Software Vulnerability
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Archives
| Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |Mon, 31 Mar 08
Webshop
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1541
Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS Webshop 2.50 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.
Mon, 31 Mar 08
Datsogallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1540
SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Mon, 31 Mar 08
PHP_Nuke Platinum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1539
SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary SQL commands via the p parameter to modules.php for the Forums module.
Mon, 31 Mar 08
EventLog Analyzer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1538
Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Mon, 31 Mar 08
PowerBook
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1537
Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
Mon, 31 Mar 08
PicturesPro Photo Cart
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1536
Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro (aka Tim Grissett) Photo Cart 4.1 allows remote attackers to inject arbitrary web script or HTML via the amessage parameter. NOTE: some of these details are obtained from third party information.
Mon, 31 Mar 08
Rekry Component
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1535
SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php.
Mon, 31 Mar 08
PowerPHPBoard
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1534
Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) settings[footer] parameter to footer.inc.php and the (2) settings[header] parameter to header.inc.php.
Mon, 31 Mar 08
eDirectory
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0926
Unspecified vulnerability in the eMBox utility in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, allows remote attackers to cause a denial of service or access local files via unknown vectors, probably involving unauthenticated SOAP requests.
Mon, 31 Mar 08
eDirectory
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0924
Stack-based buffer overflow in the DoLBURPRequest function in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) and possibly execute arbitrary code via a long LDAP Extended Request message, probably involving a long Distinguished Name (DN) field.
Mon, 31 Mar 08
Firefox, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1240
LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195.
Mon, 31 Mar 08
Joomla
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1533
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors.
Mon, 31 Mar 08
perlbal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1532
Perlbal before 1.70, when buffered upload is enabled, allows remote attackers to cause a denial of service (crash) via a zero-byte chunked upload.
Mon, 31 Mar 08
lighttpd
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.
Mon, 31 Mar 08
GnuPG
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1530
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."
Mon, 31 Mar 08
NetBSD, FreeBSD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1391
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
Mon, 31 Mar 08
PHP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1384
Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions).
Mon, 31 Mar 08
Cisco IOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1152
The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets.
Mon, 31 Mar 08
Cisco IOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1151
Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566.
Mon, 31 Mar 08
Cisco IOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1150
The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309.
Mon, 31 Mar 08
Firefox, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1241
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.
Mon, 31 Mar 08
Firefox, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1238
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms.
Mon, 31 Mar 08
Firefox, Thunderbird, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1237
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.
Mon, 31 Mar 08
Firefox, Thunderbird, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1236
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.
Mon, 31 Mar 08
Firefox, Thunderbird, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1235
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals."
Mon, 31 Mar 08
Firefox, Thunderbird, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1234
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers."
Mon, 31 Mar 08
Firefox, Thunderbird, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1233
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."
Mon, 31 Mar 08
Cisco IOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1156
Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message.
Mon, 31 Mar 08
Cisco IOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1153
Cisco IOS 12.1, 12.2, 12.3, and 12.4 with IPv6 enabled allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device.
Mon, 31 Mar 08
Supervisor Engine, Route Switch Processor
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0537
Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors.
Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1529
ZyXEL Prestige routers have a minimum password length for the admin account that is too small, which makes it easier for remote attackers to guess passwords via brute force methods.
Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1528
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys.
Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1527
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), support authentication over HTTP via a hash string in the hiddenPassword field, which allows remote attackers to obtain access via a replay attack.
Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1526
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords.
Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1525
The default SNMP configuration on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has a Trusted Host value of 0.0.0.0, which allows remote attackers to send SNMP requests from any source IP address.
Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1524
The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has "public" as its default community for both (1) read and (2) write operations, which allows remote attackers to perform administrative actions via SNMP, as demonstrated by reading the Dynamic DNS service password or inserting an XSS sequence into the system.sysName.0 variable, which is displayed on the System Status page.
Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1523
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain ISP and Dynamic DNS credentials by sending a direct request for (1) WAN.html, (2) wzPPPOE.html, and (3) rpDyDNS.html, and then reading the HTML source.
Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1522
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), have (1) "user" as their default password for the "user" account and (2) "1234" as their default password for the "admin" account, which makes it easier for remote attackers to obtain access.
Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1521
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to gain privileges by accessing administrative URIs, as demonstrated by rpSysAdmin.html.
Wed, 26 Mar 08
Peel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1507
PEEL, possibly 3.x and earlier, has (1) a default info@peel.fr account with password admin, and (2) a default contact@peel.fr account with password cinema, which allows remote attackers to gain administrative access.
