Home PHP Scripts Contact News Articles RSS Readers Members Area

Software Vulnerability

 
Main

Software Alerts

Software and Script Bug Exploits
Software Vulnerability
Random Feeds

Archives

| Sep 2013 | Aug 2013 | Jul 2013 | Jun 2013 | May 2013 | Apr 2013 | Mar 2013 | Feb 2013 | Jan 2013 | Dec 2012 | Nov 2012 | Oct 2012 | Sep 2012 | Aug 2012 | Jul 2012 | Jun 2012 | May 2012 | Apr 2012 | Mar 2012 | Feb 2012 | Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |

Mon, 31 Mar 08
Webshop
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1541
Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS Webshop 2.50 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.

Mon, 31 Mar 08
Datsogallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1540
SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Mon, 31 Mar 08
PHP_Nuke Platinum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1539
SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary SQL commands via the p parameter to modules.php for the Forums module.

Mon, 31 Mar 08
EventLog Analyzer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1538
Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Mon, 31 Mar 08
PowerBook
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1537
Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Mon, 31 Mar 08
PicturesPro Photo Cart
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1536
Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro (aka Tim Grissett) Photo Cart 4.1 allows remote attackers to inject arbitrary web script or HTML via the amessage parameter. NOTE: some of these details are obtained from third party information.

Mon, 31 Mar 08
Rekry Component
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1535
SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php.

Mon, 31 Mar 08
PowerPHPBoard
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1534
Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) settings[footer] parameter to footer.inc.php and the (2) settings[header] parameter to header.inc.php.

Mon, 31 Mar 08
eDirectory
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0926
Unspecified vulnerability in the eMBox utility in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, allows remote attackers to cause a denial of service or access local files via unknown vectors, probably involving unauthenticated SOAP requests.

Mon, 31 Mar 08
eDirectory
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0924
Stack-based buffer overflow in the DoLBURPRequest function in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) and possibly execute arbitrary code via a long LDAP Extended Request message, probably involving a long Distinguished Name (DN) field.

Mon, 31 Mar 08
Firefox, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1240
LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195.

Mon, 31 Mar 08
Joomla
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1533
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors.

Mon, 31 Mar 08
perlbal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1532
Perlbal before 1.70, when buffered upload is enabled, allows remote attackers to cause a denial of service (crash) via a zero-byte chunked upload.

Mon, 31 Mar 08
lighttpd
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.

Mon, 31 Mar 08
GnuPG
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1530
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."

Mon, 31 Mar 08
NetBSD, FreeBSD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1391
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.

Mon, 31 Mar 08
PHP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1384
Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions).

Mon, 31 Mar 08
Cisco IOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1152
The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets.

Mon, 31 Mar 08
Cisco IOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1151
Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566.

Mon, 31 Mar 08
Cisco IOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1150
The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309.

Mon, 31 Mar 08
Firefox, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1241
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.

Mon, 31 Mar 08
Firefox, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1238
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms.

Mon, 31 Mar 08
Firefox, Thunderbird, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1237
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.

Mon, 31 Mar 08
Firefox, Thunderbird, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1236
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.

Mon, 31 Mar 08
Firefox, Thunderbird, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1235
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals."

Mon, 31 Mar 08
Firefox, Thunderbird, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1234
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers."

Mon, 31 Mar 08
Firefox, Thunderbird, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1233
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."

Mon, 31 Mar 08
Cisco IOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1156
Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message.

Mon, 31 Mar 08
Cisco IOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1153
Cisco IOS 12.1, 12.2, 12.3, and 12.4 with IPv6 enabled allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device.

Mon, 31 Mar 08
Supervisor Engine, Route Switch Processor
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0537
Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors.

Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1529
ZyXEL Prestige routers have a minimum password length for the admin account that is too small, which makes it easier for remote attackers to guess passwords via brute force methods.

Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1528
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys.

Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1527
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), support authentication over HTTP via a hash string in the hiddenPassword field, which allows remote attackers to obtain access via a replay attack.

Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1526
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords.

Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1525
The default SNMP configuration on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has a Trusted Host value of 0.0.0.0, which allows remote attackers to send SNMP requests from any source IP address.

Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1524
The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has "public" as its default community for both (1) read and (2) write operations, which allows remote attackers to perform administrative actions via SNMP, as demonstrated by reading the Dynamic DNS service password or inserting an XSS sequence into the system.sysName.0 variable, which is displayed on the System Status page.

Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1523
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain ISP and Dynamic DNS credentials by sending a direct request for (1) WAN.html, (2) wzPPPOE.html, and (3) rpDyDNS.html, and then reading the HTML source.

Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1522
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), have (1) "user" as their default password for the "user" account and (2) "1234" as their default password for the "admin" account, which makes it easier for remote attackers to obtain access.

Mon, 31 Mar 08
Prestige 661, Prestige 660, ZyNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1521
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to gain privileges by accessing administrative URIs, as demonstrated by rpSysAdmin.html.

Wed, 26 Mar 08
Peel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1507
PEEL, possibly 3.x and earlier, has (1) a default info@peel.fr account with password admin, and (2) a default contact@peel.fr account with password cinema, which allows remote attackers to gain administrative access.

Wed, 26 Mar 08
Peel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1506
PEEL, possibly 3.x and earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.

Wed, 26 Mar 08
Custompages, com_custompages
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1505
PHP remote file inclusion vulnerability in the SSTREAMTV custompages (com_custompages) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the cpage parameter to index.php.

Wed, 26 Mar 08
phpMyChat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1504
Cross-site scripting (XSS) vulnerability in setup.php3 in phpHeaven phpMyChat 0.14.5 allows remote attackers to inject arbitrary web script or HTML via the Lang parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Wed, 26 Mar 08
BIG-IP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1503
Cross-site scripting (XSS) vulnerability in the web management interface in F5 BIG-IP 9.4.3 allows remote attackers to inject arbitrary web script or HTML via (1) the name of a node object, or the (2) sysContact or (3) sysLocation SNMP configuration field, aka "Audit Log XSS." NOTE: these issues might be resultant from cross-site request forgery (CSRF) vulnerabilities.

Wed, 26 Mar 08
eGroupWare
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1502
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in eGroupWare before 1.4.003 allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

Wed, 26 Mar 08
IRCU, snircd
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1501
The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.12 and earlier, (2) snircd 1.3.4 and earlier, and unspecified other ircu derivatives allows remote attackers to cause a denial of service (daemon crash) via a malformed MODE command.

Wed, 26 Mar 08
Tiny Portal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1500
Cross-site scripting (XSS) vulnerability in index.php in TinyPortal 0.8.6 and 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Wed, 26 Mar 08
cPanel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1499
Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.

Wed, 26 Mar 08
SurgeMail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1498
Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command.

Wed, 26 Mar 08
SurgeMail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1497
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.

Wed, 26 Mar 08
Peel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1496
Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in factures/facture_html.php.

Wed, 26 Mar 08
Peel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1495
Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by (1) image/gif and (2) application/pdf.

Wed, 26 Mar 08
Easy-Clanpage
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1494
SQL injection vulnerability in inc/module/online.php in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a user details action, a different vector than CVE-2008-1425.

Wed, 26 Mar 08
Bin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1493
Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

Wed, 26 Mar 08
phpAddressBook
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1492
Multiple directory traversal vulnerabilities in CoronaMatrix phpAddressBook 2.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php and (2) install.php.

Wed, 26 Mar 08
Remote Console
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1491
Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623.

Wed, 26 Mar 08
Image Uploader ActiveX control, ImageUploader4
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1490
Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4.ocx 4.1.36.0, as used with Piczo (aka Pizco) and possibly other online services, allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long Action property, a different CLSID than CVE-2008-0659.

