Software Vulnerability
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Archives
| Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |Wed, 30 Apr 08
Trillian
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2008
Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message.
Wed, 30 Apr 08
linux_terminal_server_project
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1293
ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 pass the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 (aka display
Wed, 30 Apr 08
BadBlue
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2003
BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378.
Wed, 30 Apr 08
Surfboard
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2002
Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the "Restart Cable Modem" value in the BUTTON_INPUT parameter to configdata.html, and (2) cause a denial of service (hard reset) via the "Reset All Defaults" value in the BUTTON_INPUT parameter to configdata.html.
Wed, 30 Apr 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2001
Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference.
Wed, 30 Apr 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2000
Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.
Wed, 30 Apr 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1999
Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.
Wed, 30 Apr 08
DB2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1998
The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.
Wed, 30 Apr 08
DB2 Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1997
Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699.
Wed, 30 Apr 08
LICQ
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1996
licq before 1.3.6 allows remote attackers to cause a denial of service (file-descriptor exhaustion and application crash) via a large number of connections.
Wed, 30 Apr 08
WordPress
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1930
The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.
Wed, 30 Apr 08
Blender
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1103
Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."
Tue, 29 Apr 08
Java System Directory Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1995
Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server.
Tue, 29 Apr 08
KDE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1671
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes.
Tue, 29 Apr 08
KDE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1670
Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.
Tue, 29 Apr 08
acon
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1994
Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and (c) child.c in Acon 1.0.5-5 through 1.0.5-7 allow local users to execute arbitrary code via (1) a long HOME environment variable or (2) a large number of terminal columns.
Tue, 29 Apr 08
acidcat_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1993
Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files.
Tue, 29 Apr 08
acidcat_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1992
Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote attackers to bypass restrictions and relay email messages with modified From, FromName, and To fields.
Tue, 29 Apr 08
acidcat_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1991
Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the field parameter.
Tue, 29 Apr 08
acidcat_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1990
Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp.
Tue, 29 Apr 08
e107, 123 Flash Chat Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1989
PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.
Tue, 29 Apr 08
EncapsGallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1988
Unrestricted file upload vulnerability in the file_upload function in core/misc.class.php in EncapsGallery 2.0.2 allows remote authenticated administrators to upload and execute arbitrary PHP files by uploading a file with an executable extension, then accessing it via a direct request to the file in the rwx_gallery directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 29 Apr 08
EncapsGallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1987
Cross-site scripting (XSS) vulnerability in search.php in EncapsGallery 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
Tue, 29 Apr 08
Pixel Motion Blog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1986
Cross-site scripting (XSS) vulnerability in liste_article.php in Blog Pixel Motion (aka PixelMotion) allows remote attackers to inject arbitrary web script or HTML via the jours parameter.
Tue, 29 Apr 08
digitalhive
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1985
Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php.
Tue, 29 Apr 08
Secure Content Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1984
The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure Content Manager 8.0.28000.511 and earlier allows remote attackers to cause a denial of service (crash or CPU consumption) via a malformed packet to TCP port 1882.
Tue, 29 Apr 08
advanced_electron_forum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1983
Cross-site scripting (XSS) vulnerability in Advanced Electron Forum (AEF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the beg parameter in a members action to index.php.
Tue, 29 Apr 08
wpss
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1982
SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.
Tue, 29 Apr 08
Drupal, e-publish
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1981
Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors.
Tue, 29 Apr 08
Drupal, e-publish
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1980
Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Tue, 29 Apr 08
BrightStor ARCserve Backup
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1979
The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet to TCP port 41523, which triggers a buffer over-read.
Tue, 29 Apr 08
Drupal, Ubercart Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1978
Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428.
Tue, 29 Apr 08
Drupal, internationalization
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1977
Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors.
Tue, 29 Apr 08
Drupal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1976
Multiple cross-site scripting (XSS) vulnerabilities in the Drupal modules (1) Internationalization (i18n) 5.x before 5.x-2.3 and 5.x-1.1 and 6.x before 6.x-1.0 beta 1; and (2) Localizer 5.x before 5.x-3.4, 5.x-2.1, and 5.x-1.11; allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Tue, 29 Apr 08
e_reserve
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1975
SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter.
Tue, 29 Apr 08
Groupware Webmail Edition
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1974
Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
Tue, 29 Apr 08
subedit_player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1973
Heap-based buffer overflow in SubEdit Player build 4056 and 4066 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long subtitle file.
Tue, 29 Apr 08
Exponent CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1972
Multiple cross-site scripting (XSS) vulnerabilities in the user account creation feature in Exponent CMS 0.96.6-GA20071003 and earlier, when the Allow Registration? configuration option is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) firstname, (3) lastname, and (4) e-mail address fields. NOTE: some of these details are obtained from third party information.
Tue, 29 Apr 08
phshoutbox_final
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1971
phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.
Tue, 29 Apr 08
muCommander
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1970
muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials.
Tue, 29 Apr 08
cezanne
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1969
Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp; (3) TitleParms, (4) WidgetsHeights, (5) WidgetsLinks, and (6) WidgetsTitles parameters to (b) CznCommon/CznCustomContainer.asp, (7) CFTARGET parameter to (c) home.asp, (8) PersonOid parameter to (d) PeopleWeb/Cards/CVCard.asp, (9) DESTLINKOID and PersonOID parameters to (e) PeopleWeb/Cards/Pa...
Tue, 29 Apr 08
cezanne
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1968
Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp.
Tue, 29 Apr 08
Cezanne
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1967
Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in Cezanne 6.5.1 and 7 allows remote attackers to inject arbitrary web script or HTML via the SleUserName parameter.
Tue, 29 Apr 08
DB2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1966
IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter.
Tue, 29 Apr 08
lotus_expeditor, lotus_symphany
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1965
Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.
Tue, 29 Apr 08
xine_lib
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1964
** DISPUTED ** Stack-based buffer overflow in the demux_nsf_send_headers function in src/demuxers/demux_nsf.c in xine-lib allows remote attackers to have an unknown impact via a long copyright field in an NSF header in an NES Sound file, a different issue than CVE-2008-1878. NOTE: a third party claims that the copyright field always has a safe length.
Tue, 29 Apr 08
grape_web_statistics
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1963
PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter.
Tue, 29 Apr 08
aterr
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1962
Multiple directory traversal vulnerabilities in Aterr 0.9.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) class parameter to include/functions.inc.php and the (2) file parameter to include/common.inc.php.
Tue, 29 Apr 08
voice_of_web_allmyguests
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1961
SQL injection vulnerability in index.php in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to execute arbitrary SQL commands via the AMG_id parameter in a comments action.
Tue, 29 Apr 08
contray
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1960
Cross-site scripting (XSS) vulnerability in cgi-bin/contray/search.cgi in ContRay 3.x allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 29 Apr 08
sipp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1959
Stack-based buffer overflow in the get_remote_video_port_media function in call.cpp in SIPp 3.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SIP message. NOTE: some of these details are obtained from third party information.