Wed, 26 Mar 08
Peel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1506
PEEL, possibly 3.x and earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
Wed, 26 Mar 08
Custompages, com_custompages
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1505
PHP remote file inclusion vulnerability in the SSTREAMTV custompages (com_custompages) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the cpage parameter to index.php.
Wed, 26 Mar 08
phpMyChat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1504
Cross-site scripting (XSS) vulnerability in setup.php3 in phpHeaven phpMyChat 0.14.5 allows remote attackers to inject arbitrary web script or HTML via the Lang parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 26 Mar 08
BIG-IP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1503
Cross-site scripting (XSS) vulnerability in the web management interface in F5 BIG-IP 9.4.3 allows remote attackers to inject arbitrary web script or HTML via (1) the name of a node object, or the (2) sysContact or (3) sysLocation SNMP configuration field, aka "Audit Log XSS." NOTE: these issues might be resultant from cross-site request forgery (CSRF) vulnerabilities.
Wed, 26 Mar 08
eGroupWare
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1502
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in eGroupWare before 1.4.003 allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
Wed, 26 Mar 08
IRCU, snircd
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1501
The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.12 and earlier, (2) snircd 1.3.4 and earlier, and unspecified other ircu derivatives allows remote attackers to cause a denial of service (daemon crash) via a malformed MODE command.
Wed, 26 Mar 08
Tiny Portal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1500
Cross-site scripting (XSS) vulnerability in index.php in TinyPortal 0.8.6 and 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 26 Mar 08
cPanel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1499
Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.
Wed, 26 Mar 08
SurgeMail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1498
Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command.
Wed, 26 Mar 08
SurgeMail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1497
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.
Wed, 26 Mar 08
Peel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1496
Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in factures/facture_html.php.
Wed, 26 Mar 08
Peel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1495
Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by (1) image/gif and (2) application/pdf.
Wed, 26 Mar 08
Easy-Clanpage
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1494
SQL injection vulnerability in inc/module/online.php in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a user details action, a different vector than CVE-2008-1425.
Wed, 26 Mar 08
Bin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1493
Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
Wed, 26 Mar 08
phpAddressBook
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1492
Multiple directory traversal vulnerabilities in CoronaMatrix phpAddressBook 2.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php and (2) install.php.
Wed, 26 Mar 08
Remote Console
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1491
Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623.
Wed, 26 Mar 08
Image Uploader ActiveX control, ImageUploader4
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1490
Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4.ocx 4.1.36.0, as used with Piczo (aka Pizco) and possibly other online services, allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long Action property, a different CLSID than CVE-2008-0659.
Wed, 26 Mar 08
Word
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1092
Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: this issue might be related to CVE-2007-6026.
Wed, 26 Mar 08
VLC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1489
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
Wed, 26 Mar 08
ZyWALL
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1160
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.
Wed, 26 Mar 08
Alternative PHP Cache
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1488
Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) 3.0.11 through 3.0.16 allows remote attackers to execute arbitrary code via a long filename.
Wed, 26 Mar 08
LinPHA
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1487
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php.
Wed, 26 Mar 08
Phorum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1486
SQL injection vulnerability in Phorum before 5.2.6 , when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.
Wed, 26 Mar 08
PunBB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1485
Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php.
Wed, 26 Mar 08
PunBB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1484
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.
Wed, 26 Mar 08
OpenSSH
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1483
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Wed, 26 Mar 08
FreeWebShop
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6711
Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2.2.6 and 2.2.7WIP1/2 allows remote attackers to gain administrator privileges via unknown vectors.
Wed, 26 Mar 08
xine-lib
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1482
Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, ...
Wed, 26 Mar 08
webSPELL
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1481
Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 26 Mar 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1480
rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial of service (daemon crash) via a malformed RPC request.
Wed, 26 Mar 08
cfnetgs
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1479
Cross-site scripting (XSS) vulnerability in index.php in cyberfrogs.net cfnetgs 0.24 allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 26 Mar 08
Home Ftp Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1478
Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of service (crash) by opening a FTP passive mode connection, then closing the original FTP connection. NOTE: some of these details are obtained from third party information.
Wed, 26 Mar 08
eForum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1477
Multiple cross-site scripting (XSS) vulnerabilities in busca.php in eForum 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) busca and (2) link parameters.
Wed, 26 Mar 08
Serendipity
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1476
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks.
Wed, 26 Mar 08
Roundup
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1475
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
Wed, 26 Mar 08
Roundup
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1474
Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors.
Wed, 26 Mar 08
Altiris Deployment Solution
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1473
The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x to 6.9.164 allows local users to gain privileges via a "Shatter" style attack.
