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in cleartext (1) after external authentication, which triggers writing the password to SM_server.log; and (2) after a reconfig action; which allows local users to obtain sensitive information.
Sat, 26 Jan 08
Debian Linux
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6415
Argument injection vulnerability in scponly 4.6 and earlier allows remote authenticated users to modify commands when scponly invokes (1) unison, (2) rsync, (3) svn, and (4) svnserve, which can be leveraged to execute arbitrary code, as demonstrated by the --diff3-cmd option to svn, a different vulnerability than CVE-2007-6350.
Sat, 26 Jan 08
Forum Pay Per Post Exchange
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0440
AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts.
Sat, 26 Jan 08
DeluxeBB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0439
Cross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter.
Sat, 26 Jan 08
sIFR
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0438
Cross-site scripting (XSS) vulnerability in the font rendering functionality in Novemberborn sIFR 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the txt parameter to a Flash (SWF) file, as demonstrated by fonts/FuturaLt.swf.
Sat, 26 Jan 08
HP Virtual Rooms, ActiveX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0437
Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information.
Sat, 26 Jan 08
MegaBBS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0436
Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp in PD9 Software MegaBBS 1.5.14b allows remote attackers to inject arbitrary web script or HTML via the target parameter.
Sat, 26 Jan 08
OZJournals
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0435
Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action.
Sat, 26 Jan 08
Axigen Mail Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0434
Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command.
Sat, 26 Jan 08
phpAutoVideo
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0433
PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614.
Sat, 26 Jan 08
phpAutoVideo
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0432
Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
Sat, 26 Jan 08
IDMOS CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0431
Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter.
Sat, 26 Jan 08
360 Web Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0430
SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter.
Sat, 26 Jan 08
Forum Pay Per Post Exchange
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0429
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.
Sat, 26 Jan 08
BloofoxCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0428
Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php.
Sat, 26 Jan 08
bloofoxCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0427
Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Sat, 26 Jan 08
PacerCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0426
Cross-site scripting (XSS) vulnerability in submit.php in PacerCMS before 0.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Sat, 26 Jan 08
Frimousse
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0425
Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter.
Thu, 24 Jan 08
MGBS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0424
SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) 1.0 allows remote attackers to execute arbitrary SQL commands via the month parameter.
Thu, 24 Jan 08
Lama Software
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0423
Multiple PHP remote file inclusion vulnerabilities in Lama Software allow remote attackers to execute arbitrary PHP code via a URL in the MY_CONF[classRoot] parameter to (1) inc.steps.access_error.php, (2) inc.steps.check_login.php, or (3) inc.steps.init_system.php in admin/functions/.
Thu, 24 Jan 08
BoastMachine
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0422
SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Thu, 24 Jan 08
Invision Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0421
SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command.
Thu, 24 Jan 08
AVS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0029
Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges.
Thu, 24 Jan 08
PIX 500 Series Security Appliance, 5500 Series Adaptive Security Appliance
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0028
Unspecified vulnerability in Cisco PIX 500 Series Security Appliance (PIX) and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet.
Thu, 24 Jan 08
HP-UX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6425
Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors.
Thu, 24 Jan 08
Mantis
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0404
Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the "Most active bugs" summary.
Thu, 24 Jan 08
F5D9230-4
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0403
The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi.
Thu, 24 Jan 08
Websphere Business Modeler Basic, Websphere Business Modeler Advanced
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0402
Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group.
Thu, 24 Jan 08
Tivoli Provisioning Manager OS Deployment
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0401
Unspecified vulnerability in the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment before 5.1.0.3 Interim Fix 3 allows attackers to cause a denial of service via unknown vectors.
Thu, 24 Jan 08
singapore, Modern
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0400
Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php.
Thu, 24 Jan 08
Surveillix RecordSend Class
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0399
Multiple buffer overflows in Toshiba Surveillance (Surveillix) RecordSend ActiveX control (MeIpCamX.DLL 1.0.0.4) allow remote attackers to execute arbitrary code via long arguments to the (1) SetPort and (2) SetIpAddress methods.