Wed, 26 Mar 08
Word
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1092
Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: this issue might be related to CVE-2007-6026.

Wed, 26 Mar 08
VLC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1489
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.

Wed, 26 Mar 08
ZyWALL
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1160
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.

Wed, 26 Mar 08
Alternative PHP Cache
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1488
Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) 3.0.11 through 3.0.16 allows remote attackers to execute arbitrary code via a long filename.

Wed, 26 Mar 08
LinPHA
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1487
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php.

Wed, 26 Mar 08
Phorum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1486
SQL injection vulnerability in Phorum before 5.2.6 , when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.

Wed, 26 Mar 08
PunBB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1485
Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php.

Wed, 26 Mar 08
PunBB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1484
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.

Wed, 26 Mar 08
OpenSSH
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1483
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.

Wed, 26 Mar 08
FreeWebShop
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6711
Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2.2.6 and 2.2.7WIP1/2 allows remote attackers to gain administrator privileges via unknown vectors.

Wed, 26 Mar 08
xine-lib
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1482
Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, ...

Wed, 26 Mar 08
webSPELL
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1481
Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Wed, 26 Mar 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1480
rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial of service (daemon crash) via a malformed RPC request.

Wed, 26 Mar 08
cfnetgs
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1479
Cross-site scripting (XSS) vulnerability in index.php in cyberfrogs.net cfnetgs 0.24 allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Wed, 26 Mar 08
Home Ftp Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1478
Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of service (crash) by opening a FTP passive mode connection, then closing the original FTP connection. NOTE: some of these details are obtained from third party information.

Wed, 26 Mar 08
eForum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1477
Multiple cross-site scripting (XSS) vulnerabilities in busca.php in eForum 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) busca and (2) link parameters.

Wed, 26 Mar 08
Serendipity
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1476
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks.

Wed, 26 Mar 08
Roundup
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1475
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.

Wed, 26 Mar 08
Roundup
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1474
Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors.

Wed, 26 Mar 08
Altiris Deployment Solution
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1473
The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x to 6.9.164 allows local users to gain privileges via a "Shatter" style attack.

Wed, 26 Mar 08
Unicenter DSM r11 List Control ATX, BrightStor ARCserve Backup Laptops_Desktops
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1472
Stack-based buffer overflow in the ListCtrl.ocx ActiveX Control in CA BrightStor ARCserve Backup R11.5 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.

Wed, 26 Mar 08
Panda Internet Security, Panda Antivirus and Firewall
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1471
The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory.

Wed, 26 Mar 08
WebID
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1470
Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.

Wed, 26 Mar 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0951
Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions.

Wed, 26 Mar 08
phpstats
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0125
Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wagner phpstats 0.1 alpha allows remote attackers to inject arbitrary web script or HTML via the baseDir parameter.

Wed, 26 Mar 08
xine-lib
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0073
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.

Wed, 26 Mar 08
Gallarific
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1469
Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Wed, 26 Mar 08
Namazu
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1468
Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information.

Wed, 26 Mar 08
CenterIM
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1467
CenterIM 4.22.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to "received URLs in the message window."

Wed, 26 Mar 08
W-Agora
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1466
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Wed, 26 Mar 08
Restaurante component for Joomla
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1465
SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562.

Wed, 26 Mar 08
Gallarific
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1464
Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) query parameter to (a) search.php; (2) gusername and (3) gpassword parameters to (b) login.php; and the (4) username and (5) password parameters to (c) gadmin/index.php in a signin action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Wed, 26 Mar 08
SecureSphere MX Management Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1463
Cross-site scripting (XSS) vulnerability in the management GUI in Imperva SecureSphere MX Management Server 5.0 allows remote attackers to inject arbitrary web script or HTML via an invalid or prohibited request to a web server protected by SecureSphere, which triggers injection into the "corrective action" section of an alert page.

Wed, 26 Mar 08
RunCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1462
SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action.

Wed, 26 Mar 08
XnView Standard
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1461
Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker.

Wed, 26 Mar 08
Joovideo, com_joovideo
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1460
SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

Wed, 26 Mar 08
com_alberghi
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1459
SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

Wed, 26 Mar 08
CS-Cart
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1458
Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action.

Wed, 26 Mar 08
s800i, AsteriskNOW, Asterisk Business Edition, Asterisk Appliance Developer Kit
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1390
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.

Wed, 26 Mar 08
ViewVC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1292
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.

Wed, 26 Mar 08
ViewVC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1291
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.

Wed, 26 Mar 08
ViewVC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1290
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.

Wed, 26 Mar 08
CVE-2008-1289 (Open Source, Asterisk Business Edition, AsteriskNOW, Asterisk Appliance Developer...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1289
Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memo...

Tue, 25 Mar 08
Flash
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1201
Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Windows allow user-assisted remote attackers to execute arbitrary code via a crafted .FLA file.

Fri, 21 Mar 08
SupportCenter Plus
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1432
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Fri, 21 Mar 08
Firmware
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1431
RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key.

Fri, 21 Mar 08
ASPapp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1430
SQL injection vulnerability in links.asp in ASPapp allows remote attackers to execute arbitrary SQL commands via the CatId parameter.

Fri, 21 Mar 08
SILC-Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1429
Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows remote attackers to cause a denial of service (daemon crash) via a NEW_CLIENT packet without a nickname.

Fri, 21 Mar 08
Ubercart Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1428
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product.

Fri, 21 Mar 08
Acajoom, com_acajoom
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1427
SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php.

Fri, 21 Mar 08
KAPhotoservice
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1426
SQL injection vulnerability in album.asp in KAPhotoservice allows remote attackers to execute arbitrary SQL commands via the albumid parameter.

Fri, 21 Mar 08
Easy-Clanpage
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1425
SQL injection vulnerability in index.php in the gallery module in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a kate action.

Fri, 21 Mar 08
Axyl
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1417
The prerm script in axyl 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the axyl.conf temporary file.

Fri, 21 Mar 08
PHPauction GPL
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1416
Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) converter.inc.php, (2) messages.inc.php, and (3) settings.inc.php in includes/.

Fri, 21 Mar 08
Multiple Time Sheets
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1415
Directory traversal vulnerability in index.php in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to read arbitrary files via "../..//" (modified dot dot) sequences in the tab parameter.

Fri, 21 Mar 08
Multiple Time Sheets
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1414
Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php, (3) invoices.php, (4) smartlinks.php, and (5) todo.php, as demonstrated using a META tag.

Fri, 21 Mar 08
sNews CMS Rus
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1413
Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus 2.1 through 2.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

Fri, 21 Mar 08
CVE-2008-1412 (F-Secure Internet Security, F-Secure Anti-Virus, F-Secure Client Security, F-Secu...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1412
Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

Fri, 21 Mar 08
Snap_Deploy
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1411
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.

Fri, 21 Mar 08
Snap_Deploy
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1410
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.

Fri, 21 Mar 08
Exero CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1409
Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to (1) index.php, (2) editpassword.php, and (3) avatar.php in usercp/; (4) custompage.php; (5) errors/404.php; (6) memberslist.php and (7) profile.php in members/; (8) index.php and (9) fullview.php in news/; and (10) nopermission.php.

Fri, 21 Mar 08
phpBP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1408
SQL injection vulnerability in includes/functions/banners-external.php in phpBP 2 RC3 (2.204) FIX 4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a banner_out action.

Fri, 21 Mar 08
eXV2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1407
SQL injection vulnerability in index.php in the WebChat 1.60 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.

Fri, 21 Mar 08
eXV2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1406
SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the lid parameter in an ImprAnn action.