Wed, 26 Mar 08
Unicenter DSM r11 List Control ATX, BrightStor ARCserve Backup Laptops_Desktops
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1472
Stack-based buffer overflow in the ListCtrl.ocx ActiveX Control in CA BrightStor ARCserve Backup R11.5 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.
Wed, 26 Mar 08
Panda Internet Security, Panda Antivirus and Firewall
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1471
The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory.
Wed, 26 Mar 08
WebID
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1470
Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.
Wed, 26 Mar 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0951
Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions.
Wed, 26 Mar 08
phpstats
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0125
Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wagner phpstats 0.1 alpha allows remote attackers to inject arbitrary web script or HTML via the baseDir parameter.
Wed, 26 Mar 08
xine-lib
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0073
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.
Wed, 26 Mar 08
Gallarific
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1469
Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 26 Mar 08
Namazu
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1468
Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information.
Wed, 26 Mar 08
CenterIM
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1467
CenterIM 4.22.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to "received URLs in the message window."
Wed, 26 Mar 08
W-Agora
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1466
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 26 Mar 08
Restaurante component for Joomla
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1465
SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562.
Wed, 26 Mar 08
Gallarific
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1464
Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) query parameter to (a) search.php; (2) gusername and (3) gpassword parameters to (b) login.php; and the (4) username and (5) password parameters to (c) gadmin/index.php in a signin action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 26 Mar 08
SecureSphere MX Management Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1463
Cross-site scripting (XSS) vulnerability in the management GUI in Imperva SecureSphere MX Management Server 5.0 allows remote attackers to inject arbitrary web script or HTML via an invalid or prohibited request to a web server protected by SecureSphere, which triggers injection into the "corrective action" section of an alert page.
Wed, 26 Mar 08
RunCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1462
SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action.
Wed, 26 Mar 08
XnView Standard
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1461
Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker.
Wed, 26 Mar 08
Joovideo, com_joovideo
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1460
SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
Wed, 26 Mar 08
com_alberghi
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1459
SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
Wed, 26 Mar 08
CS-Cart
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1458
Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action.
Wed, 26 Mar 08
s800i, AsteriskNOW, Asterisk Business Edition, Asterisk Appliance Developer Kit
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1390
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
Wed, 26 Mar 08
ViewVC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1292
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.
Wed, 26 Mar 08
ViewVC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1291
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
Wed, 26 Mar 08
ViewVC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1290
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
Wed, 26 Mar 08
CVE-2008-1289 (Open Source, Asterisk Business Edition, AsteriskNOW, Asterisk Appliance Developer...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1289
Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memo...
Tue, 25 Mar 08
Flash
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1201
Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Windows allow user-assisted remote attackers to execute arbitrary code via a crafted .FLA file.
Fri, 21 Mar 08
SupportCenter Plus
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1432
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 21 Mar 08
Firmware
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1431
RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key.
Fri, 21 Mar 08
ASPapp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1430
SQL injection vulnerability in links.asp in ASPapp allows remote attackers to execute arbitrary SQL commands via the CatId parameter.
Fri, 21 Mar 08
SILC-Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1429
Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows remote attackers to cause a denial of service (daemon crash) via a NEW_CLIENT packet without a nickname.
Fri, 21 Mar 08
Ubercart Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1428
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product.
Fri, 21 Mar 08
Acajoom, com_acajoom
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1427
SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php.
Fri, 21 Mar 08
KAPhotoservice
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1426
SQL injection vulnerability in album.asp in KAPhotoservice allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
Fri, 21 Mar 08
Easy-Clanpage
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1425
SQL injection vulnerability in index.php in the gallery module in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a kate action.
Fri, 21 Mar 08
Axyl
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1417
The prerm script in axyl 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the axyl.conf temporary file.
Fri, 21 Mar 08
PHPauction GPL
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1416
Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) converter.inc.php, (2) messages.inc.php, and (3) settings.inc.php in includes/.
Fri, 21 Mar 08
Multiple Time Sheets
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1415
Directory traversal vulnerability in index.php in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to read arbitrary files via "../..//" (modified dot dot) sequences in the tab parameter.
Fri, 21 Mar 08
Multiple Time Sheets
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1414
Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php, (3) invoices.php, (4) smartlinks.php, and (5) todo.php, as demonstrated using a META tag.
Fri, 21 Mar 08
sNews CMS Rus
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1413
Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus 2.1 through 2.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
Fri, 21 Mar 08
CVE-2008-1412 (F-Secure Internet Security, F-Secure Anti-Virus, F-Secure Client Security, F-Secu...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1412
Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Fri, 21 Mar 08
Snap_Deploy
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1411
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.