Thu, 24 Jan 08
Aflog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0398
Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form.
Thu, 24 Jan 08
aflog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0397
Multiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to comments.php and (2) an unspecified parameter to view.php.
Thu, 24 Jan 08
Update Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0396
Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.
Thu, 24 Jan 08
SupportSuite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0395
Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal.
Thu, 24 Jan 08
Citadel_SMTP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0394
Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information.
Thu, 24 Jan 08
GradMan
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0393
Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361.
Thu, 24 Jan 08
Visual Basic Enterprise Edition
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0392
Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line.
Thu, 24 Jan 08
aliTalk
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0391
inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters.
Thu, 24 Jan 08
AuraCMS, Mod Block Statistik
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0390
stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php.
Thu, 24 Jan 08
WebSphere Application Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0389
Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25 and 6.1 through 6.1.0.14 has unknown impact and attack vectors.
Thu, 24 Jan 08
WP_Forum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0388
SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI.
Thu, 24 Jan 08
Tomcat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0128
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests, making it easier for remote attackers to capture this cookie.
Thu, 24 Jan 08
Open_BSD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0384
OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked.
Thu, 24 Jan 08
MyBB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0383
Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php.
Thu, 24 Jan 08
MyBulletinBoard
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0382
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
Thu, 24 Jan 08
Mahara
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0381
Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files.
Thu, 24 Jan 08
CVE-2008-0380 (RtspVapgDecoder.dll)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0380
Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property.
Thu, 24 Jan 08
Crystal Reports, ActiveX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0379
Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow.
Thu, 24 Jan 08
SocksCap
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0378
Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname.
Thu, 24 Jan 08
MicroNews
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0377
MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php.
Thu, 24 Jan 08
Small Axe Weblog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0376
PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter.
Thu, 24 Jan 08
C5510 MFP Printer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0375
Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors.
Thu, 24 Jan 08
C5510 MFP Printer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0374
OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777.
Thu, 24 Jan 08
F1 Maxs File Uploader
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0373
Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files.
Thu, 24 Jan 08
R3000 Internet Filter
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0372
8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request.
Thu, 24 Jan 08
aliTalk
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0371
Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to (c) admin/index.php, related to functionz/first_process.php, or (d) index.php. NOTE: some of these detai...
Thu, 24 Jan 08
cPanel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0370
Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information.
Thu, 24 Jan 08
Nullsoft Winamp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0065
Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles.
Tue, 22 Jan 08
Informix Dynamic Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0369
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows attackers to create files via unspecified vectors involving the SQLIDEBUG environment variable.
Tue, 22 Jan 08
Informix Dynamic Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0368
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows attackers to create files via unspecified vectors involving the onedcu program.
Tue, 22 Jan 08
Firefox
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
Tue, 22 Jan 08
CORE FORCE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0366
CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments.
Tue, 22 Jan 08
CORE FORCE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0365
Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module.
Tue, 22 Jan 08
BitTorrent, uTorrent
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0364
Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.
Tue, 22 Jan 08
Xserver, Solaris libXfont, Solaris libfont
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0006
Buffer overflow in (1) X.Org Xserver before 1.4.1 and (2) the Sun Solaris libfont and libXfont libraries allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.
Tue, 22 Jan 08
Xserver, MIT-SHM, EVI
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6429
Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.
Tue, 22 Jan 08
Xserver, TOG-CUP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6428
The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.
Tue, 22 Jan 08
Xserver, XInput
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6427
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.
Tue, 22 Jan 08
Xserver
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5958
X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
Tue, 22 Jan 08
Xserver, XFree86-Misc
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5760
Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.
Tue, 22 Jan 08
Clever Copy
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0363
Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php.
Tue, 22 Jan 08
Clever Copy
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0362
Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the album parameter.
Tue, 22 Jan 08
GradMan
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0361
Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter.
Tue, 22 Jan 08
Blog CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0360
Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php.
Tue, 22 Jan 08
Blog CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0359
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/.
Tue, 22 Jan 08
Pixelpost
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0358
SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter.