Fri, 21 Mar 08
CVE-2008-1405 (fuzzylime (cms))
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1405
PHP remote file inclusion vulnerability in code/display.php in fuzzylime cms 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter.

Fri, 21 Mar 08
eXV2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1404
SQL injection vulnerability in index.php in the Viso (Industry Book) 2.04 and 2.03 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the kid parameter.

Fri, 21 Mar 08
TFTPD, Administrator
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1403
Stack-based buffer overflow in the TFTP server in BootManage TFTPD 1.99 and earlier in BootManage Administrator 7.1 and earlier allows remote attackers to execute arbitrary code via a request with a long filename.

Fri, 21 Mar 08
Net Inspector
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1402
MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to cause a (1) denial of service (exception and crash) via a UDP packet to the SNMP Trap Service (MgWTrap3.exe) or (2) denial of service (device freeze or memory consumption) via a malformed TCP packet to the Net Inspector Server (niengine).

Fri, 21 Mar 08
Net Inspector
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1401
Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in an HTTP GET request, which is recorded in a log file.

Fri, 21 Mar 08
Net Inspector
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1400
Directory traversal vulnerability in the Net Inspector HTTP Server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to read arbitrary files via a ".." (dot dot backslash) or "../" (dot dot slash) in the GET command.

Fri, 21 Mar 08
Clansphere
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1399
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Clansphere 2008 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Fri, 21 Mar 08
AuraCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1398
SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.

Fri, 21 Mar 08
Apple AirPort Extreme Base Station
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1012
Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input validation."

Fri, 21 Mar 08
VPN-1 Power_UTM with NGX, Check Point VPN-1 Pro, VPN-1 Firewall-1
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1397
Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint.

Fri, 21 Mar 08
Plone CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1396
Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network.

Fri, 21 Mar 08
Plone CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1395
Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes it easier for context-dependent attackers to reuse a logged-out session.

Fri, 21 Mar 08
Plone CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1394
Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.

Fri, 21 Mar 08
Plone CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1393
Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.

Fri, 21 Mar 08
VMWare Workstation, ACE, Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1392
The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.

Fri, 21 Mar 08
VMWare Workstation, VMware Server, Player, ACE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1364
Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service.

Fri, 21 Mar 08
VMWare Workstation, Player, VMware Server, ACE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1363
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process."

Fri, 21 Mar 08
VMWare Workstation, VMware Server, Player, ACE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1362
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361.

Fri, 21 Mar 08
VMWare Workstation, VMware Server, Player, ACE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1361
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362.

Fri, 21 Mar 08
VMWare Workstation, VMware Server, Player, ACE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1340
Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger "memory exhaustion and memory corruption."

Fri, 21 Mar 08
Open Source
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1333
Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function.

Fri, 21 Mar 08
CVE-2008-1332 (Open Source, Asterisk Business Edition, AsteriskNOW, Asterisk Appliance Developer...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1332
Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.

Fri, 21 Mar 08
Directory Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0889
Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script.

Fri, 21 Mar 08
StorageWorks Library and Tape Tools
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0707
HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX B.11.11 and B.11.23 allows local users to gain privileges via unspecified vectors.

Fri, 21 Mar 08
Plone CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0164
Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page.

Fri, 21 Mar 08
Business Objects
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6254
Stack-based buffer overflow in the SAP Business Objects BusinessObjects RptViewerAX ActiveX control in RptViewerAX.dll in Business Objects 6.5 before CHF74 allows remote attackers to execute arbitrary code via unspecified vectors.

Fri, 21 Mar 08
Rational ClearQuest
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4592
Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, and userNameVal parameters to the login component.

Thu, 20 Mar 08
Kerberos 5
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0063
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka ""Uninitialized stack values."

Thu, 20 Mar 08
Kerberos 5
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0062
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1011
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame.

Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1010
Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript.

Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1009
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.

Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1008
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.

Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1007
WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, 2which allows remote attackers to conduct cross-site scripting (XSS) attacks.

Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1006
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.

Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1005
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.

Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1004
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector.

Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1003
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain.

Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1002
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL.

Thu, 20 Mar 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1001
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page.

Thu, 20 Mar 08
Kerberos 5
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0948
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h library does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.

Thu, 20 Mar 08
Kerberos 5
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0947
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.

Thu, 20 Mar 08
CVE-2008-1000
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1000
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.

Thu, 20 Mar 08
CVE-2008-0999
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0999
Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of servicr (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0998
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.

Thu, 20 Mar 08
CVE-2008-0996
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0996
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.

Thu, 20 Mar 08
CVE-2008-0995
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0995
The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.

Thu, 20 Mar 08
CVE-2008-0994
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0994
Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods.

Thu, 20 Mar 08
Podcast Producer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0993
Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0992
Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0990
notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0989
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0988
Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0987
Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2 allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0060
Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0059
Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0058
Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0056
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0055
Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0054
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.

Thu, 20 Mar 08
CVE-2008-0053
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0053
Unspecified vulnerability in CUPS before 1.3.6 in Apple Mac OS X 10.5.2 has unknown impact and attack vectors related to "input validation."

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0052
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.

Thu, 20 Mar 08
CUPS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0047
Heap-based buffer overflow in CUPS in Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.

Thu, 20 Mar 08
Linux
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1383
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which (1) allows local users to extract the key from the binpkg, and (2) causes multiple systems that use this binpkg to have the same SSL key and certificate.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0997
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0057
Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0051
Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0050
CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0049
AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to provileged applications.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0048
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0046
The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0045
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names.

Thu, 20 Mar 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0044
Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL.

Thu, 20 Mar 08
bzip2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1372
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite.

Thu, 20 Mar 08
Drake CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1371
Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Thu, 20 Mar 08
Yap Blog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1370
PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Thu, 20 Mar 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1369
A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors.

Thu, 20 Mar 08
Groupwise
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1330
Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker.

Wed, 19 Mar 08
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1368
CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. NOTE: a trailing "//" can force Internet Explorer to try to reuse an...

Wed, 19 Mar 08
Informix Dynamic Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0949
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet.

Wed, 19 Mar 08
Informix Dynamic Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0727
Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value.

Wed, 19 Mar 08
gcc
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1367
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.

Wed, 19 Mar 08
OfficeScan Corporate Edition
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1366
Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or (2) invalid characters in unspecified CGI arguments, which triggers a NULL pointer dereference.

Wed, 19 Mar 08
OfficeScan Corporate Edition
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1365
Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.

Wed, 19 Mar 08
rPath Linux
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0888
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possible execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

Wed, 19 Mar 08
Nagios
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1360
Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624.

Wed, 19 Mar 08
Invision Power Board
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1359
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913.

Wed, 19 Mar 08
MDaemon
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1358
Sack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY.

Wed, 19 Mar 08
McAfee Framework, ePolicy Orchestrator, CMA, Agent
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1357
Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8.

Wed, 19 Mar 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1356
Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash.

Wed, 19 Mar 08
Jeebles Directory
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1355
Cross-site scripting (XSS) vulnerability in index.php in Jeebles Technology Jeebles Directory 2.9.60 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Wed, 19 Mar 08
Virtual Support Office_XP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1354
SQL injection vulnerability in MyIssuesView.asp in Advanced Data Solutions Virtual Support Office-XP (VSO-XP) allows remote attackers to execute arbitrary SQL commands via the Issue_ID parameter.

Wed, 19 Mar 08
ZABBIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1353
zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero.

Wed, 19 Mar 08
EdiorCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1352
Directory traversal vulnerability in search.php in EdiorCMS (ecms) 3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the SearchTemplate parameter during a Title search.

Wed, 19 Mar 08
Tutoriais Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1351
SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through a printpage action to index.php.