Fri, 21 Mar 08
Snap_Deploy
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1410
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.
Fri, 21 Mar 08
Exero CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1409
Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to (1) index.php, (2) editpassword.php, and (3) avatar.php in usercp/; (4) custompage.php; (5) errors/404.php; (6) memberslist.php and (7) profile.php in members/; (8) index.php and (9) fullview.php in news/; and (10) nopermission.php.
Fri, 21 Mar 08
phpBP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1408
SQL injection vulnerability in includes/functions/banners-external.php in phpBP 2 RC3 (2.204) FIX 4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a banner_out action.
Fri, 21 Mar 08
eXV2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1407
SQL injection vulnerability in index.php in the WebChat 1.60 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.
Fri, 21 Mar 08
eXV2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1406
SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the lid parameter in an ImprAnn action.
Fri, 21 Mar 08
CVE-2008-1405 (fuzzylime (cms))
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1405
PHP remote file inclusion vulnerability in code/display.php in fuzzylime cms 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter.
Fri, 21 Mar 08
eXV2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1404
SQL injection vulnerability in index.php in the Viso (Industry Book) 2.04 and 2.03 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the kid parameter.
Fri, 21 Mar 08
TFTPD, Administrator
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1403
Stack-based buffer overflow in the TFTP server in BootManage TFTPD 1.99 and earlier in BootManage Administrator 7.1 and earlier allows remote attackers to execute arbitrary code via a request with a long filename.
Fri, 21 Mar 08
Net Inspector
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1402
MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to cause a (1) denial of service (exception and crash) via a UDP packet to the SNMP Trap Service (MgWTrap3.exe) or (2) denial of service (device freeze or memory consumption) via a malformed TCP packet to the Net Inspector Server (niengine).
Fri, 21 Mar 08
Net Inspector
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1401
Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in an HTTP GET request, which is recorded in a log file.
Fri, 21 Mar 08
Net Inspector
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1400
Directory traversal vulnerability in the Net Inspector HTTP Server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to read arbitrary files via a ".." (dot dot backslash) or "../" (dot dot slash) in the GET command.
Fri, 21 Mar 08
Clansphere
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1399
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Clansphere 2008 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 21 Mar 08
AuraCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1398
SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.
Fri, 21 Mar 08
Apple AirPort Extreme Base Station
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1012
Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input validation."
Fri, 21 Mar 08
VPN-1 Power_UTM with NGX, Check Point VPN-1 Pro, VPN-1 Firewall-1
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1397
Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint.
Fri, 21 Mar 08
Plone CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1396
Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network.
Fri, 21 Mar 08
Plone CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1395
Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes it easier for context-dependent attackers to reuse a logged-out session.
Fri, 21 Mar 08
Plone CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1394
Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.
Fri, 21 Mar 08
Plone CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1393
Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.
Fri, 21 Mar 08
VMWare Workstation, ACE, Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1392
The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.
Fri, 21 Mar 08
VMWare Workstation, VMware Server, Player, ACE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1364
Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service.
Fri, 21 Mar 08
VMWare Workstation, Player, VMware Server, ACE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1363
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process."
Fri, 21 Mar 08
VMWare Workstation, VMware Server, Player, ACE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1362
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361.
Fri, 21 Mar 08
VMWare Workstation, VMware Server, Player, ACE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1361
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362.
Fri, 21 Mar 08
VMWare Workstation, VMware Server, Player, ACE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1340
Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger "memory exhaustion and memory corruption."
Fri, 21 Mar 08
Open Source
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1333
Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function.
Fri, 21 Mar 08
CVE-2008-1332 (Open Source, Asterisk Business Edition, AsteriskNOW, Asterisk Appliance Developer...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1332
Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
Fri, 21 Mar 08
Directory Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0889
Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script.
Fri, 21 Mar 08
StorageWorks Library and Tape Tools
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0707
HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX B.11.11 and B.11.23 allows local users to gain privileges via unspecified vectors.
Fri, 21 Mar 08
Plone CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0164
Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page.
Fri, 21 Mar 08
Business Objects
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6254
Stack-based buffer overflow in the SAP Business Objects BusinessObjects RptViewerAX ActiveX control in RptViewerAX.dll in Business Objects 6.5 before CHF74 allows remote attackers to execute arbitrary code via unspecified vectors.
Fri, 21 Mar 08
Rational ClearQuest
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4592
Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, and userNameVal parameters to the login component.