Tue, 22 Jan 08
Mini File Host
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0357
Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
Tue, 22 Jan 08
CVE-2008-0356 (MetaFrame Presentation Server, Access Essentials, Desktop Server, Independent Man...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0356
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.
Tue, 22 Jan 08
PHPEcho CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0355
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866.
Tue, 22 Jan 08
Lotus Sametime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0354
Cross-site scripting (XSS) vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim.
Tue, 22 Jan 08
Php-residence
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0353
SQL injection vulnerability in visualizza_tabelle.php in php-residence 0.7.2 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cognome_cerca parameter. NOTE: some of these details are obtained from third party information.
Sat, 19 Jan 08
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0352
The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram).
Sat, 19 Jan 08
Evilsentinel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0351
admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php.
Sat, 19 Jan 08
Evilsentinel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0350
admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes.
Sat, 19 Jan 08
CVE-2008-0349 (Database 11g, Oracle 10g Database Release 2, Database 10g, Oracle 9i Database Rel...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0349
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02.
Sat, 19 Jan 08
CVE-2008-0348 (Database 11g, Oracle 10g Database Release 2, Database 10g, Oracle 9i Database Rel...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0348
Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18, 8.48.15, and 8.49.07 have unknown impact and remote attack vectors, aka (1) PSE01, (2) PSE03, and (3) PSE04.
Sat, 19 Jan 08
CVE-2008-0347 (Database 11g, Oracle 10g Database Release 2, Database 10g, Oracle 9i Database Rel...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0347
Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2 and Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka OCS01.
Sat, 19 Jan 08
CVE-2008-0346 (Database 11g, Oracle 10g Database Release 2, Database 10g, Oracle 9i Database Rel...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0346
Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01.
Sat, 19 Jan 08
CVE-2008-0345 (Database 11g, Oracle 10g Database Release 2, Database 10g, Oracle 9i Database Rel...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0345
Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.
Sat, 19 Jan 08
CVE-2008-0344 (Database 11g, Oracle 10g Database Release 2, Database 10g, Oracle 9i Database Rel...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0344
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack vectors, aka DB07.
Sat, 19 Jan 08
CVE-2008-0343 (Database 11g, Oracle 10g Database Release 2, Database 10g, Oracle 9i Database Rel...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0343
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has unknown impact and remote attack vectors, aka DB06.
Sat, 19 Jan 08
Oracle Database
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0342
Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB05.
Sat, 19 Jan 08
Oracle Database
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0341
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03.
Sat, 19 Jan 08
CVE-2008-0340 (Database 11g, Oracle 10g Database Release 2, Database 10g, Oracle 9i Database Rel...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0340
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB04).
Sat, 19 Jan 08
Oracle Database
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0339
Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01.
Sat, 19 Jan 08
Boost
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0172
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.
Sat, 19 Jan 08
Boost, Boost Regex Library
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0171
regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.
Sat, 19 Jan 08
MiniWeb HTTP Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0338
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.
Sat, 19 Jan 08
MiniWeb HTTP Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0337
Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI.
Sat, 19 Jan 08
CVE-2008-0336 (Bugtracker.NET)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0336
Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx.
Sat, 19 Jan 08
CVE-2008-0335 (Bugtracker.NET)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0335
Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field.
Sat, 19 Jan 08
PMachine Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0334
Cross-site scripting (XSS) vulnerability in pm/language/spanish/preferences.php in PMachine Pro 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the L_PREF_NAME[855] parameter.
Sat, 19 Jan 08
CVE-2008-0333 (MailBee WebMail Pro, ASP.NET)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0333
Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter.
Sat, 19 Jan 08
Aria
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0332
Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
Sat, 19 Jan 08
System Software
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0331
Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests.
Sat, 19 Jan 08
RADIUS_Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0330
Radiator before 4.0 allows remote attackers to cause a denial of service (daemon crash) via malformed RADIUS requests, as demonstrated by packets sent by nmap.
Sat, 19 Jan 08
LulieBlog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0329
LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter.
Sat, 19 Jan 08
FaName
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0328
SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 19 Jan 08
FaMp3
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0327
SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 19 Jan 08
FaPersianHack
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0326
SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php.