Tue, 29 Apr 08
tr_script_news
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1958
Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension.
Tue, 29 Apr 08
tr_script_news
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1957
SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode.
Tue, 29 Apr 08
Opus
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1956
Cross-site scripting (XSS) vulnerability in index.php in Wikepage Opus 13 2007.2 allows remote attackers to inject arbitrary web script or HTML via the wiki parameter.
Tue, 29 Apr 08
myboard
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1955
Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER MyBoard 1.0.12 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 29 Apr 08
web_calendar_pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1954
SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
Tue, 29 Apr 08
site_designer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1953
Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1.1.5 search template in Magnolia Enterprise Edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 29 Apr 08
Software Update
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0712
Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513.
Sat, 26 Apr 08
PDF Reader
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1942
Foxit Reader 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with (1) a malformed ExtGState resource containing a /Font resource, or (2) an XObject resource with a Rotate setting, which triggers memory corruption. NOTE: this is probably a different vulnerability than CVE-2007-2186.
Sat, 26 Apr 08
WebBoard
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1941
Cross-site scripting (XSS) vulnerability in the profile update feature in Akiva WebBoard 8.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in the form field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 26 Apr 08
grsecurity Kernel Patch
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1940
The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and 2.1.11-2.4.36.2 does not enforce user_transition_deny and user_transition_allow rules for the (1) sys_setfsuid and (2) sys_setfsgid calls, which allows local users to bypass restrictions for those calls.
Sat, 26 Apr 08
philboard
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1939
Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) topic parameters to (a) philboard_reply.asp, and the (3) forumid parameter to (b) philboard_newtopic.asp, different vectors than CVE-2007-2641 and CVE-2007-0920.
Sat, 26 Apr 08
mylo_com_2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1938
Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks.
Sat, 26 Apr 08
MoinMoin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1937
The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges.
Sat, 26 Apr 08
Classifieds Caffe
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1936
SQL injection vulnerability in index.php in Classifieds Caffe allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an add action. NOTE: this issue might be site-specific.
Sat, 26 Apr 08
Filiale
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1935
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.
Sat, 26 Apr 08
Crazy Goomba
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1934
SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 26 Apr 08
Zune Software
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1933
Absolute path traversal vulnerability in a certain ActiveX control in Zune allows user-assisted remote attackers to overwrite arbitrary files via the SaveToFile method. NOTE: the victim must explicitly allow the code to run.
Sat, 26 Apr 08
CVE-2008-1932 (HD Audio Codec Driver, RTKVHDA.sys, RTKVHDA64.sys)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1932
Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allows local users to execute arbitrary code via a crafted IOCTL request.
Sat, 26 Apr 08
HD Audio Codec Drivers
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1931
Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request.
Sat, 26 Apr 08
VLC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1769
VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.
Sat, 26 Apr 08
VLC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1768
Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.
Fri, 25 Apr 08
Imager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1928
Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause a denial of service (crash) via an image based fill in which the number of input channels is different from the number of output channels.
Fri, 25 Apr 08
perl
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1927
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.
Fri, 25 Apr 08
Util-linux
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1926
Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."
Fri, 25 Apr 08
InspIRCd
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1925
Buffer overflow in InspIRCd before 1.1.18, when using the namesx and uhnames modules, allows remote attackers to cause a denial of service (daemon crash) via a large number of channel users with crafted nicknames, idents, and long hostnames.
Fri, 25 Apr 08
phpMyAdmin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1924
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows attackers with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.
Fri, 25 Apr 08
CVE-2008-1923 (Open Source, Asterisk Business Edition, AsteriskNOW, Asterisk Appliance Developer...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1923
The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.
Thu, 24 Apr 08
CVE-2008-1897 (Open Source, Asterisk Business Edition, AsteriskNOW, Asterisk Appliance Developer...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1897
The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic ampli...
Thu, 24 Apr 08
5th_avenue_shopping_cart
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1921
SQL injection vulnerability in store_pages/category_list.php in 5th Avenue Shopping Cart 1.2 trial edition allows remote attackers to execute arbitrary SQL commands via the category_ID parameter.
Thu, 24 Apr 08
Mirabilis ICQ
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1920
Heap-based buffer overflow in the boxelyRenderer module in the Personal Status Manager feature in ICQ 6.0 build 6043 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted personal status message.
Thu, 24 Apr 08
apartment_search_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1919
SQL injection vulnerability in listtest.php in YourFreeWorld Apartment Search Script allows remote attackers to execute arbitrary SQL commands via the r parameter.
Thu, 24 Apr 08
PHP_Fusion
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1918
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter.
Thu, 24 Apr 08
amfphp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1917
Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) class parameter to (a) methodTable.php, (b) code.php, and (c) details.php in browser/; and the (2) location parameter to browser/code.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 24 Apr 08
Ubercart Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1916
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428.
Thu, 24 Apr 08
blogworx
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1915
SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 24 Apr 08
Photoshop
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1765
Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and possibly After Effects CS3, allows user-assisted remote attackers and physically proximate attackers to execute arbitrary code via a BMP file with an invalid image header. NOTE: the related issue in Photoshop CS3 is already covered by CVE-2007-2244.
Thu, 24 Apr 08
Serendipity
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1386
Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue might be limited.
Thu, 24 Apr 08
Serendipity
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1385
Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
Thu, 24 Apr 08
ie
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6255
Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method.
Wed, 23 Apr 08
bigant_messenger
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1914
Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080. NOTE: some of these details are obtained from third party information.
Wed, 23 Apr 08
lasernet_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1913
SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the new parameter in a new action.
Wed, 23 Apr 08
DivX Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1912
Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long subtitle in a .SRT file.
Wed, 23 Apr 08
1024 CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1911
SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 beta and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a cookpass cookie.
Wed, 23 Apr 08
Interbase
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1910
Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-2007-5244.
Wed, 23 Apr 08
phpkb Knowledge Base
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1909
SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
Wed, 23 Apr 08
cpCommerce
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1908
Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the language parameter in a language action to the default URI, which is not properly handled in actions/language.act.php, or (2) the action parameter to category.php.
Wed, 23 Apr 08
cpCommerce
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1907
Multiple SQL injection vulnerabilities in functions/display_page.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 and CVE-2007-2890.
Wed, 23 Apr 08
cpCommerce
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1906
Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action.
Wed, 23 Apr 08
MediaHome, Nero
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1905
NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Nero 8.3.2.1 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long HTTP request to TCP port 54444, a different vector than CVE-2007-2322.
Wed, 23 Apr 08
CcMail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1904
Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote attackers to obtain access to the "admin area" via a modified this_cookie cookie.
Wed, 23 Apr 08
newsoffice
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1903
PHP remote file inclusion vulnerability in news_show.php in Newanz NewsOffice 1.0 and 1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsoffice_directory parameter.