Thu, 20 Mar 08
Kerberos 5
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0063
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka ""Uninitialized stack values."
Thu, 20 Mar 08
Kerberos 5
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0062
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1011
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame.
Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1010
Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript.
Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1009
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.
Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1008
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.
Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1007
WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, 2which allows remote attackers to conduct cross-site scripting (XSS) attacks.
Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1006
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.
Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1005
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.
Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1004
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector.
Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1003
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain.
Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1002
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL.
Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1001
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page.
Thu, 20 Mar 08
Kerberos 5
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0948
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h library does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.
Thu, 20 Mar 08
Kerberos 5
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0947
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
Thu, 20 Mar 08
CVE-2008-1000
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1000
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.
Thu, 20 Mar 08
CVE-2008-0999
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0999
Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of servicr (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0998
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.
Thu, 20 Mar 08
CVE-2008-0996
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0996
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.
Thu, 20 Mar 08
CVE-2008-0995
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0995
The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.
Thu, 20 Mar 08
CVE-2008-0994
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0994
Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods.
Thu, 20 Mar 08
Podcast Producer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0993
Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0992
Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0990
notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0989
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0988
Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0987
Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2 allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0060
Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0059
Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0058
Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0056
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0055
Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0054
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.
Thu, 20 Mar 08
CVE-2008-0053
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0053
Unspecified vulnerability in CUPS before 1.3.6 in Apple Mac OS X 10.5.2 has unknown impact and attack vectors related to "input validation."
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0052
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.
Thu, 20 Mar 08
CUPS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0047
Heap-based buffer overflow in CUPS in Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.
Thu, 20 Mar 08
Linux
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1383
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which (1) allows local users to extract the key from the binpkg, and (2) causes multiple systems that use this binpkg to have the same SSL key and certificate.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0997
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0057
Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0051
Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0050
CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0049
AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to provileged applications.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0048
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0046
The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0045
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names.
Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0044
Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL.
Thu, 20 Mar 08
bzip2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1372
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite.
Thu, 20 Mar 08
Drake CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1371
Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 20 Mar 08
Yap Blog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1370
PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 20 Mar 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1369
A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors.
Thu, 20 Mar 08
Groupwise
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1330
Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker.
Wed, 19 Mar 08
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1368
CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. NOTE: a trailing "//" can force Internet Explorer to try to reuse an...
Wed, 19 Mar 08
Informix Dynamic Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0949
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet.
Wed, 19 Mar 08
Informix Dynamic Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0727
Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value.
Wed, 19 Mar 08
gcc
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1367
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.
Wed, 19 Mar 08
OfficeScan Corporate Edition
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1366
Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or (2) invalid characters in unspecified CGI arguments, which triggers a NULL pointer dereference.
Wed, 19 Mar 08
OfficeScan Corporate Edition
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1365
Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.
Wed, 19 Mar 08
rPath Linux
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0888
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possible execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
Wed, 19 Mar 08
Nagios
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1360
Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624.
Wed, 19 Mar 08
Invision Power Board
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1359
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913.
Wed, 19 Mar 08
MDaemon
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1358
Sack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY.
Wed, 19 Mar 08
McAfee Framework, ePolicy Orchestrator, CMA, Agent
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1357
Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8.
Wed, 19 Mar 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1356
Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash.
Wed, 19 Mar 08
Jeebles Directory
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1355
Cross-site scripting (XSS) vulnerability in index.php in Jeebles Technology Jeebles Directory 2.9.60 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 19 Mar 08
Virtual Support Office_XP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1354
SQL injection vulnerability in MyIssuesView.asp in Advanced Data Solutions Virtual Support Office-XP (VSO-XP) allows remote attackers to execute arbitrary SQL commands via the Issue_ID parameter.
Wed, 19 Mar 08
ZABBIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1353
zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero.
Wed, 19 Mar 08
EdiorCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1352
Directory traversal vulnerability in search.php in EdiorCMS (ecms) 3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the SearchTemplate parameter during a Title search.
Wed, 19 Mar 08
Tutoriais Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1351
SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through a printpage action to index.php.
Wed, 19 Mar 08
Fully Modded phpBB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1350
SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action.
Wed, 19 Mar 08
BamaGalerie, eXV2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1349
SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Wed, 19 Mar 08
eWeather
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1348
Cross-site scripting (XSS) vulnerability in index.php in the eWebsite eWeather (Weather) module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the chart parameter to modules.php.
Wed, 19 Mar 08
EasyCalendar
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1347
Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the q parameter in an about action to the help system.
Wed, 19 Mar 08
EasyCalendar
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1346
SQL injection vulnerability in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action.