Sat, 19 Jan 08
FaPersian Petition
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0325
SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 18 Jan 08
VPN Client
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0324
Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.
Fri, 18 Jan 08
Unified Communications Manager, Unified CallManager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0027
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
Fri, 18 Jan 08
apt-listchanges
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0302
Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.
Fri, 18 Jan 08
Gallery WebCam Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6693
Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request."
Fri, 18 Jan 08
Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6692
Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules.
Fri, 18 Jan 08
Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6691
Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules.
Fri, 18 Jan 08
Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6690
The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors.
Fri, 18 Jan 08
Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6689
Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module.
Fri, 18 Jan 08
Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6688
Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder."
Fri, 18 Jan 08
Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6687
Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules; or via (3) HTTP PROPPATCH in the WebDAV module.
Fri, 18 Jan 08
Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6686
The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller.
Fri, 18 Jan 08
Gallery Publish XP Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6685
Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors.
Fri, 18 Jan 08
VLC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6684
The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.
Fri, 18 Jan 08
VLC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6683
The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.
Fri, 18 Jan 08
VLC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6682
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
Fri, 18 Jan 08
VLC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6681
Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
Fri, 18 Jan 08
Paramiko
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0299
common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.
Fri, 18 Jan 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0298
KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element.
Fri, 18 Jan 08
PhotoKorn
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0297
PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output.
Fri, 18 Jan 08
Excel, Excel Viewer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0081
Unspecified vulnerability in Microsoft Excel 2004 and earlier, and Microsoft Office Excel Viewer 2003, allows remote attackers to execute arbitrary code via an Excel file with a malformed header, which triggers memory corruption. NOTE: due to lack of details from the vendor, it is not clear whether this is the same issue as CVE-2007-3490.
Fri, 18 Jan 08
VLC Media Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0296
Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.
Fri, 18 Jan 08
VLC Media Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0295
Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.
Fri, 18 Jan 08
FreeSeat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0294
Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors.
Fri, 18 Jan 08
FreeSeat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0293
Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function.
Fri, 18 Jan 08
Photo Album
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0292
Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 18 Jan 08
RichStrong CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0291
SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Thu, 17 Jan 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0036
Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding.
Thu, 17 Jan 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0033
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with crafted Image Descriptor (IDSC) atoms, which triggers memory corruption.
Thu, 17 Jan 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0032
Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.
Thu, 17 Jan 08
SmartSockets RTserver, RTworks, Enterprise Message Service
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5658
Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow.
Thu, 17 Jan 08
SmartSockets RTserver, RTworks, Enterprise Message Service
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5657
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.
Thu, 17 Jan 08
SmartSockets RTserver, RTworks, Enterprise Message Service
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5656
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory.
Thu, 17 Jan 08
SmartSockets RTserver, RTworks, Enterprise Message Service
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5655
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.
Thu, 17 Jan 08
DigitalHive
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0290
Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php.
Thu, 17 Jan 08
Member Area System
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0289
PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter.
Thu, 17 Jan 08
ImageAlbum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0288
Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action.
Thu, 17 Jan 08
vcart
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0287
PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php.
Thu, 17 Jan 08
FreeBSD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0217
The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script.
Thu, 17 Jan 08
FreeBSD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0216
The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user.
Thu, 17 Jan 08
FreeBSD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0122
Off-by-one error in the inet_network function in libc in FreeBSD 6.2, 6.3, and 7.0-PRERELEASE and earlier allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
Thu, 17 Jan 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0035
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2 and iPod touch 1.1 through 1.1.2 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.
Thu, 17 Jan 08
iPhone
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0034
Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls.
Thu, 17 Jan 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0031
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execurte arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.
Thu, 17 Jan 08
Article Dashboard
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0286
SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields.
Thu, 17 Jan 08
ngIRCd
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0285
ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference.
Thu, 17 Jan 08
Simple Machines SMF
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0284
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments.
Thu, 17 Jan 08
DomPHP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0283
PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
Thu, 17 Jan 08
DomPHP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0282
SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter.