Wed, 23 Apr 08
aptlinex
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1902
The GUI for aptlinex before 0.91 does not sufficiently warn the user of potentially dangerous actions, which allows remote attackers to remove or modify packages via an apt:// URL.
Wed, 23 Apr 08
aptlinex
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1901
aptlinex before 0.91 allows local users to overwrite arbitrary files via a symlink attack on the gambas-apt.lock temporary file.
Wed, 23 Apr 08
Carbon Communities
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1900
option_Update.asp in Carbon Communities 2.4 and earlier allows remote attackers to edit arbitrary member information via a modified ID field.
Wed, 23 Apr 08
Emacs, sccs
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1694
vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Wed, 23 Apr 08
Python
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1679
Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.
Wed, 23 Apr 08
cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1613
SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter.
Wed, 23 Apr 08
Blender
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1102
Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.
Tue, 22 Apr 08
Works
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1898
WkImgSrv.dll 7.03.0616 in Microsoft Works 7 allows remote attackers to cause a denial of service (crash), probably via an invalid value of the WksPictureInterface property.
Tue, 22 Apr 08
windows-nt, Windows Server 2003, Windows Server 2008
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1436
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS).
Tue, 22 Apr 08
Ikiwiki
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0165
Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.
Tue, 22 Apr 08
Carbon Communities
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1896
Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and the (2) OrderBy parameter to member_send.asp.
Tue, 22 Apr 08
Carbon Communities
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1895
Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to events.asp, the (2) UserName parameter to getpassword.asp, and possibly an unspecified parameter to (3) option_Update.asp in an edit action.
Tue, 22 Apr 08
InfoView
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1894
Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter.
Tue, 22 Apr 08
Online Banking
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1893
PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang parameter.
Tue, 22 Apr 08
blogator_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1892
Cross-site scripting (XSS) vulnerability in bs_auth.php in Blogator-script 0.95 and 1.01 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 22 Apr 08
Ruby
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1891
Directory traversal vulnerability in WEBrick in Ruby 1.9.0 and earlier, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.
Tue, 22 Apr 08
jom_comment
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1890
SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 22 Apr 08
autotutorials
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1889
SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials 2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
Tue, 22 Apr 08
SharePoint Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1888
Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
Tue, 22 Apr 08
Python
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1887
Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.
Tue, 22 Apr 08
download_client
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1886
The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download uses weak cryptography for a KeyCode that blocks unauthorized use of the control, which allows remote attackers to bypass this protection mechanism by calculating the required KeyCode. NOTE: this can be used by arbitrary web sites to host exploit code that targets this control.
Tue, 22 Apr 08
download_client
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1885
Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download allows remote attackers to download arbitrary code onto a client system via a .. (dot dot) in the SkinPath parameter and a .zip URL in the HttpSkin parameter. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Tue, 22 Apr 08
Opus
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1884
Directory traversal vulnerability in index.php in Wikepage Opus 13 2007.2 allows remote attackers to read arbitrary files via directory traversal sequences in the wiki parameter, a different vector than CVE-2006-4418. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 22 Apr 08
Blackboard Academic Suite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1883
The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.
Tue, 22 Apr 08
php_toolkit
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1734
Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Ser...
Sat, 19 Apr 08
poppler
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1693
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.
Sat, 19 Apr 08
VLC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1881
Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.
Sat, 19 Apr 08
xine-lib
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1878
Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.
Sat, 19 Apr 08
Firefox
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6715
Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.
Sat, 19 Apr 08
dbmail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6714
DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.
Sat, 19 Apr 08
tss
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1877
tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges.
Sat, 19 Apr 08
visualpic
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1876
PHP remote file inclusion vulnerability in index.php in VisualPic 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[files][functions_page] parameter.
Sat, 19 Apr 08
advanced_web_photo_gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1875
SQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter.
Sat, 19 Apr 08
xpoze_pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1874
SQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.05 and earlier allows remote authenticated users to execute arbitrary SQL commands via the reed parameter.
Sat, 19 Apr 08
NukeET
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1873
Cross-site scripting (XSS) vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of these details are obtained from third party information.
Sat, 19 Apr 08
comdev_news_publisher
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1872
SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information.
Sat, 19 Apr 08
links_directory
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1871
SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action.
Sat, 19 Apr 08
pigmy-sql
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1870
SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 19 Apr 08
site_sift_listings
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1869
SQL injection vulnerability in Site Sift Listings allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: this issue might be site-specific.
Sat, 19 Apr 08
Pixel Motion Blog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1868
admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information.
Sat, 19 Apr 08
Pixel Motion Blog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1867
SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php.
Sat, 19 Apr 08
Pixel Motion Blog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1866
admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request.
Sat, 19 Apr 08
OpenMosix
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1865
Stack-based buffer overflow in the msx_readnode function in libmosix.c in openmosix-tools (aka userspace-tools) in openMosix might allow local users to cause a denial of service (application crash) via a third-party program that calls this function with a long item argument. NOTE: the vendor does not provide any program that is capable of causing this overflow.
Sat, 19 Apr 08
prozilla_freelancers
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1864
SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter.
Sat, 19 Apr 08
cheats
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1863
SQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 19 Apr 08
ExBB Italia
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1862
ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php.
Sat, 19 Apr 08
ExBB Italia
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1861
Directory traversal vulnerability in modules/threadstop/threadstop.php in ExBB Italia 0.22 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the exbb[default_lang] parameter.
Sat, 19 Apr 08
lokicms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1860
Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter.
Sat, 19 Apr 08
Firefox, Thunderbird, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1380
The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237.
Sat, 19 Apr 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1026
Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow.
Sat, 19 Apr 08
Apple WebKit, Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1025
Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.
Sat, 19 Apr 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1024
Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption.
Sat, 19 Apr 08
CVE-2008-0320 (OpenOffice.org)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0320
Heap-based buffer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted OLE file.
Sat, 19 Apr 08
CVE-2007-5747 (OpenOffice.org)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5747
Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Quattro Pro file.
Fri, 18 Apr 08
OpenOffice
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5746
Heap-based buffer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted EMF file.
Fri, 18 Apr 08
OpenOffice
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5745
Heap-based buffer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro file with crafted (1) Attribute or (2) Font records.
Fri, 18 Apr 08
flip4mac_wmv
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6713
Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown impact and attack vectors related to malformed WMV files.
Fri, 18 Apr 08
socialware
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1859
SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
Fri, 18 Apr 08
724CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1858
SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
Fri, 18 Apr 08
make_our_life_easy
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1857
Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters.
Fri, 18 Apr 08
LinPHA
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1856
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
Fri, 18 Apr 08
CMA
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1855
FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274.
Fri, 18 Apr 08
SmarterMail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1854
Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 18 Apr 08
OpenView Network Node Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1853
The ovtopmd service in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (exit) by sending a 0x36 packet (exit request).
Fri, 18 Apr 08
OpenView Network Node Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1852
ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain requests that specify a large number of sub-arguments, which triggers a NULL pointer dereference due to memory allocation failure.
Fri, 18 Apr 08
OpenView Network Node Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1851
ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (hang) via certain requests that do not provide all required arguments.
Fri, 18 Apr 08
Directory Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0893
Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.
Fri, 18 Apr 08
Directory Server, fedora_directory_server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0892
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.
Fri, 18 Apr 08
openview_network_node_manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0068
Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter.
Fri, 18 Apr 08
DB2 Universal Database
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5758
Stack-based buffer overflow in db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to execute arbitrary code via a long DASPROF environment variable.
Fri, 18 Apr 08
DB2 Universal Database
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5664
db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to overwrite arbitrary files via a symlink attack on files used for initialization.
Fri, 18 Apr 08
osiaffiliate
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1850
Multiple cross-site scripting (XSS) vulnerabilities in login.php in Omnistar Interactive OSI Affiliate allow remote attackers to inject arbitrary web script or HTML via the (1) login, (2) profile, (3) profile2, and (4) ref parameters.
Fri, 18 Apr 08
joomlaexplorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1849
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.
Fri, 18 Apr 08
joomlaexplorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1848
Cross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter in a show_error action to index.php.
Fri, 18 Apr 08
phpAddressBook
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1847
SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook 2.11 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 18 Apr 08
netweaver
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1846
The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file.
Fri, 18 Apr 08
miros
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1845
The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option.
Fri, 18 Apr 08
phphotresources
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1844
SQL injection vulnerability in cat.php in W2B phpHotResources allows remote attackers to execute arbitrary SQL commands via the kind parameter.
Fri, 18 Apr 08
dating_club
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1843
SQL injection vulnerability in browse.php in W2B DatingClub (aka Dating Club) allows remote attackers to execute arbitrary SQL commands via the age_to parameter in a browsebyCat action.
Fri, 18 Apr 08
OpenView Network Node Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1842
Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 7.53 and earlier allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.
Fri, 18 Apr 08
Coppermine Photo Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1841
SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.
Fri, 18 Apr 08
Coppermine Photo Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1840
SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.
Fri, 18 Apr 08
WORK system e-commerce
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1839
Multgiple cross-site scripting (XSS) vulnerabilities in module/main.php in WORK system e-commerce 4.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, and (3) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 18 Apr 08
bos_classifieds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1838
SQL injection vulnerability in BosClassifieds Classified Ads System 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php.
Fri, 18 Apr 08
CVE-2008-1786 (Desktop Management Suite, unicenter_desktop_management_bundle, Unicenter Asset Ma...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1786
Unspecified vulnerability in the DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute abritrary code via crafted function arguments.
Fri, 18 Apr 08
Network Admission Control
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1155
Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows remote attackers to obtain the shared secret for the Clean Access Server (CAS) and Clean Access Manager (CAM) by sniffing error logs.
Fri, 18 Apr 08
ClamAV
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1837
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Fri, 18 Apr 08
ClamAV
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1836
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
Fri, 18 Apr 08
ClamAV
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1835
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
Fri, 18 Apr 08
swfdec
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1834
swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file.
Thu, 17 Apr 08
ClamAV
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1387
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Thu, 17 Apr 08
ClamAV
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1833
Heap-based buffer overflow in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.
Thu, 17 Apr 08
cecilia
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1832
lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the csvers temporary file.
Thu, 17 Apr 08
fireflymediaserver
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1771
Integer overflow in the ws_getpostvars function in Firefly Media Server (formerly mt-daapd) 0.2.4.1 (0.9~r1696-1.2 on Debian) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a large Content-Length.
Thu, 17 Apr 08
ClamAV
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0314
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
Thu, 17 Apr 08
siebel_enterprise
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1831
Multiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka (1) SEBL01, (2) SEBL02, (3) SEBL03, (4) SEBL04, (5) SEBL05, and (6) SEBL06.
Thu, 17 Apr 08
peoplesoft_hcm_eperformance, EnterpriseOne
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1830
Unspecified vulnerability in the PeopleSoft HCM ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 and 9.0 has unknown impact and local attack vectors, aka PSE03.
Thu, 17 Apr 08
EnterpriseOne, PeopleSoft Enterprise
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1829
Unspecified vulnerability in the PeopleSoft HCM Recruiting component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1 has unknown impact and local attack vectors, aka PSE02.
Thu, 17 Apr 08
PeopleSoft Enterprise, EnterpriseOne
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1828
Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.19, 8.48.16, and 8.49.09 has unknown impact and remote authenticated attack vectors, aka PSE01.
Thu, 17 Apr 08
E-Business Suite 11i, E-Business Suite 12
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1827
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 and 12.0.4 have unknown impact and attack vectors related to (a) Advanced Pricing component, aka (1) APP02, (2) APP03, and (3) APP09; (b) Application Object Library component, aka (4) APP04, (5) APP07, and (6) APP11; (c) Applications Manager component, aka (7) APP06; (d) and Applications Technology Stack component, aka (8) APP08.
Thu, 17 Apr 08
E-Business Suite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1826
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and attack vectors related to (a) Advanced Pricing, aka (1) APP01 and (2) APP10; and (b) Applications Framework, aka (3) APP05.
Thu, 17 Apr 08
Application Server 9i
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1825
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 has unknown impact and remote attack vectors, aka AS03.
Thu, 17 Apr 08
Application Server 9i, Application Server 10g
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1824
Unspecified vulnerability in the Oracle Dynamic Monitoring Service component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.3.3 has unknown impact and remote attack vectors, aka AS02.
Thu, 17 Apr 08
JInitiator
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1823
Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.14 has unknown impact and remote attack vectors, aka AS01.
Thu, 17 Apr 08
Application Express
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1822
Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02.
Thu, 17 Apr 08
Database 9i, Database 10g
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1821
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+, and 10.1.0.5 has unknown impact and remote attack vectors related to SYS.DBMS_AQJMS_INTERNAL, aka DB15.
Thu, 17 Apr 08
Database 9i, Database 10g, Database 11g
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1820
Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11.
Thu, 17 Apr 08
Database 9i, Database 10g
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1819
Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09.
Thu, 17 Apr 08
Database 11g
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1818
Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.
Thu, 17 Apr 08
Database 9i, Database 10g, Database 11g
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1817
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown impact and remote attack vectors related to (1) SDO_IDX in the Spatial component, aka DB07; and (2) Core RDBMS, aka DB10.
Thu, 17 Apr 08
Database 10g
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1816
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) SDO_UTIL in the Oracle Spatial component, aka DB05; or (2) fine grained auditing in the Audit component, aka DB14.