Wed, 19 Mar 08
EasyCalendar
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1345
Cross-site scripting (XSS) vulnerability in plugins/calendar/calendar_backend.php in MyioSoft EasyCalendar 4.0tr and earlier allows remote attackers to inject arbitrary web script or HTML via the day parameter in a dayview action.
Wed, 19 Mar 08
EasyCalendar
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1344
Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in a dayview action to plugins/calendar/calendar_backend.php and the (2) page parameter to ajaxp_backend.php.
Wed, 19 Mar 08
UnixWare
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1343
Directory traversal vulnerability in pkgadd and pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors.
Wed, 19 Mar 08
BPM_Suite, CollagePortal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1342
Multiple cross-site scripting (XSS) vulnerabilities in the search feature in Polymita BPM-Suite and CollagePortal allow remote attackers to inject arbitrary web script or HTML via the (1) _q and (2) lucene_index_field_value parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 19 Mar 08
StoreFront
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1341
SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 18 Mar 08
Perforce Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1338
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted.
Tue, 18 Mar 08
Timbuktu Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1337
The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of service (CPU consumption and daemon termination) via an invalid or partial message.
Tue, 18 Mar 08
ciscoWorks_internetwork_performance_monitor
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1157
Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands.
Tue, 18 Mar 08
Timbuktu Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1118
Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields.
Tue, 18 Mar 08
Timbuktu Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1117
Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.
Tue, 18 Mar 08
ACS for Windows, ACS Solution Engine, user_changeable_password
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0533
Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.
Tue, 18 Mar 08
ACS for Windows, ACS Solution Engine, user_changeable_password
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0532
Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors.
Sat, 15 Mar 08
Koobi CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1336
SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows remote attackers to execute arbitrary SQL commands via the categ parameter in a links action to index.php, a different vector than CVE-2008-1122.
Sat, 15 Mar 08
NetBSD, NetBSD Current
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1335
The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905.
Sat, 15 Mar 08
Home Hub
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1334
cgi/b on the BT Home Hub router allows remote attackers to bypass authentication, and read or modify administrative settings or make arbitrary VoIP telephone calls, by placing a character at the end of the PATH_INFO, as demonstrated by (1) %5C (encoded backslash), (2) '%' (percent), and (3) '~' (tilde). NOTE: the '/' (slash) vector is already covered by CVE-2007-5383.
Sat, 15 Mar 08
WAG54GS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6709
The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.
Sat, 15 Mar 08
WAG54GS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6708
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi.
Sat, 15 Mar 08
WAG54GS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6707
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574.
Sat, 15 Mar 08
Gallarific
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1327
Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 15 Mar 08
Gallarific
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1326
Cross-site scripting (XSS) vulnerability in search.php in Gallarific allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 15 Mar 08
CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1325
Multiple directory traversal vulnerabilities in index.php in Uberghey CMS 0.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page_id and (2) language parameters.
Sat, 15 Mar 08
Travelsized CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1324
Multiple directory traversal vulnerabilities in index.php in Travelsized CMS 0.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page_id and (2) language parameters.
Sat, 15 Mar 08
Burning Board Lite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1323
Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete action.
Sat, 15 Mar 08
ASG-Sentry
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1322
The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection vulnerability.
Sat, 15 Mar 08
ASG-Sentry
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1321
The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier does require authentication, which allows remote attackers to cause a denial of service (service termination) via the exit command to TCP port 6162, or have other impacts via other commands.
Sat, 15 Mar 08
ASG-Sentry
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1320
Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (crash) via (1) a long request to FxIAList on TCP port 6162, or (2) an SNMP request with a long community string to FxAgent on UDP port 6161.
Sat, 15 Mar 08
Versant Object Database
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1319
Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers to execute arbitrary commands via a request to TCP port 5019 with a modified VERSANT_ROOT field.
Sat, 15 Mar 08
MediaWiki
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1318
Unspecified vulnerability in MediaWiki 1.11 to 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results.
Sat, 15 Mar 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1317
Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues.
Sat, 15 Mar 08
QuickTalk Forum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1316
SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickTalk Forum 1.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 15 Mar 08
zClassifieds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1315
SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php.
Fri, 14 Mar 08
Gaestebuch Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1314
SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php.
Fri, 14 Mar 08
Bloo
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1313
Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) post_id, (2) post_category_id, (3) post_year_month, and (4) static_page_id parameters; and unspecified other vectors.
Fri, 14 Mar 08
PT360 Tool Suite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1312
Unspecified vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to cause a denial of service (daemon crash) via a long TFTP packet, a different vulnerability than CVE-2008-1311.