Thu, 17 Jan 08
ID-Commerce
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0281
SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter.
Thu, 17 Jan 08
MTCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0280
SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter.
Thu, 17 Jan 08
Xforum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0279
SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter. NOTE: the categorie parameter might also be affected.
Thu, 17 Jan 08
X7 Chat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0278
SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action.
Thu, 17 Jan 08
Fileshare_Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0277
Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors.
Thu, 17 Jan 08
Drupal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0276
Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table.
Thu, 17 Jan 08
Atom Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0275
The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content.
Thu, 17 Jan 08
Drupal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0274
Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.
Thu, 17 Jan 08
Drupal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0273
Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism.
Thu, 17 Jan 08
Drupal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0272
Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.
Thu, 17 Jan 08
BUEditor
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0271
The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces.
Wed, 16 Jan 08
TaskFreak
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0270
SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter.
Wed, 16 Jan 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0269
Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors.
Wed, 16 Jan 08
eTicket
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0268
Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Wed, 16 Jan 08
eTicket
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0267
Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php.
Wed, 16 Jan 08
eTicket
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0266
Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability.
Wed, 16 Jan 08
BIG-IP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0265
Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories.
Wed, 16 Jan 08
Meta_Tags_Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0264
Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 module for Drupal, when images are permitted in node bodies, allows remote authenticated users to execute arbitrary code via unspecified vectors involving creation of a node.
Wed, 16 Jan 08
firewall, Ingate_SIParator
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0263
The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors.
Wed, 16 Jan 08
phpAutoVideo
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0262
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.
Wed, 16 Jan 08
Mambo Open Source
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0261
Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors.
Wed, 16 Jan 08
minimal Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0260
minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function.
Wed, 16 Jan 08
minimal Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0259
Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters.
Wed, 16 Jan 08
phpRunMan
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0258
Cross-site scripting (XSS) vulnerability in index.php in PHP Running Management (phpRunMan) before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
Wed, 16 Jan 08
Search Engine
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0257
Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search Engine 2.7 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 16 Jan 08
ASP Photo Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0256
Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp.
Wed, 16 Jan 08
iGaming
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0255
SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter.
Wed, 16 Jan 08
TutorialCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0254
SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter.
Wed, 16 Jan 08
SBuilder
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0253
SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter.
Wed, 16 Jan 08
GForge
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0173
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.
Wed, 16 Jan 08
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0001
VFS in the Linux kernel before 2.6.23.14 performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass file permissions.
Wed, 16 Jan 08
CherryPy
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0252
Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.
Wed, 16 Jan 08
Photopost vBGallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0251
Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.
Wed, 16 Jan 08
Visual InterDev
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0250
Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long Project line.
Wed, 16 Jan 08
phpWebquest
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0249
PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments.
Wed, 16 Jan 08
ChainCast ProxyManager ActiveX Control
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0248
Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ChainCast ProxyManager allows remote attackers to execute arbitrary code via a long URL argument to the InternalTuneIn method.
Wed, 16 Jan 08
Tivoli Storage Manager Express
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0247
Heap-based buffer overflow in IBM Tivoli Storage Manager (TSM) Express 5.3 before 5.3.7.3 allows remote attackers to execute arbitrary code via a crafted packet.
Wed, 16 Jan 08
Uploadscript, UploadImage
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0246
admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.
Wed, 16 Jan 08
Uploadscript, UploadImage
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0245
admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.
Wed, 16 Jan 08
MaxDB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0244
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.
Wed, 16 Jan 08
Lotus Domino
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0243
Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors.
Wed, 16 Jan 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0242
Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.
Wed, 16 Jan 08
fedora, Mandrake Linux, Mandrake Corporate Server, Debian Linux
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6284
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
Wed, 16 Jan 08
Moodle
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0123
Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete.
Wed, 16 Jan 08
Apache HTTP Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0005
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
Wed, 16 Jan 08
Apache HTTP Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6423
** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
Wed, 16 Jan 08
HTTP Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6420
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unpsecified vectors.
Wed, 16 Jan 08
Java System Identity Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0241
Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 to allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter.