Thu, 17 Apr 08
Database 10g, Database 11g
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1815
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to DBMS_CDC_UTILITY, aka DB02.
Thu, 17 Apr 08
Database 9i, Database 10g, Application Server 10g, Collaboration Suite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1814
Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3 and 10.1.2.2; and Oracle Collaboration Suite 10.1.2; haas unknown impact and remote attack vectors, aka DB04.
Thu, 17 Apr 08
Database 9i, Database 10g
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1813
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) Query Optimizer, aka DB13.
Thu, 17 Apr 08
Database 9i, Application Server 10g
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1812
Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+; Application Server 1.0.2.2; and Enterprise Manager for AS 1.0.2.2 and Database 9.0.1.5 has unknown impact and local attack vectors, aka EM01.
Thu, 17 Apr 08
Application Express
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1811
Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors related to flows_030000.wwv_execute_immediate, aka APEX01.
Thu, 17 Apr 08
divxdb
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1800
Multiple cross-site scripting (XSS) vulnerabilities in index.php in DivXDB 2002 0.94b allow remote attackers to inject arbitrary web script or HTML via the (1) choice, (2) _page_, (3) zone_admin, (4) general_search, and (5) import parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 17 Apr 08
CVE-2008-1799 (Sabros.US)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1799
Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.
Thu, 17 Apr 08
dragoon
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1798
Directory traversal vulnerability in forum/kietu/libs/calendrier.php in Dragoon 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cal[lng] parameter.
Thu, 17 Apr 08
webwasher
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1797
Unspecified vulnerability in Secure Computing Webwasher 5.30 before build 3159 and 6.3.0 before build 3150 allows remote attackers to cause a denial of service (freeze) via a crafted URL.
Thu, 17 Apr 08
comix
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1796
Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service.
Thu, 17 Apr 08
Academic Suite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1795
Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.
Thu, 17 Apr 08
webform_module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1794
Multiple cross-site scripting (XSS) vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Thu, 17 Apr 08
smart_photo_ads_gold, smart_classified_ads
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1793
Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Smart Classified ADS Professional, Smart Photo ADS, and Smart Photo ADS Gold allow remote attackers to inject arbitrary web script or HTML via the (1) AdNum and (2) Department parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 17 Apr 08
flickr_module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1792
Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Thu, 17 Apr 08
MyGamingLadder
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1791
SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the ladderid parameter.
Thu, 17 Apr 08
socialware
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1790
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.
Thu, 17 Apr 08
forum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1789
SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.
Thu, 17 Apr 08
entertainers
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1788
SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information.
Thu, 17 Apr 08
Poplar Gedcom Viewer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1787
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Poplar Gedcom Viewer 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) text and (2) ul parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 17 Apr 08
top_100
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1785
delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter.
Thu, 17 Apr 08
topsites
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1784
Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/.
Thu, 17 Apr 08
reviews
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1783
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.
Thu, 17 Apr 08
chartdirector
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1782
phpdemo/viewsource.php in Advanced Software Engineering ChartDirector 4.1 allows remote attackers to read sensitive files via the file parameter.
Tue, 15 Apr 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1780
Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors.
Tue, 15 Apr 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1779
Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets.
Tue, 15 Apr 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1778
Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors.
Tue, 15 Apr 08
eDirectory
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1777
The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028.
Tue, 15 Apr 08
phpblock
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1776
PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter.
Tue, 15 Apr 08
Firewall Analyzer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1775
Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 15 Apr 08
Pligg CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1774
SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Tue, 15 Apr 08
dragoon
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1773
PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
Tue, 15 Apr 08
socialware
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1772
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information.
Tue, 15 Apr 08
libpng
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1382
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
Tue, 15 Apr 08
ClamAV
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1100
Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.
Tue, 15 Apr 08
diskxtender
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0963
Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface.
Tue, 15 Apr 08
diskxtender
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0962
Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface.
Tue, 15 Apr 08
diskxtender
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0961
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.
Tue, 15 Apr 08
eDirectory
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0927
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via crafted Connection: HTTP headers. NOTE: this might be similar to CVE-2008-1777.
Tue, 15 Apr 08
phpBB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1766
Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."
Tue, 15 Apr 08
Opera
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1764
Unspecified vulnerability in Opera for Windows before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs."
Tue, 15 Apr 08
blogator_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1763
SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter.
Tue, 15 Apr 08
Opera
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1762
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers a memory corruption.
Tue, 15 Apr 08
Opera
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1761
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access.
Tue, 15 Apr 08
blogator_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1760
Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.
Tue, 15 Apr 08
kwsphp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1759
SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922.
Tue, 15 Apr 08
kwsphp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1758
SQL injection vulnerability in the ConcoursPhoto module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the C_ID parameter to index.php.
Tue, 15 Apr 08
kwsphp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1757
Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter.
Tue, 15 Apr 08
linux_kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6712
Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux kernel 2.6.21-rc4, when running on 64-bit systems, allows local users to cause a denial of service (infinite loop) via a timer with a large expiry value, which causes the timer to always be expired.
Tue, 15 Apr 08
N1 Grid Engine
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1756
Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine 6.1 allows local users to cause a denial of service (daemon crash) via unspecified vectors.
Tue, 15 Apr 08
world_of_phaos
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1755
Directory traversal vulnerability in the showSource function in showSource.php in World of Phaos 4.0.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.
Tue, 15 Apr 08
Altiris Deployment Solution
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1754
Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory.
Tue, 15 Apr 08
OpenCms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1753
Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510.
Tue, 15 Apr 08
ezradius
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1752
ezRADIUS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for (1) config.ini or (2) database.ini. NOTE: some of these details are obtained from third party information.
Tue, 15 Apr 08
ksemail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1751
Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) language and (2) lang parameters.
Tue, 15 Apr 08
livecart
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1750
SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to the /category URI.
Tue, 15 Apr 08
PU Arcade, com_puarcade
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1733
SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php.
Tue, 15 Apr 08
predictionfootball
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1732
SQL injection vulnerability in showpredictionsformatch.php in Prediction Football 1.x allows remote attackers to execute arbitrary SQL commands via the matchid parameter in a dupa action.
Tue, 15 Apr 08
simple_access_module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1731
The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking.
Tue, 15 Apr 08
gallery_script_lite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1730
Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter.
Tue, 15 Apr 08
Drupal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1729
The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types.
Tue, 15 Apr 08
Openfire
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1728
ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote attackers to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages.
Tue, 15 Apr 08
knowledgequest
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1727
KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts.
Tue, 15 Apr 08
knowledgequest
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1726
Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php.
Tue, 15 Apr 08
ibiz
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1725
The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE: some of these details are obtained from third party information.
Sat, 12 Apr 08
securetransport_server_app
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1724
Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile parameter.
Sat, 12 Apr 08
Enterprise Message Service, iprocess_engine
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1704
Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server.
Sat, 12 Apr 08
CVE-2008-1703 (Rendezvous, rendezvous_tx, rendezvous_datasecurity, Runtime Agent, Hawk, iprocess...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1703
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.
Sat, 12 Apr 08
policykit
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1658
Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password.
Fri, 11 Apr 08
CUPS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1722
Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image.
Fri, 11 Apr 08
Python
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1721
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
Fri, 11 Apr 08
rsync
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1720
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.
Fri, 11 Apr 08
NukeET
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1719
Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET 3.2 and 3.4 allow remote attackers to perform actions as administrators, as demonstrated by inserting an XSS sequence into a document.
Fri, 11 Apr 08
Lotus Notes, KeyView
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1718
Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail (MIME) attachment.
Fri, 11 Apr 08
Lotus Notes, KeyView
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1101
Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document.
Fri, 11 Apr 08
Lotus Notes, KeyView
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0066
Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element.
Fri, 11 Apr 08
Lotus Notes, Mail Security, mail_security_appliance, KeyView, docconverter
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6020
Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file.
Fri, 11 Apr 08
Lotus Notes, Mail Security, KeyView
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5406
kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file.
Fri, 11 Apr 08
Lotus Notes, Mail Security, mail_security_appliance, KeyView, docconverter
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5405
Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag.
Fri, 11 Apr 08
Lotus Notes, KeyView
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5399
Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority, (8) Importance, or (9) X-MSMail-Priority header; (10) a long string at the beginning of an RFC2047 encoded-word in a header; (11) a long text string in an RFC2047 encoded-word in a header; or (12) a long Subject header, r...
Fri, 11 Apr 08
Burning Board
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1717
WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found.
Fri, 11 Apr 08
Burning Board
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1716
Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are not properly handled when they are reflected back in an error message.
Fri, 11 Apr 08
AuraCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1715
SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter.
Fri, 11 Apr 08
Faphoto
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1714
SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 11 Apr 08
email_server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1713
MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attackers to cause a denial of service (application crash) via a long string to IMAP port (143/tcp).
Fri, 11 Apr 08
mxBB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1712
PHP remote file inclusion vulnerability in includes/functions_weblog.php in mxbBB mx_blogs 2.0.0 beta allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
Fri, 11 Apr 08
Flash Player, Flex, AIR
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1655
Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
Fri, 11 Apr 08
Flash Player, Flex, AIR
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6019
Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.
Fri, 11 Apr 08
Flash Player, Flex, AIR
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0071
Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via unknown vectors related to "input validation errors."
Fri, 11 Apr 08
advanced_web_photo_gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1711
Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
Fri, 11 Apr 08
AIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1710
Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable.
Fri, 11 Apr 08
Visual InterDev
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1709
Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long malformed Project line beginning with a 'Project("{}") =' sequence, probably a different vector than CVE-2008-0250.
Fri, 11 Apr 08
solidDB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1708
IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service (daemon exit) via a packet with a large value in this field.
Thu, 10 Apr 08
solidDB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1707
IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a packet with an 0x11 value in a certain "type" field.
Thu, 10 Apr 08
solidDB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1706
Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large value in a certain 32-bit field.
Thu, 10 Apr 08
solidDB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1705
Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields.
Thu, 10 Apr 08
m4
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1688
Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.
Thu, 10 Apr 08
m4
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1687
The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.
Thu, 10 Apr 08
ColdFusion
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1656
Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725.
Thu, 10 Apr 08
Visio, Office
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1090
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
Thu, 10 Apr 08
Visio, Office
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1089
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
Thu, 10 Apr 08
Project
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1088
Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
Thu, 10 Apr 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1087
Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
Thu, 10 Apr 08
Internet Explorer, windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1086
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
Thu, 10 Apr 08
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1085
Use after free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.
Thu, 10 Apr 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1084
Unspecified vulnerability in the kernel in Microsoft Windows 200 SP4, XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation.
Thu, 10 Apr 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1083
Heap-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers improper "integer calculations," aka "GDI Heap Overflow Vulnerability."
Thu, 10 Apr 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0087
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
Thu, 10 Apr 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0083
The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, does not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
Wed, 9 Apr 08
e107
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1702
Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information.
Wed, 9 Apr 08
iPrint
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1701
Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request.
Wed, 9 Apr 08
worksite_web
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1700
The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to cause a denial of service (memory consumption) via a large number of SendNrlLink directives, which opens a separate window for each directive.
Wed, 9 Apr 08
libfishsound
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1686
Uncontrolled array index in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
Wed, 9 Apr 08
worksite_web
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1617
Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null.
Wed, 9 Apr 08
rx2660, bl860c, rx3600, rx6600
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0711
Unspecified vulnerability in the embedded management console in HP iLO-2 Management Processors (iLO-2 MP), as used in Integrity Servers rx2660, rx3600, and rx6600, and Integrity Blade Server model bl860c, allows remote attackers to cause a denial of service via unknown vectors.
Wed, 9 Apr 08
writers_block_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1699
SQL injection vulnerability in permalink.php in Desi Quintans Writer's Block CMS 3.8a allows remote attackers to execute arbitrary SQL commands via the PostID parameter.
Wed, 9 Apr 08
simple_gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1698
Cross-site scripting (XSS) vulnerability in gallery.php in Simple Gallery 2.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 9 Apr 08
OpenView Network Node Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1697
Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.51 allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topology/homeBaseView request. NOTE: some of these details are obtained from third party information.
Wed, 9 Apr 08
dazphpnews
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1696
Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the prefixdir parameter.
Wed, 9 Apr 08
norton_360, Norton Antivirus, Norton Internet Security, system_works
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0313
The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share.
Wed, 9 Apr 08
norton_360, Norton Antivirus, Norton Internet Security, Norton System Works
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0312
Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information.
Wed, 9 Apr 08
eterm
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1692
Eterm 0.9.4 opens an xterm on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.
Wed, 9 Apr 08
Firebox_PPTP_VPN
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1618
The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes during depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames.
Wed, 9 Apr 08
arcserve_backup_laptops_and_desktops, Desktop Management Suite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1329
Unspecified vulnerability in the NetBackup service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary commands, related to "insufficient verification of file uploads."
Wed, 9 Apr 08
arcserve_backup_laptops_and_desktops, Desktop Management Suite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1328
Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments."
Wed, 9 Apr 08
CVE-2007-4620 (Anti-Virus for the Enterprise, threat_manager_for_the_enterprise, BrightStor ARCs...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4620
Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.
Wed, 9 Apr 08
SLMail Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1691
Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (UDP service outage) via a large packet to UDP port 54. NOTE: some of these details are obtained from third party information.
Wed, 9 Apr 08
SLMail Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1690
WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: some of these details are obtained from third party information.
Wed, 9 Apr 08
SLMail Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1689
Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long request header in an HTTP request to TCP port 801. NOTE: some of these details are obtained from third party information.
Wed, 9 Apr 08
Rxvt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1142
rxvt 2.6.4 opens an xterm on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.
Wed, 9 Apr 08
Select Identity
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0709
Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214.
Wed, 9 Apr 08
UnixWare
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0310
Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST.
Tue, 8 Apr 08
GCC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1685
gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might remove length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks.
Tue, 8 Apr 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1684
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.
Tue, 8 Apr 08
fedora
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1683
xscreensaver on Fedora 8, when an NIS authentication server is enabled, exits if this server is unavailable as the xscreensaver process is starting, which allows physically proximate attackers to gain access to a workstation session for which locking was intended, a related issue to CVE-2007-1859.
Tue, 8 Apr 08
orbit_downloader
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1602
Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows remote attackers to execute arbitrary code via a long download URL, which is not properly handled during Unicode conversion for a balloon notification after a download has failed.
Tue, 8 Apr 08
Screensaver
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0887
gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.
Tue, 8 Apr 08
442084-B21, 442085-B21, ProLiant
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0708
HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) 442085-B21 for certain HP ProLiant servers contain the (a) W32.Fakerecy and (b) W32.SillyFDC worms, which might be launched if the server does not have up-to-date detection.
Tue, 8 Apr 08
CaliberRM
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0311
Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request.
Tue, 8 Apr 08
online_flashquiz
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1682
PHP remote file inclusion vulnerability in quiz/common/db_config.inc.php in the Online FlashQuiz (com_onlineflashquiz) 1.0.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter.
Tue, 8 Apr 08
DB2 Content Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1681
Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege.
Tue, 8 Apr 08
CVE-2008-1154 (Unified Communications Manager, Unified Presence, Emergency Responder, Mobility M...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1154
The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.
Tue, 8 Apr 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1023
Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file.
Tue, 8 Apr 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1022
Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size.
Tue, 8 Apr 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1021
Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding.
Tue, 8 Apr 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1020
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages.
Tue, 8 Apr 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1019
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop.
Tue, 8 Apr 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1018
Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom.
Tue, 8 Apr 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1017
Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
Tue, 8 Apr 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1016
Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.
Tue, 8 Apr 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1015
Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
Tue, 8 Apr 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1014
Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information.
Tue, 8 Apr 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1013
Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet.
Tue, 8 Apr 08
PHP-Nuke
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1680
PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magic_quotes_gpc.
Tue, 8 Apr 08
CUPS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1374
Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888.
Tue, 8 Apr 08
CUPS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1373
Buffer overflow in the gif_read_lzw in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.
Tue, 8 Apr 08
lspp-eal4-config-ibm, capp-lspp-eal4-config-hp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0884
The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a change to world-writable permissions for the /etc/pam.d/system-auth-ac file, which allows local users to gain privileges by modifying this file.
Tue, 8 Apr 08
Apache-SSL
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0555
The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
Tue, 8 Apr 08
InstallShield
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5661
The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.
Fri, 4 Apr 08
CVE-2008-1331
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1331
Unspecified vulnerability in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to obtain OXO resources via an unspecified CGI script.
Fri, 4 Apr 08
OpenSSH, Open_BSD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1657
OpenSSH before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Fri, 4 Apr 08
Flash
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1654
Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.
Fri, 4 Apr 08
Savas Link Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1653
Directory traversal vulnerability in index.php in Sava's Link Manager 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 4 Apr 08
perlbal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1652
Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an unspecified parameter. NOTE: some of these details are obtained from third party information.
Fri, 4 Apr 08
EasyNews
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1651
Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
Fri, 4 Apr 08
EasyNews
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1650
SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_News action.
Fri, 4 Apr 08
EasyNews
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1649
Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action.
Fri, 4 Apr 08
Sympa
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1648
Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party information.
Fri, 4 Apr 08
ChilkatHttp ActiveX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1647
The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained from third party information.
Fri, 4 Apr 08
WP-Download
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1646
SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter.
Fri, 4 Apr 08
PHP SpamManager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1645
Directory traversal vulnerability in body.php in phpSpamManager (phpSM) 0.53 beta allows remote attackers to read arbitrary local files via a .. (dot dot) in the filename parameter.
Fri, 4 Apr 08
Savas Link Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1644
SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 4 Apr 08
LANDesk Management Suite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1643
Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors.
Fri, 4 Apr 08
Savas Guestbook
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1642
Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 4 Apr 08
Video
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1641
SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter.
Fri, 4 Apr 08
JGS_Treffen
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1640
SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treffen 2.0.2 and earlier addon for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the view_id parameter in an ansicht action.
Fri, 4 Apr 08
Weblog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1639
SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php.
Fri, 4 Apr 08
NIK Sharpener Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1638
Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse.
Fri, 4 Apr 08
Recursor
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1637
PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.
Fri, 4 Apr 08
Quick Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1636
Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 4 Apr 08
Keep It Simple Guest Book
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1635
Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tmp_theme parameter. NOTE: 5.1.1 is also reportedly affected.
Fri, 4 Apr 08
Folder Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1634
Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder Gallery 3.1 allows remote attackers to inject arbitrary web script or HTML via the image parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 4 Apr 08
Rescue
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1633
Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown impact and attack vectors, related to the use of (1) /tmp and (2) MINDI_CACHE.
Fri, 4 Apr 08
CuteFlow
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1632
Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) listid parameter to pages/editmailinglist_step1.php, the (2) userid parameter to pages/edituser.php, the (3) fieldid parameter to pages/editfield.php, and the (4) templateid to pages/edittemplate_step1.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 4 Apr 08
CuteFlow
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1631
SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php.
Thu, 3 Apr 08
CuteFlow
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1630
Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) page/showcirculation.php; and (2) edittemplate_step2.php, (3) showfields.php, (4) showuser.php, (5) editmailinglist_step1.php, and (6) showtemplates.php in pages/.
Thu, 3 Apr 08
PHPkrm
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1629
Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Thu, 3 Apr 08
Audit
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1628
Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information.
Thu, 3 Apr 08
Invenio
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1627
CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID.
Thu, 3 Apr 08
eggblog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1626
SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159.
Thu, 3 Apr 08
Avast Antivirus Home, Avast Antivirus Professional
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1625
aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.
Thu, 3 Apr 08
JShop Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1624
Directory traversal vulnerability in v2demo/page.php in Jshop Server 1.x through 2.x allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xPage parameter.
Thu, 3 Apr 08
Smoothflash
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1623
SQL injection vulnerability in admin_view_image.php in Smoothflash allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Thu, 3 Apr 08
GeeCarts
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1622
Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow remote attackers to execute arbitrary PHP code via a URL in the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 3 Apr 08
GeeCarts
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1621
Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 3 Apr 08
ThinClientServer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1620
Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0.0 and earlier in 2X ThinClientServer 5.0_sp1-r3497 and earlier allows remote attackers to read or overwrite arbitrary files via a ... (dot dot dot) in the filename.
Thu, 3 Apr 08
XnView
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0069
Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than CVE-2008-1461.
Thu, 3 Apr 08
Xen
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1619
The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool.
Thu, 3 Apr 08
suPHP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1614
suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges.
Wed, 2 Apr 08
Squid
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1612
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
Wed, 2 Apr 08
OTRS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1515
The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 does not perform any "security checks," which allows remote attackers to "read and modify objects" via SOAP requests.
Wed, 2 Apr 08
winagents_tftp_server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1611
Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request.
Wed, 2 Apr 08
tftp_server_pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1610
Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long mode field in a read or write request.
Wed, 2 Apr 08
jaf_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1609
Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter to forum/forum.php. NOTE: other main_dir vectors are already covered by CVE-2006-7127.
Wed, 2 Apr 08
Clever Copy
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1608
SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 2 Apr 08
Bomba Haber
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1607
SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba Haber 2.0 allows remote attackers to execute arbitrary SQL commands via the haber parameter.
Wed, 2 Apr 08
elastic_path
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1606
Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a ".." (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp.
Wed, 2 Apr 08
multimedia_toolkit
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1605
The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method.
Wed, 2 Apr 08
perlmailer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1604
Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Wed, 2 Apr 08
designform
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1603
Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the email form.
Wed, 2 Apr 08
AIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1601
Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges.
Wed, 2 Apr 08
AIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1600
The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.
Wed, 2 Apr 08
AIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1599
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.
Wed, 2 Apr 08
AIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1598
The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors.
Wed, 2 Apr 08
AIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1597
The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior."
Wed, 2 Apr 08
AIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1596
Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks in the TSD_FILES_LOCK policy for modifications performed via hard links, a different vulnerability than CVE-2007-6680.
Wed, 2 Apr 08
AIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1595
The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information.
Wed, 2 Apr 08
AIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1594
The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size.
Wed, 2 Apr 08
AIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1593
The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function.
Wed, 2 Apr 08
WebSphere MQ
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1592
MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels."
Wed, 2 Apr 08
PostNuke
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1591
The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable).
Wed, 2 Apr 08
hpqflash_for_hp_notebook_system_bios, Presario C700, G7000, Presario A900
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0706
Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password.
Wed, 2 Apr 08
CVE-2008-0211 (2210 Series BIOS, 2510 Series BIOS, 2710 Series BIOS, 6510 Series BIOS, 6710 Seri...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0211
Unspecified vulnerability in the BIOS F.04 through F.11 for the HP Compaq Business Notebook PC allows local users to cause a denial of service via unspecified vectors.
Wed, 2 Apr 08
policyd-weight
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1570
Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for CVE-2008-1569.
Wed, 2 Apr 08
policyd-weight
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1569
policyd-weight before 0.1.14 beta-16 allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket.
Wed, 2 Apr 08
comix
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1568
comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.
Wed, 2 Apr 08
phpMyAdmin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1567
phpMyAdmin before 2.11.5.1 stores the (1) MySQL username, (2) password, and the (2) Blowfish secret key in plaintext in the /tmp Session file, which allows local users to obtain sensitive information.
Wed, 2 Apr 08
Applications Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1566
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 2 Apr 08
pjirc_module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1565
Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0.5 module for phpBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter.
Wed, 2 Apr 08
file_transfer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1564
Directory traversal vulnerability in Dan Costin File Transfer before 1.2f allows remote attackers to read arbitrary files via a ".." (dot dot backslash) in the filename.
Wed, 2 Apr 08
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1563
The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Wed, 2 Apr 08
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1562
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
Wed, 2 Apr 08
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1561
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang.
Wed, 2 Apr 08
digidomain
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1560
Multiple cross-site scripting (XSS) vulnerabilities in Digiappz DigiDomain 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) domain parameter to lookup_result.asp, and the (2) word1 and (3) word2 parameters to suggest_result.asp.
Wed, 2 Apr 08
Joomla
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1559
SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
Wed, 2 Apr 08
MPlayer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1558
Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow.
Wed, 2 Apr 08
BolinOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1557
BolinOS 4.6.1 allows remote attackers to obtain sensitive information via a direct request to system/actionspages/_b/contentFiles/gBphpInfo.php, which calls the phpinfo function.
Wed, 2 Apr 08
BolinOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1556
Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) system/actionspages/_b/contentFiles/gBImageViewer.php, (2) ForEditor parameter to (b) system/actionspages/_b/contentFiles/gBselectorContents.php, (3) the PATH_INFO to (c) gBLoginPage.php and (d) gBPassword.php in system/actionspages/_b/contentFiles/, (4) formlogin parameter to system/actionspages/_b/contentFiles/gBLoginPage.php, an...
Wed, 2 Apr 08
BolinOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1555
Directory traversal vulnerability in system/_b/contentFiles/gbincluder.php in BolinOS 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _bFileToInclude parameter.
Wed, 2 Apr 08
TopperMod
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1554
SQL injection vulnerability in account/index.php in TopperMod 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a non-alphanumeric first character the localita parameter, which bypasses a protection mechanism.
Wed, 2 Apr 08
TopperMod
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1553
Directory traversal vulnerability in mod.php in TopperMod 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the to parameter.
Wed, 2 Apr 08
SILC Toolkit, SILC Client, silc_server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1552
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.
Wed, 2 Apr 08
RunCMS, photo_module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1551
SQL injection vulnerability in viewcat.php in the Photo 3.02 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Wed, 2 Apr 08
cubecart
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1550
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 2 Apr 08
Aeries Student Information System
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1549
Multiple SQL injection vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to execute arbitrary SQL commands via the (1) GrdBk parameter to GradebookOptions.asp and the (2) SchlCode variable to loginproc.asp, a different vector than CVE-2008-0942.
Wed, 2 Apr 08
Aeries Student Information System
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1548
Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to inject arbitrary web script or HTML via the (1) UserName parameter to loginproc.asp and the (2) usr parameter to Login.asp.
Wed, 2 Apr 08
Orb
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0070
Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA allows remote attackers to execute arbitrary code via an RPC request that specifies a large number of array dimensions, which triggers a heap-based buffer overflow.
Wed, 2 Apr 08
GB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1546
servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command.
Wed, 2 Apr 08
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1545
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size.
Wed, 2 Apr 08
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1544
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, and (3) bypass referrer restrictions via an incorrect Referer header.
Wed, 2 Apr 08
prost_web_management
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1543
The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262.
Wed, 2 Apr 08
base_station_distribution_unit
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1542
Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262.
Wed, 2 Apr 08
open_vms_tcp-ip_services
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0704
Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Services on OpenVMS on the Alpha platform with 5.4 before ECO 7, and on the Integrity and Alpha platforms with 5.5 before ECO 3 and 5.6 before ECO 2, allows remote attackers to obtain unspecified access via unknown vectors.