Fri, 14 Mar 08
PT360 Tool Suite Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1311
The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '"' (quotation mark), or (3) "<>" (less than, greater than); or (4) a file with a long name. NOTE: the issue for vector 4 might exist because of an incomplete fix for CVE-2008-1312.
Fri, 14 Mar 08
PT360 Tool Suite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1310
Directory traversal vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to read and overwrite arbitrary files via directory traversal sequences in the pathname.
Fri, 14 Mar 08
RealPlayer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1309
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll 6.0.10.45 in RealNetworks RealPlayer 11.0.1 build 6.0.14.794 does not properly manage memory for the Console property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory. NOTE: some of these details are obtained from third party information.
Fri, 14 Mar 08
NukeC Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1308
SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php.
Fri, 14 Mar 08
Antivirus Online Update Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1307
Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in UpdateOcx2.dll in Beijing KingSoft Antivirus Online Update Module 2007.12.29.29 allows remote attackers to execute arbitrary code via a long argument to the SetUninstallName method.
Fri, 14 Mar 08
Savvy Content Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1306
Multiple cross-site scripting (XSS) vulnerabilities in Savvy Content Manager (CM) allow remote attackers to inject arbitrary web script or HTML via the searchterms parameter to (1) searchresults.cfm, (2) search_results.cfm, and (3) search_results/index.cfm. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 14 Mar 08
Filebase Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1305
SQL injection vulnerability in filebase.php in the Filebase mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 14 Mar 08
WordPress
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1304
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.
Fri, 14 Mar 08
Perforce Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1303
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference.
Fri, 14 Mar 08
Perforce Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1302
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access.
Fri, 14 Mar 08
OpenCms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1301
Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter.
Fri, 14 Mar 08
OpenCms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1300
Cross-site scripting (XSS) vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a different vector than CVE-2008-1045.
Fri, 14 Mar 08
ServiceDesk Plus
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1299
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 14 Mar 08
Hadith Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1298
SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php.
Fri, 14 Mar 08
com_ewriting
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1297
SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.
Fri, 14 Mar 08
EncapsGallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1296
Multiple cross-site scripting (XSS) vulnerabilities in EncapsGallery 1.11.2 allow remote attackers to inject arbitrary web script or HTML via the file parameter to (1) watermark.php and (2) catalog_watermark.php in core/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 14 Mar 08
phpMyNewsLetter
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1295
SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msg_id parameter.
Thu, 13 Mar 08
ColdFusion, ColdFusion MX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1203
The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection.
Thu, 13 Mar 08
LiveCycle Workflow
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1202
Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Thu, 13 Mar 08
Directory Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0890
Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors.
Thu, 13 Mar 08
ColdFusion MX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0644
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.
Thu, 13 Mar 08
ColdFusion MX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0643
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Thu, 13 Mar 08
Form Designer, Form Client
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6253
Multiple unspecified vulnerabilities in Adobe Form Designer 5.0 and Form Client 5.0 allow remote attackers to execute arbitrary code via unknown vectors related to input validation.
Thu, 13 Mar 08
MaxDB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0307
Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption.
Thu, 13 Mar 08
MaxDB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0306
sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings.
Thu, 13 Mar 08
mapbender
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0301
Multiple SQL injection vulnerabilities in Mapbender 2.4 through 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors.
Thu, 13 Mar 08
mapbender
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0300
mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.
Thu, 13 Mar 08
Office
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0118
Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
Thu, 13 Mar 08
Office
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0117
Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
Thu, 13 Mar 08
excel_viewer, Office_compatibility_pack_for_word_excel_ppt_2007
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0116
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted rich text values, aka "Excel Rich Text Validation Vulnerability."
Thu, 13 Mar 08
excel_viewer, Office_compatibility_pack_for_word_excel_ppt_2007
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0115
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
Thu, 13 Mar 08
excel_viewer, Office
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0114
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
Thu, 13 Mar 08
excel_viewer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0113
Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with crafted cells that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
Thu, 13 Mar 08
Office, Excel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0112
Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
Thu, 13 Mar 08
Office, excel_viewer, Office_compatibility_pack_for_word_excel_ppt_2007
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0111
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
Thu, 13 Mar 08
Office
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0110
Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
Thu, 13 Mar 08
CVE-2007-1201 (BizTalk Server, commerce_server, Internet_Security_and_Acceleration_Server, Offic...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1201
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
Thu, 13 Mar 08
Rational ClearQuest
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1288
IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies.
Thu, 13 Mar 08
Rational ClearQuest
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1287
IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 ggenerates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.