Wed, 16 Jan 08
Java System Identity Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0240
/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."
Wed, 16 Jan 08
Java System Identity Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0239
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.
Wed, 16 Jan 08
xine-lib
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0238
Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 10 Jan 08
eggblog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0159
SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie.
Thu, 10 Jan 08
Shop-Script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0158
Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter.
Thu, 10 Jan 08
FlexBB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0157
SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie.
Thu, 10 Jan 08
Million Dollar Script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0156
Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter.
Thu, 10 Jan 08
EvilBoard
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0155
Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter.
Thu, 10 Jan 08
EvilBoard
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0154
SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execute arbitrary SQL commands the c parameter.
Thu, 10 Jan 08
Pragma TelnetServer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0153
telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers to cause a denial of service (process crash and resource exhaustion) via a crafted TELOPT PRAGMA LOGON telnet option, which triggers a NULL pointer dereference.
Thu, 10 Jan 08
SLNet RF Telnet Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0152
SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unpsecified telnet options, which triggers a NULL pointer dereference. NOTE: the crash is not user-assisted when the server is running in debug mode.
Thu, 10 Jan 08
WAC Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0151
Foxit WAC Server 2.1.0.910 and earlier allows remote attackers to cause a denial of service (crash) via a Telnet request with long options.
Thu, 10 Jan 08
Aruba Mobility Controllers
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0150
Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access.
Thu, 10 Jan 08
Tutos
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0149
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function.
Thu, 10 Jan 08
Tutos
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0148
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.
Thu, 10 Jan 08
SmallNuke
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0147
SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action.
Thu, 10 Jan 08
netOctopus
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5761
The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the .NantSys device interface (nantsys.sys), which allows local users to gain privileges or cause a denial of service (system crash), as demonstrated by modifying the SYSENTER_EIP_MSR CPU Model Specific Register (MSR) value.
Thu, 10 Jan 08
ZENworks Endpoint Security Management
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5665
STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diagnostic reports, which allows local users to gain privileges, as demonstrated by creating a cmd.exe binary in the diagnostic report directory.
Thu, 10 Jan 08
Management Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0003
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus) might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.
Thu, 10 Jan 08
ESX Server, Management Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5360
Buffer overflow in OpenPegasus Management server, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003.
Thu, 10 Jan 08
windows-nt, Windows Server 2003
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5352
Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
Thu, 10 Jan 08
windows-nt, Windows Server 2003, Windows Vista
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0069
Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service and execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
Thu, 10 Jan 08
windows-nt, Windows Server 2003
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0066
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
Thu, 10 Jan 08
W3-mSQL
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0146
Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the top-level URI.
Thu, 10 Jan 08
PHP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0145
Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663.
Thu, 10 Jan 08
NetRisk
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0144
PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences.
Thu, 10 Jan 08
samPHPweb
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0143
PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter.
Thu, 10 Jan 08
WebPortal CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0142
Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors.
Thu, 10 Jan 08
WebPortal CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0141
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action.
Thu, 10 Jan 08
Webmail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0140
Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172.
Thu, 10 Jan 08
LoudBlog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0139
Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter.
Thu, 10 Jan 08
XoopsGallery Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0138
PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.
Thu, 10 Jan 08
PHP CLASSIFIEDS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0137
PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.
Wed, 9 Jan 08
Snitz Forums
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0136
Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path.
Wed, 9 Jan 08
Snitz Forums
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0135
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
Wed, 9 Jan 08
Snitz Forums
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0134
Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter.
Wed, 9 Jan 08
Tribisur
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0133
Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to cat_main.php and the (2) cat parameter to forum.php in a liste action.
Wed, 9 Jan 08
Uber Uploader
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6676
The default configuration of Uber Uploader (UU) 5.3.6 and earlier does not block uploads of (1) .html, (2) .asp, and other possibly dangerous extensions, which allows remote attackers to use these extensions in uploads via (a) uu_file_upload.php, related to uu_file_upload.js and (b) uber_uploader_file.php, related to uber_uploader_file.js, a different issue than CVE-2007-0123. NOTE: the vendor disputes the severity of the issue, noting that it is the administrator's responsibility to "add fi...