Wed, 19 Mar 08
Fully Modded phpBB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1350
SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action.

Wed, 19 Mar 08
BamaGalerie, eXV2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1349
SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

Wed, 19 Mar 08
eWeather
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1348
Cross-site scripting (XSS) vulnerability in index.php in the eWebsite eWeather (Weather) module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the chart parameter to modules.php.

Wed, 19 Mar 08
EasyCalendar
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1347
Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the q parameter in an about action to the help system.

Wed, 19 Mar 08
EasyCalendar
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1346
SQL injection vulnerability in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action.

Wed, 19 Mar 08
EasyCalendar
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1345
Cross-site scripting (XSS) vulnerability in plugins/calendar/calendar_backend.php in MyioSoft EasyCalendar 4.0tr and earlier allows remote attackers to inject arbitrary web script or HTML via the day parameter in a dayview action.

Wed, 19 Mar 08
EasyCalendar
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1344
Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in a dayview action to plugins/calendar/calendar_backend.php and the (2) page parameter to ajaxp_backend.php.

Wed, 19 Mar 08
UnixWare
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1343
Directory traversal vulnerability in pkgadd and pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors.

Wed, 19 Mar 08
BPM_Suite, CollagePortal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1342
Multiple cross-site scripting (XSS) vulnerabilities in the search feature in Polymita BPM-Suite and CollagePortal allow remote attackers to inject arbitrary web script or HTML via the (1) _q and (2) lucene_index_field_value parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Wed, 19 Mar 08
StoreFront
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1341
SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Tue, 18 Mar 08
Perforce Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1338
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted.

Tue, 18 Mar 08
Timbuktu Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1337
The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of service (CPU consumption and daemon termination) via an invalid or partial message.

Tue, 18 Mar 08
ciscoWorks_internetwork_performance_monitor
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1157
Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands.

Tue, 18 Mar 08
Timbuktu Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1118
Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields.

Tue, 18 Mar 08
Timbuktu Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1117
Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.

Tue, 18 Mar 08
ACS for Windows, ACS Solution Engine, user_changeable_password
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0533
Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.

Tue, 18 Mar 08
ACS for Windows, ACS Solution Engine, user_changeable_password
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0532
Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors.

Sat, 15 Mar 08
Koobi CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1336
SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows remote attackers to execute arbitrary SQL commands via the categ parameter in a links action to index.php, a different vector than CVE-2008-1122.

Sat, 15 Mar 08
NetBSD, NetBSD Current
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1335
The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905.

Sat, 15 Mar 08
Home Hub
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1334
cgi/b on the BT Home Hub router allows remote attackers to bypass authentication, and read or modify administrative settings or make arbitrary VoIP telephone calls, by placing a character at the end of the PATH_INFO, as demonstrated by (1) %5C (encoded backslash), (2) '%' (percent), and (3) '~' (tilde). NOTE: the '/' (slash) vector is already covered by CVE-2007-5383.

Sat, 15 Mar 08
WAG54GS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6709
The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.

Sat, 15 Mar 08
WAG54GS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6708
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi.

Sat, 15 Mar 08
WAG54GS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6707
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574.

Sat, 15 Mar 08
Gallarific
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1327
Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Sat, 15 Mar 08
Gallarific
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1326
Cross-site scripting (XSS) vulnerability in search.php in Gallarific allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Sat, 15 Mar 08
CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1325
Multiple directory traversal vulnerabilities in index.php in Uberghey CMS 0.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page_id and (2) language parameters.

Sat, 15 Mar 08
Travelsized CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1324
Multiple directory traversal vulnerabilities in index.php in Travelsized CMS 0.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page_id and (2) language parameters.

Sat, 15 Mar 08
Burning Board Lite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1323
Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete action.

Sat, 15 Mar 08
ASG-Sentry
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1322
The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection vulnerability.

Sat, 15 Mar 08
ASG-Sentry
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1321
The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier does require authentication, which allows remote attackers to cause a denial of service (service termination) via the exit command to TCP port 6162, or have other impacts via other commands.

Sat, 15 Mar 08
ASG-Sentry
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1320
Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (crash) via (1) a long request to FxIAList on TCP port 6162, or (2) an SNMP request with a long community string to FxAgent on UDP port 6161.

Sat, 15 Mar 08
Versant Object Database
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1319
Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers to execute arbitrary commands via a request to TCP port 5019 with a modified VERSANT_ROOT field.

Sat, 15 Mar 08
MediaWiki
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1318
Unspecified vulnerability in MediaWiki 1.11 to 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results.

Sat, 15 Mar 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1317
Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues.

Sat, 15 Mar 08
QuickTalk Forum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1316
SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickTalk Forum 1.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Sat, 15 Mar 08
zClassifieds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1315
SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php.

Fri, 14 Mar 08
Gaestebuch Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1314
SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php.

Fri, 14 Mar 08
Bloo
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1313
Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) post_id, (2) post_category_id, (3) post_year_month, and (4) static_page_id parameters; and unspecified other vectors.

Fri, 14 Mar 08
PT360 Tool Suite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1312
Unspecified vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to cause a denial of service (daemon crash) via a long TFTP packet, a different vulnerability than CVE-2008-1311.

Fri, 14 Mar 08
PT360 Tool Suite Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1311
The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '"' (quotation mark), or (3) "<>" (less than, greater than); or (4) a file with a long name. NOTE: the issue for vector 4 might exist because of an incomplete fix for CVE-2008-1312.

Fri, 14 Mar 08
PT360 Tool Suite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1310
Directory traversal vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to read and overwrite arbitrary files via directory traversal sequences in the pathname.

Fri, 14 Mar 08
RealPlayer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1309
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll 6.0.10.45 in RealNetworks RealPlayer 11.0.1 build 6.0.14.794 does not properly manage memory for the Console property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory. NOTE: some of these details are obtained from third party information.

Fri, 14 Mar 08
NukeC Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1308
SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php.

Fri, 14 Mar 08
Antivirus Online Update Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1307
Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in UpdateOcx2.dll in Beijing KingSoft Antivirus Online Update Module 2007.12.29.29 allows remote attackers to execute arbitrary code via a long argument to the SetUninstallName method.

Fri, 14 Mar 08
Savvy Content Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1306
Multiple cross-site scripting (XSS) vulnerabilities in Savvy Content Manager (CM) allow remote attackers to inject arbitrary web script or HTML via the searchterms parameter to (1) searchresults.cfm, (2) search_results.cfm, and (3) search_results/index.cfm. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Fri, 14 Mar 08
Filebase Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1305
SQL injection vulnerability in filebase.php in the Filebase mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.

Fri, 14 Mar 08
WordPress
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1304
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.

Fri, 14 Mar 08
Perforce Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1303
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference.

Fri, 14 Mar 08
Perforce Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1302
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access.

Fri, 14 Mar 08
OpenCms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1301
Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter.

Fri, 14 Mar 08
OpenCms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1300
Cross-site scripting (XSS) vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a different vector than CVE-2008-1045.

Fri, 14 Mar 08
ServiceDesk Plus
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1299
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Fri, 14 Mar 08
Hadith Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1298
SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php.

Fri, 14 Mar 08
com_ewriting
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1297
SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.

Fri, 14 Mar 08
EncapsGallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1296
Multiple cross-site scripting (XSS) vulnerabilities in EncapsGallery 1.11.2 allow remote attackers to inject arbitrary web script or HTML via the file parameter to (1) watermark.php and (2) catalog_watermark.php in core/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Fri, 14 Mar 08
phpMyNewsLetter
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1295
SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msg_id parameter.

Thu, 13 Mar 08
ColdFusion, ColdFusion MX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1203
The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection.

Thu, 13 Mar 08
LiveCycle Workflow
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1202
Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Thu, 13 Mar 08
Directory Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0890
Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors.

Thu, 13 Mar 08
ColdFusion MX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0644
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.

Thu, 13 Mar 08
ColdFusion MX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0643
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Thu, 13 Mar 08
Form Designer, Form Client
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6253
Multiple unspecified vulnerabilities in Adobe Form Designer 5.0 and Form Client 5.0 allow remote attackers to execute arbitrary code via unknown vectors related to input validation.

Thu, 13 Mar 08
MaxDB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0307
Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption.

Thu, 13 Mar 08
MaxDB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0306
sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings.

Thu, 13 Mar 08
mapbender
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0301
Multiple SQL injection vulnerabilities in Mapbender 2.4 through 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors.

Thu, 13 Mar 08
mapbender
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0300
mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.

Thu, 13 Mar 08
Office
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0118
Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."

Thu, 13 Mar 08
Office
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0117
Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."

Thu, 13 Mar 08
excel_viewer, Office_compatibility_pack_for_word_excel_ppt_2007
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0116
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted rich text values, aka "Excel Rich Text Validation Vulnerability."

Thu, 13 Mar 08
excel_viewer, Office_compatibility_pack_for_word_excel_ppt_2007
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0115
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."

Thu, 13 Mar 08
excel_viewer, Office
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0114
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.

Thu, 13 Mar 08
excel_viewer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0113
Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with crafted cells that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."

Thu, 13 Mar 08
Office, Excel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0112
Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."

Thu, 13 Mar 08
Office, excel_viewer, Office_compatibility_pack_for_word_excel_ppt_2007
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0111
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."

Thu, 13 Mar 08
Office
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0110
Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.

Thu, 13 Mar 08
CVE-2007-1201 (BizTalk Server, commerce_server, Internet_Security_and_Acceleration_Server, Offic...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1201
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."

Thu, 13 Mar 08
Rational ClearQuest
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1288
IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies.

Thu, 13 Mar 08
Rational ClearQuest
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1287
IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 ggenerates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

Thu, 13 Mar 08
Java Web Console
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1286
Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors.

Thu, 13 Mar 08
JSF
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1285
Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Thu, 13 Mar 08
Horde, Groupware, Groupware Webmail Edition
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1284
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.

Wed, 12 Mar 08
Neptune_Web_Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1283
Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 allows remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in the 404 error page.

Wed, 12 Mar 08
BFup
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1282
Buffer overflow in the BFup ActiveX control (BFup.dll) in B21Soft BFup before 1.0.802.29 allows remote attackers to execute arbitrary code via a long FilePath parameter.

Wed, 12 Mar 08
Client_Management_Services
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1281
Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.

Wed, 12 Mar 08
True_Image_Windows_Agent
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1280
Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference.

Wed, 12 Mar 08
True_Image
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1279
Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read.

Wed, 12 Mar 08
RemotelyAnywhere
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1278
The RemotelyAnywhere.exe service in the Remotely Anywhere Server and Workstation 8.0.668 and earlier allows remote attackers to cause a denial of service (crash) via an invalid Accept-Charset header, which triggers a NULL pointer dereference. NOTE: the service is automatically restarted.

Wed, 12 Mar 08
MailEnable Enterprise, MailEnable Professional
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1277
The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service (crash) via (1) SEARCH and (2) APPEND commands without required arguments, which triggers a NULL pointer dereference.

Wed, 12 Mar 08
MailEnable Enterprise, MailEnable Professional
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1276
Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allow remote authenticated attackers to execute arbitrary code via long arguments to the (1) FETCH, (2) EXAMINE, and (3) UNSUBSCRIBE commands.

Wed, 12 Mar 08
MailEnable Enterprise, MailEnable Professional, MailEnable Standard
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1275
Multiple unspecified vulnerabilities in the SMTP service in MailEnable Standard Edition 1.x, Professional Edition 3.x and earlier, and Enterprise Edition 3.x and earlier allow remote attackers to cause a denial of service (crash) via crafted (1) EXPN or (2) VRFY commands.

Wed, 12 Mar 08
AIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1274
Untrusted search path vulnerability in man in IBM AIX 6.1.0 invokes binaries without full pathnames, which allows local users to execute arbitrary code via a malicious program in the man directory.

Wed, 12 Mar 08
ImageVue
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1273
Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Wed, 12 Mar 08
BM Classifieds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1272
Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter to pfriendly.php.

Wed, 12 Mar 08
Dovecot
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1218
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.

Wed, 12 Mar 08
Demuxer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1161
Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in xine-lib before 1.1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code or via a Matroska file with invalid frame sizes.

Wed, 12 Mar 08
Dovecot
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1271
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.

Wed, 12 Mar 08
lighttpd
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.

Wed, 12 Mar 08
Gate2_Plus_Wi-Fi
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1269
cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request.

Wed, 12 Mar 08
WRT54G
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1268
The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password.

Wed, 12 Mar 08
SpeedStream_6520
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1267
The Siemens SpeedStream 6520 router allows remote attackers to cause a denial of service (web interface crash) via an HTTP request to basehelp_English.htm with a large integer in the Content-Length field.

Wed, 12 Mar 08
DI-524
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1266
Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value.

Wed, 12 Mar 08
WRT54G
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1265
The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface.

Wed, 12 Mar 08
WRT54G
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1264
The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file.

Wed, 12 Mar 08
WRT54G
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1263
The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI.

Wed, 12 Mar 08
WiMax_ProST
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1262
The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/.

Wed, 12 Mar 08
P-2602HW-D1A
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1261
The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI.

Wed, 12 Mar 08
P-2602HW-D1A
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1260
Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware allow remote attackers to (1) make the admin web server available on the Internet (WAN) interface via the WWWAccessInterface parameter to Forms/RemMagWWW_1 or (2) change the IP whitelisting timeout via the StdioTimout parameter to Forms/rpSysAdmin_1.

Wed, 12 Mar 08
P-2602HW-D1A
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1259
The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated within the previous 5 minutes.

Wed, 12 Mar 08
DI-604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1258
Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter.

Wed, 12 Mar 08
P-660HW
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1257
Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter.

Wed, 12 Mar 08
P-660HW
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1256
The ZyXEL P-660HW series router has "admin" as its default password, which allows remote attackers to gain administrative access.

Wed, 12 Mar 08
P-660HW
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1255
The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user.

Wed, 12 Mar 08
P-660HW
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1254
Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors.

Wed, 12 Mar 08
DSL-G604T
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1253
Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page.

Wed, 12 Mar 08
Speedport_W500_DSL_Router
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1252
b_banner.stm (aka the login page) on the Deutsche Telekom Speedport W500 DSL router allows remote attackers to obtain the logon password by reading the pwd field in the HTML source.

Wed, 12 Mar 08
320 SIP Phone
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1251
Cross-site scripting (XSS) vulnerability in the web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Wed, 12 Mar 08
320 SIP Phone
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1250
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containing an XSS sequence.

Wed, 12 Mar 08
320 SIP Phone
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1249
snomControl.swf in the central phone server for the Snom 320 SIP Phone allows remote attackers to cause a denial of service (application crash and corruption of call logs) via a "'); (double quote, quote, close parenthesis, semicolon) sequence in the "Call a number" field.

Wed, 12 Mar 08
320 SIP Phone
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1248
The web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to make arbitrary phone calls via the "Call a number" field. NOTE: this might overlap CVE-2007-3440.

Wed, 12 Mar 08
WRT54G
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1247
The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) ...

Wed, 12 Mar 08
Finesse
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1246
The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local users to gain privileges by entering characters at the enable prompt, erasing these characters via the Backspace key, and then holding down the Backspace key for one second after erasing the final character.

Wed, 12 Mar 08
F5D7230-4
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1245
cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service (control center outage) via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header.

Wed, 12 Mar 08
F5D7230-4
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1244
cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters.

Wed, 12 Mar 08
WRT300N
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1243
Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI.

Wed, 12 Mar 08
F5D7230-4
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1242
The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user, a different vulnerability than CVE-2005-3802.

Wed, 12 Mar 08
JSPWiki
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1231
Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to include and execute arbitrary local .jsp files, and obtain sensitive information, via a .. (dot dot) in the editor parameter.

Wed, 12 Mar 08
JSPWiki
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1230
Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified manipulation that attaches a .jsp file to an "entry page."

Wed, 12 Mar 08
JSPWiki
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1229
Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML via the editor parameter, a different vector than CVE-2007-5120.b.

Wed, 12 Mar 08
MG2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1228
Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly Minigal) allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action.

Wed, 12 Mar 08
SILC Toolkit
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1227
Stack-based buffer overflow in the silc_fingerprint function in lib/silcutil/silcutil.c in Secure Internet Live Conferencing (SILC) Toolkit 1.1.5, and unspecified earlier versions, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via long input data. NOTE: some of these details are obtained from third party information.

Wed, 12 Mar 08
Collaboration_Suite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1226
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image attachment.

Wed, 12 Mar 08
WebCT
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1225
Multiple cross-site scripting (XSS) vulnerabilities in WebCT Campus Edition 4.1.5.8, when "Don't wrap text" is enabled, allow remote authenticated users to inject arbitrary web script or HTML via a (1) mail message or (2) discussion board message. NOTE: this might overlap CVE-2005-1076.

Wed, 12 Mar 08
BosClassifieds Classified Ads
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1224
Cross-site scripting (XSS) vulnerability in account.php in BosClassifieds Classified Ads System 3.0 allows remote attackers to inject arbitrary web script or HTML via the returnTo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Wed, 12 Mar 08
Open Source Learning and Knowledge Management Tool
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1223
Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified vectors.

Wed, 12 Mar 08
Open Source Learning and Knowledge Management Tool
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1222
Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Tue, 11 Mar 08
eScan, eScan Server, eScan Management Console
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1221
Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command.

Tue, 11 Mar 08
4nChat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1220
SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Tue, 11 Mar 08
KutubiSitte Component
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1219
SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php.

Tue, 11 Mar 08
Lotus Notes
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1217
Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote attackers to execute arbitrary code via a crafted attachment in an e-mail message sent over SMTP, a variant of CVE-2008-????.

Tue, 11 Mar 08
Lotus Quickr Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1216
IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element.

Tue, 11 Mar 08
OpenBSD, FreeBSD, NetBSD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1215
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters.

Tue, 11 Mar 08
Lotus Notes
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6706
Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP.

Tue, 11 Mar 08
WebSphere MQ
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6705
The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.

Tue, 11 Mar 08
FootPrints
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1214
MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allows remote attackers to execute arbitrary code via shell metacharacters in the PROJECTNUM parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Tue, 11 Mar 08
FootPrints
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1213
Cross-site scripting (XSS) vulnerability in Numara FootPrints for Linux 8.1 allows remote attackers to inject arbitrary web script or HTML via the Title form field when setting an appointment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Tue, 11 Mar 08
Podcast Generator
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1212
Cross-site scripting (XSS) vulnerability in set_permissions.php in Podcast Generator 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the scriptlang parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Tue, 11 Mar 08
BosDates
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1211
Cross-site scripting (XSS) vulnerability in BosDates 3.x and 4.x allows remote attackers to inject arbitrary web script or HTML via (1) the type parameter in calendar.php and (2) the category parameter in calendar_search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Tue, 11 Mar 08
Programmers Notepad
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1210
Stack-based buffer overflow in the ctags parsing code in Programmer's Notepad before 2.0.8.718 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted .c file, when the victim selects the Jump To dialog. NOTE: some of these details are obtained from third party information.

Tue, 11 Mar 08
Xitex WebContent M1
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1209
Cross-site scripting (XSS) vulnerability in redirect.do in Xitex WebContent M1 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Tue, 11 Mar 08
VPN-1 UTM Edge W Embedded NGX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1208
Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter.

Tue, 11 Mar 08
CVE-2008-1207 (Interstage Smart Repository, Interstage Business Application Server, Interstage A...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1207
Multiple unspecified vulnerabilities in Fujitsu Interstage Smart Repository, as used in multiple Fujitsu Interstage products, allow remote attackers to cause a denial of service (daemon crash) via (1) an invalid request or (2) a large amount of data sent to the registered attribute value.

Tue, 11 Mar 08
Linux Kiss Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1206
Format string vulnerability in the log_message function in lks.c in Linux Kiss Server 1.2, when background (daemon) mode is disabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in an invalid command.

Tue, 11 Mar 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1205
Unspecified vulnerability in the ipsecah kernel module in Sun Solaris 10, when a key management daemon for IPsec security associations is running, allows local users to cause a denial of service (panic) via unspecified vectors.

Tue, 11 Mar 08
Java System Access Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1204
Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows.

Sat, 8 Mar 08
Jet, Access
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1200
Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026.

Sat, 8 Mar 08
Dovecot
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1199
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.

Sat, 8 Mar 08
enterprise_linux
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1198
The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.

Sat, 8 Mar 08
JRE, JDK
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1196
Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file.

Sat, 8 Mar 08
JRE, JDK
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1195
Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.

Sat, 8 Mar 08
JRE, JDK
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1194
Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.

Sat, 8 Mar 08
JRE, JDK
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1193
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.

Sat, 8 Mar 08
JRE, JDK
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1192
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, 1.4.2_16 and earlier, and 1.3.1_21 and earlier allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors.

Sat, 8 Mar 08
JRE, JDK
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1191
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190.

Sat, 8 Mar 08
JRE, JDK
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1190
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191.

Sat, 8 Mar 08
JRE, JDK
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1189
Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188.

Sat, 8 Mar 08
JRE, JDK
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1188
Multiple buffer overflows in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1189.

Sat, 8 Mar 08
JRE, JDK
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1187
Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.

Sat, 8 Mar 08
JRE, JDK
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1186
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185.

Sat, 8 Mar 08
JRE, JDK
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1185
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186.

Fri, 7 Mar 08
DNSSEC-Tools
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1184
The DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks.

Fri, 7 Mar 08
Crafty Syntax Live Help
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1183
Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax Live Help (CSLH) before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) livehelp.php, (2) user_questions.php, and (3) leavemessage.php. NOTE: the lostsheep.php vector is covered by CVE-2008-0848.

Fri, 7 Mar 08
pfSense
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1182
Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Fri, 7 Mar 08
Secure Access 2000
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1181
Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message.

Fri, 7 Mar 08
Secure Access 2000
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1180
Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the delivery_mode parameter.

Fri, 7 Mar 08
Centreon
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1179
Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters. NOTE: some of these details are obtained from third party information.

Fri, 7 Mar 08
Centreon
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1178
Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2008-1119.

Fri, 7 Mar 08
Affiliate Market
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1177
SQL injection vulnerability in shop/detail.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to execute arbitrary SQL commands via the id parameter.

Fri, 7 Mar 08
Affiliate Market
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1176
Cross-site scripting (XSS) vulnerability in function/sideblock.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to inject arbitrary web script or HTML via the sideblock4 parameter.

Fri, 7 Mar 08
Authentix
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1175
Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter to aspAdmin/deleteUser.asp, a different vector than CVE-2008-1174. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Fri, 7 Mar 08
Authentix
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1174
Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter.

Fri, 7 Mar 08
TorrentTrader, TorrentTrader Classic
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1173
Cross-site scripting (XSS) vulnerability in account-inbox.php in TorrentTrader Classic 1.08 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. .

Fri, 7 Mar 08
TorrentTrader, TorrentTrader Classic
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1172
Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php in TorrentTrader Classic 1.08 allow remote attackers to perform certain actions as other users, as demonstrated by sending messages.

Fri, 7 Mar 08
Android SDK
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0986
Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.

Fri, 7 Mar 08
Android SDK
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0985
Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.

Fri, 7 Mar 08
Acrobat Reader
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0883
acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.

Fri, 7 Mar 08
Evolution
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0072
Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version: field.

Fri, 7 Mar 08
123 Flash Chat Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1171
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123flashchat.php and (2) phpbb_login_chat.php. NOTE: CVE disputes this issue because $phpbb_root_path is explicitly set to "./" in both programs.

Fri, 7 Mar 08
KCWiki
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1170
Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php.

Fri, 7 Mar 08
SCI Photo Chat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1169
Directory traversal vulnerability in the embedded HTTP server in SCI Photo Chat Server 3.4.9 and earlier allows remote attackers to read arbitrary files via a ".." (dot dot backslash) or "../" (dot dot forward slash) in the GET command.

Fri, 7 Mar 08
Squid Analysis Report Generator
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1168
Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Fri, 7 Mar 08
Squid Analysis Report Generator
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1167
Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information.

Fri, 7 Mar 08
Flyspray
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1166
Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Fri, 7 Mar 08
Flyspray
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1165
Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information.

Fri, 7 Mar 08
phpComasy
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1164
SQL injection vulnerability in index.php in phpComasy 0.8 allows remote attackers to execute arbitrary SQL commands via the mod_project_id parameter in a project_detail action.

Fri, 7 Mar 08
phpArcadeScript
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1163
SQL injection vulnerability in index.php in phpArcadeScript 1.0 through 3.0 RC2 allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action.

Fri, 7 Mar 08
Dynamic Photo Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1162
SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Photo Gallery 1.02 allows remote attackers to execute arbitrary SQL commands via the albumID parameter.

Fri, 7 Mar 08
Firepass 4100
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6704
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.

Fri, 7 Mar 08
MoinMoin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1099
_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages.

Fri, 7 Mar 08
MoinMoin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1098
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename ...

Fri, 7 Mar 08
ImageMagick, GraphicsMagick
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1097
Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.

Fri, 7 Mar 08
ImageMagick, GraphicsMagick
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1096
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.

Fri, 7 Mar 08
phpMyAdmin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1149
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross Site Request Forgery (CSRF) attacks by using crafed cookies.

Fri, 7 Mar 08
Financials Server, Directory Pro, Darwin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1148
A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting.

Fri, 7 Mar 08
Financials Server, Directory Pro, Darwin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1147
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting.

Fri, 7 Mar 08
Financials Server, Directory Pro, Darwin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1146
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND.

Fri, 7 Mar 08
WEBrick
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1145
Directory traversal vulnerability in WEBrick 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash () path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.

Fri, 7 Mar 08
Light httpd
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1111
mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source code of CGI scripts instead of a 500 error, which might allow remote attackers to obtain sensitive information.

Fri, 7 Mar 08
DESlock
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1141
Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (kernel memory consumption) via a series of DLMFENC_IOCTL requests to \.DLKPFSD_Device that allocate "link list structures."

Fri, 7 Mar 08
DESlock
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1140
DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \.DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the "ring0 SYSTEM" vulnerability.

Fri, 7 Mar 08
DESlock
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1139
DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \.DLKPFSD_Device that overwrites a pointer, aka the "ring0 link list zero SYSTEM" vulnerability.

Fri, 7 Mar 08
DESlock
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1138
DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (system crash) via a certain ZERO_MEM DLMFENC_IOCTL request to \.DLKPFSD_Device, aka the "ring0 link list zero" vulnerability.

Fri, 7 Mar 08
com_garyscookbook
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1137
SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

Fri, 7 Mar 08
SynCE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1136
The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679.

Fri, 7 Mar 08
INterneSErvicesLosungen
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1135
OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames.

Fri, 7 Mar 08
INterneSErvicesLosungen
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1134
OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports authentication with a cookie that lacks a shared secret, which allows remote attackers to login as an arbitrary user via a modified cookie.

Fri, 7 Mar 08
vdccm
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6703
Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) might allow attackers to cause a denial of service via unspecified vectors.

Tue, 4 Mar 08
GoAhead WebServer, FS4104-AW Device
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6702
goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603.

Tue, 4 Mar 08
Drupal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1133
The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

Tue, 4 Mar 08
CVE-2008-1079 (SendFile.NET)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1079
The outboxWriteUnsent function in FTPThread.class in SendFile.jar for Beehive Software SendFile.NET uses hard-coded credentials for an FTP server, which allows remote attackers to gain privileges.

Tue, 4 Mar 08
Net Activity Viewer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1132
Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action.

Tue, 4 Mar 08
Drupal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1131
Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms.

Tue, 4 Mar 08
WebSphere MQ
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1130
Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel.

Tue, 4 Mar 08
XRMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1129
Cross-site scripting (XSS) vulnerability in admin/users/self.php in XRMS CRM allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information.

Tue, 4 Mar 08
XWine
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0931
w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file.

Tue, 4 Mar 08
XWine
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0930
w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information.

Tue, 4 Mar 08
phpMytourney
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1128
PHP remote file inclusion vulnerability in tourney/index.php in phpMyTourney 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

Tue, 4 Mar 08
Crysis
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1127
Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed.

Tue, 4 Mar 08
Barryvan Compo Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1126
PHP remote file inclusion vulnerability in main.php in Barryvan Compo Manager 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the pageURL parameter.

Tue, 4 Mar 08
Podcast Generator
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1125
Multiple directory traversal vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) theme_path parameter to core/themes.php and the (2) filename parameter to download.php.

Tue, 4 Mar 08
Podcast Generator
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1124
Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to (1) components/xmlparser/loadparser.php; (2) admin.php, (3) categories.php, (4) categories_add.php, (5) categories_remove.php, (6) edit.php, (7) editdel.php, (8) ftpfeature.php, (9) login.php, (10) pgRSSnews.php, (11) showcat.php, and (12) upload.php in core/admin/; and (13) archive_cat.php, (14) archive_n...

Tue, 4 Mar 08
SiteBuilder Elite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1123
Multiple PHP remote file inclusion vulnerabilities in SiteBuilder Elite 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the CarpPath parameter to (1) files/carprss.php and (2) files/amazon-bestsellers.php.

Tue, 4 Mar 08
Koobi Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1122
SQL injection vulnerability in index.php in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter in a downloads procedure.

Tue, 4 Mar 08
eazyPortal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1121
SQL injection vulnerability in index.php in eazyPortal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the session_vars cookie.

Tue, 4 Mar 08
Mirabilis ICQ
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1120
Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation.

Tue, 4 Mar 08
Centreon
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1119
Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Tue, 4 Mar 08
QEMU
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0928
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.

Tue, 4 Mar 08
Rising Web Scan Object
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1116
Insecure method vulnerability in the Web Scan Object ActiveX control (OL2005.dll) in Rising Antivirus Online Scanner allows remote attackers to force the download and execution of arbitrary code by setting the BaseURL property and invoking the UpdateEngine method. NOTE: some of these details are obtained from third party information.

Tue, 4 Mar 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1115
Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands.

Tue, 4 Mar 08
CVE-2008-1114
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1114
Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.

Tue, 4 Mar 08
Vocera Communications Badge
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1113
Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.

Tue, 4 Mar 08
STRunner
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6252
Multiple stack-based buffer overflows in the Learn2 Corporation STRunner (aka Street Technologies) ActiveX control in iestm32.dll allow remote attackers to execute arbitrary code via unspecified vectors.

Sun, 2 Mar 08
xine-lib, xine-plugin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1110
Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664.

Sun, 2 Mar 08
CVE-2008-0595 (Fedora, Enterprise Linux Desktop Workstation, Mandrake Linux, Inter-Process Commu...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0595
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

Sun, 2 Mar 08
Urulu
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0385
SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with (1) statprt/js/request or (2) dyn/js/request in the PATH_INFO.

Sun, 2 Mar 08
Thunderbird, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0304
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview.

Sun, 2 Mar 08
Backup Exec for Windows Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6017
A Symantec ActiveX control related to the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes multiple unsafe methods, which allows remote attackers to cause a denial of service (browser crash), or possibly overwrite or modify arbitrary files, via unspecified vectors. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that ...

Sun, 2 Mar 08
Backup Exec for Windows Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6016
Multiple stack-based buffer overflows in a Symantec ActiveX control related to the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, might allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control.

Sun, 2 Mar 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1095
Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers tobypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly.

Sun, 2 Mar 08
Opera
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1082
Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation.

Sun, 2 Mar 08
Opera
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1081
Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties.

Sun, 2 Mar 08
Opera
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1080
Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input.

Sun, 2 Mar 08
rPath Linux
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1078
expn in the am-utils and net-fs packages for Gentoo rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.

Sun, 2 Mar 08
imageRUNNER, imagePRESS, i-SENSYS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0303
The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce.

Sun, 2 Mar 08
Simpleboard
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1077
SQL injection vulnerability in index.php in the Simpleboard (com_simpleboard) 1.0.3 Stable component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action.

Sun, 2 Mar 08
Shopping Cart
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1076
Cross-site scripting (XSS) vulnerability in search.php in Interspire Shopping Cart 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Sun, 2 Mar 08
Cart
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1075
Cross-site scripting (XSS) vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Sun, 2 Mar 08
GROUP_E
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1074
PHP remote file inclusion vulnerability in lib/head_auth.php in GROUP-E 1.6.41 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[PREPEND_FILE] parameter.

Sun, 2 Mar 08
Internet Scanner
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1073
Cross-site scripting (XSS) vulnerability in the report interface in Internet Security Systems (ISS) Internet Scanner 7.0 Service Pack 2 Build 7.2.2005.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Sun, 2 Mar 08
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1072
The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug.

Sun, 2 Mar 08
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1071
The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.

Sun, 2 Mar 08
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1070
The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.

Sun, 2 Mar 08
Quantum Game Library
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1069
Multiple PHP remote file inclusion vulnerabilities in Quantum Game Library 0.7.2c allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) server_request.php and (2) qlib/smarty.inc.php.

Sun, 2 Mar 08
Portail Web Php
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1068
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.php, and (3) Bleu/index.php in template/, different vectors than CVE-2008-0645.

Sun, 2 Mar 08
phpQLAdmin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1067
Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[path] parameter to (1) ezmlm.php and (2) tools/update_translations.php.

Sun, 2 Mar 08
CVE-2008-0411 (SuSE SLE SDK, enterprise_linux, Enterprise Linux Desktop Workstation, Mandrake Li...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0411
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

Sun, 2 Mar 08
Smarty
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1066
The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '' character in a search string.

Sun, 2 Mar 08
XM_Memberstats
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1065
Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Sun, 2 Mar 08
Xoops RMSoft Gallery System
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1064
Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter.

Sun, 2 Mar 08
RMSOFT GS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1063
Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter.

Sun, 2 Mar 08
CVE-2008-0309 (Symantec AntiVirus Network Attached Storage, Symantec AntiVirus Scan Engine, Syma...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0309
Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).

Sun, 2 Mar 08
CVE-2008-0308 (Symantec AntiVirus Network Attached Storage, Symantec AntiVirus Scan Engine, Syma...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0308
Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).

Sun, 2 Mar 08
Serendipity
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0124
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.

Sun, 2 Mar 08
Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5397
Heap-based buffer overflow in the activePDF Server service (aka APServer.exe) in activePDF Server 3.8.4 and 3.8.5.14, and possibly other versions before 3.8.6.16, allows remote attackers to execute arbitrary code via a packet with a size field that is less than the actual size of the data.

Sun, 2 Mar 08
WinDVD Media Center
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1062
InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Sun, 2 Mar 08
Sniplets Plugin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1061
Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.

Sun, 2 Mar 08
Sniplets Plugin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1060
Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter.

Sun, 2 Mar 08
Sniplets Plugin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1059
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.

Sun, 2 Mar 08
Open_BSD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1058
The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 allows attackers to cause a denial of service (panic) via crafted TCP packets. NOTE: some of these details are obtained from third party information.

Sun, 2 Mar 08
Open_BSD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1057
The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers.

Sun, 2 Mar 08
PowerBroker
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1056
Multiple stack-based buffer overflows in Symark PowerBroker 2.8 through 5.0.1 allow local users to gain privileges via a long argv[0] string when executing (1) pbrun, (2) pbsh, or (3) pbksh. NOTE: the product is often installed in environments with trust relationships that facilitate subsequent remote compromises.

Sun, 2 Mar 08
WebMail, SurgeMail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1055
Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.

Sun, 2 Mar 08
SurgeMail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1054
Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party...

Sun, 2 Mar 08
Kose_Yazilari Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1053
Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php.

Sun, 2 Mar 08
SurgeFTP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1052
The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.

Sun, 2 Mar 08
phpProfiles_
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1051
PHP remote file inclusion vulnerability in include/body_comm.inc.php in phpProfiles 4.5.2 BETA allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.

Sun, 2 Mar 08
Jokes and Funny Pictures Script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1050
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.

Sun, 2 Mar 08
SiteStudio, H-Sphere
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1049
Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors.

Sun, 2 Mar 08
Plume CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1048
Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.

Sun, 2 Mar 08
Tikiwiki
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1047
Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Sun, 2 Mar 08
Quinsonnas Mail Checker
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1046
PHP remote file inclusion vulnerability in footer.php in Quinsonnas Mail Checker 1.55 allows remote attackers to execute arbitrary PHP code via a URL in the op[footer_body] parameter.

Sun, 2 Mar 08
OpenCms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1045
Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter.

Sun, 2 Mar 08
Move Media Player, Qunatum Streaming Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1044
Stack-based buffer overflow in the Quantum Streaming Player (Quantum Streaming IE Player) ActiveX control (aka QSP2IE.QSP2IE) in qsp2ie07076007.dll 7.7.6.7 and qsp2ie07074039.dll 7.7.4.39 in Move Media Player allows remote attackers to execute arbitrary code via a long argument to the UploadLogs method, a different vector than CVE-2007-4722. NOTE: some of these details are obtained from third party information.

Sun, 2 Mar 08
php User Base
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1043
PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter.

Sun, 2 Mar 08
php Download Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1042
Directory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter.

Sun, 2 Mar 08
Matts Whois
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1041
Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter.

Sun, 2 Mar 08
CVE-2008-1040 (Interstage Application Server Enterprise, Interstage Application Server Standard_...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1040
Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI.

 

amigura.co.uk All Rights Reserved.