Thu, 13 Mar 08
Java Web Console
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1286
Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors.
Thu, 13 Mar 08
JSF
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1285
Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Thu, 13 Mar 08
Horde, Groupware, Groupware Webmail Edition
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1284
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.
Wed, 12 Mar 08
Neptune_Web_Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1283
Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 allows remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in the 404 error page.
Wed, 12 Mar 08
BFup
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1282
Buffer overflow in the BFup ActiveX control (BFup.dll) in B21Soft BFup before 1.0.802.29 allows remote attackers to execute arbitrary code via a long FilePath parameter.
Wed, 12 Mar 08
Client_Management_Services
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1281
Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
Wed, 12 Mar 08
True_Image_Windows_Agent
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1280
Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference.
Wed, 12 Mar 08
True_Image
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1279
Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read.
Wed, 12 Mar 08
RemotelyAnywhere
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1278
The RemotelyAnywhere.exe service in the Remotely Anywhere Server and Workstation 8.0.668 and earlier allows remote attackers to cause a denial of service (crash) via an invalid Accept-Charset header, which triggers a NULL pointer dereference. NOTE: the service is automatically restarted.
Wed, 12 Mar 08
MailEnable Enterprise, MailEnable Professional
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1277
The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service (crash) via (1) SEARCH and (2) APPEND commands without required arguments, which triggers a NULL pointer dereference.
Wed, 12 Mar 08
MailEnable Enterprise, MailEnable Professional
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1276
Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allow remote authenticated attackers to execute arbitrary code via long arguments to the (1) FETCH, (2) EXAMINE, and (3) UNSUBSCRIBE commands.
Wed, 12 Mar 08
MailEnable Enterprise, MailEnable Professional, MailEnable Standard
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1275
Multiple unspecified vulnerabilities in the SMTP service in MailEnable Standard Edition 1.x, Professional Edition 3.x and earlier, and Enterprise Edition 3.x and earlier allow remote attackers to cause a denial of service (crash) via crafted (1) EXPN or (2) VRFY commands.
Wed, 12 Mar 08
AIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1274
Untrusted search path vulnerability in man in IBM AIX 6.1.0 invokes binaries without full pathnames, which allows local users to execute arbitrary code via a malicious program in the man directory.
Wed, 12 Mar 08
ImageVue
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1273
Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 12 Mar 08
BM Classifieds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1272
Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter to pfriendly.php.
Wed, 12 Mar 08
Dovecot
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1218
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
Wed, 12 Mar 08
Demuxer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1161
Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in xine-lib before 1.1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code or via a Matroska file with invalid frame sizes.
Wed, 12 Mar 08
Dovecot
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1271
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
Wed, 12 Mar 08
lighttpd
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
Wed, 12 Mar 08
Gate2_Plus_Wi-Fi
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1269
cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request.
Wed, 12 Mar 08
WRT54G
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1268
The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password.
Wed, 12 Mar 08
SpeedStream_6520
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1267
The Siemens SpeedStream 6520 router allows remote attackers to cause a denial of service (web interface crash) via an HTTP request to basehelp_English.htm with a large integer in the Content-Length field.
Wed, 12 Mar 08
DI-524
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1266
Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value.
Wed, 12 Mar 08
WRT54G
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1265
The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface.
Wed, 12 Mar 08
WRT54G
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1264
The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file.
Wed, 12 Mar 08
WRT54G
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1263
The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI.
Wed, 12 Mar 08
WiMax_ProST
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1262
The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/.
Wed, 12 Mar 08
P-2602HW-D1A
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1261
The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI.
Wed, 12 Mar 08
P-2602HW-D1A
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1260
Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware allow remote attackers to (1) make the admin web server available on the Internet (WAN) interface via the WWWAccessInterface parameter to Forms/RemMagWWW_1 or (2) change the IP whitelisting timeout via the StdioTimout parameter to Forms/rpSysAdmin_1.
Wed, 12 Mar 08
P-2602HW-D1A
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1259
The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated within the previous 5 minutes.
Wed, 12 Mar 08
DI-604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1258
Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter.
Wed, 12 Mar 08
P-660HW
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1257
Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter.
Wed, 12 Mar 08
P-660HW
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1256
The ZyXEL P-660HW series router has "admin" as its default password, which allows remote attackers to gain administrative access.
Wed, 12 Mar 08
P-660HW
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1255
The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user.
Wed, 12 Mar 08
P-660HW
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1254
Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors.
Wed, 12 Mar 08
DSL-G604T
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1253
Cross-site scripting (XSS) vulnerability