Wed, 9 Jan 08
Xoops
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6675
The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules.
Wed, 9 Jan 08
Database
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6674
Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attackers to inject arbitrary web script or HTML via the Arayalim parameter.
Wed, 9 Jan 08
Apache HTTP Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6421
Cross-site scripting (XSS) vulnerability in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Wed, 9 Jan 08
Apache HTTP Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6422
Unspecified vulnerability in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via a crafted request.
Wed, 9 Jan 08
Apache HTTP Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6388
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Wed, 9 Jan 08
FortressSSH
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0132
Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username.
Wed, 9 Jan 08
Dating_Site
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0131
Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 9 Jan 08
Dating_Site
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0130
SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-????-????. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 9 Jan 08
SiteAtSchool
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0129
SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the album_name parameter.
Wed, 9 Jan 08
Makale Scripti
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6673
Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action.
Wed, 9 Jan 08
Jetty
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6672
Directory traversal vulnerability in Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read arbitrary files via directory traversal sequences in the URI, as demonstrated by files in WEB-INF, related to improper handling of consecutive '/' (slash) characters.
Wed, 9 Jan 08
Dating_Site
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6671
SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021. NOTE: some of these details are obtained from third party information.
Wed, 9 Jan 08
White_Dune
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0101
Format string vulnerability in the swDebugf function in DuneApp.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a .WRL file.
Wed, 9 Jan 08
White_Dune
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0100
Stack-based buffer overflow in the Scene::errorf function in Scene.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via a long string in a .WRL file.
Wed, 9 Jan 08
MyPHP Forum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0099
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors.
Wed, 9 Jan 08
RealPlayer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0098
Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Wed, 9 Jan 08
SSH2 Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0097
Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username field, as demonstrated by a certain LoginPassword message.
Wed, 9 Jan 08
SSH2 Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0096
Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allow remote attackers to execute arbitrary code via a (1) a long username, which triggers an overflow in the log function; or (2) a long password.
Wed, 9 Jan 08
CVE-2008-0095 (Open Source, Asterisk Business Edition, Asterisk Appliance Developer Kit, Asteris...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0095
The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
Wed, 9 Jan 08
MODxCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0094
Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php.
Wed, 9 Jan 08
PHCDownload
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6670
SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter.
Wed, 9 Jan 08
PHCDownload
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6669
Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the string parameter.
Wed, 9 Jan 08
MySpace_Content_Zone
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6668
admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading (1) a .php file and (2) a .php%00.jpeg file.
Wed, 9 Jan 08
eTicket
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0093
Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters.
Tue, 8 Jan 08
QSslSocket
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5965
QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user.
Sat, 5 Jan 08
MyPHP Forum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6667
SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the member.php vector is already covered by CVE-2005-0413.
Sat, 5 Jan 08
zenphoto
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6666
SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter.
Sat, 5 Jan 08
oneSCHOOL
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6665
SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to execute arbitrary SQL commands via the txtLoginID parameter.
Sat, 5 Jan 08
WebPortal CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6664
SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.
Sat, 5 Jan 08
PU Arcade
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6663
SQL injection vulnerability in index.php in the Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3 and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter.
Sat, 5 Jan 08
CuteNews
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6662
Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php.
Sat, 5 Jan 08
2z Project
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6661
2z project 0.9.6.1 allows attackers to change the password without supplying the old password.
Sat, 5 Jan 08
2z Project
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6660
2z project 0.9.6.1 allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid template or (2) a request to the default URI with certain year and month parameters, which reveals the path in various error messages.
Sat, 5 Jan 08
2z Project
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6659
Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) contentshort or (2) contentfull parameter in an addnews action to the default URI; (3) the content parameter in a pm write action to 2z/admin.php; (4) the referer parameter to templates/default/usermenu.tpl, accessed through index.php; or the (5) newavatar or (6) newphoto parameter in a profile action to the default URI under 2z/.
Sat, 5 Jan 08
CCMS
http: