Software Vulnerability
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Archives
| Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |Mon, 30 Jun 08
PHPauction
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2900
SQL injection vulnerability in item.php in PHPAuction 3.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Mon, 30 Jun 08
j00lean-cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2899
Unspecified vulnerability in includes/classes/page.php in j00lean-CMS 1.03 has unknown impact and attack vectors.
Mon, 30 Jun 08
hedgehog-cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2898
Directory traversal vulnerability in includes/header.php in Hedgehog-CMS 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the c_temp_path parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
Mon, 30 Jun 08
pagesquid_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2897
SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta allows remote attackers to execute arbitrary SQL commands via the page parameter.
Mon, 30 Jun 08
fireant
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2896
Directory traversal vulnerability in index.php in FireAnt 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
Mon, 30 Jun 08
aproxengine
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2895
Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
Mon, 30 Jun 08
nch_software_classic_ftp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2894
Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
Mon, 30 Jun 08
aj_square_aj-hyip
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2893
SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-2532.
Mon, 30 Jun 08
exp_shop_component
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2892
SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.
Mon, 30 Jun 08
emuCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2891
SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a category action.
Sat, 28 Jun 08
online_fantasy_football_league
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2890
Multiple SQL injection vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fflteam_id parameter to teams.php, the (2) league_id parameter to leagues.php, and the (3) player_id parameter to players.php.
Sat, 28 Jun 08
wise_ftp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2889
Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP 4.1.0 and 5.5.8 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.
Sat, 28 Jun 08
migcms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2888
Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[application][app_root] parameter to (1) collection.class.php and (2) content_image.class.php in lib/obj/.
Sat, 28 Jun 08
fubarforum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2887
Directory traversal vulnerability in index.php in chaozz@work FubarForum 1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
Sat, 28 Jun 08
Jamroom
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2886
PHP remote file inclusion vulnerability in include/plugins/jrBrowser/purchase.php in Jamroom 3.3.0 through 3.3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter.
Sat, 28 Jun 08
odars
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2885
PHP remote file inclusion vulnerability in src/browser/resource/categories/resource_categories_view.php in Open Digital Assets Repository System (ODARS) 1.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CLASSES_ROOT parameter.
Sat, 28 Jun 08
rss_aggregator
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2884
PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information.
Fri, 27 Jun 08
Jamroom
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2883
PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter. NOTE: some of these details are obtained from third party information.
Fri, 27 Jun 08
shibby_shop
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2882
upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.
Fri, 27 Jun 08
relative_real_estate_systems
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2881
Relative Real Estate Systems 3.0 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
Fri, 27 Jun 08
afp_viewer_plug-in
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2880
Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and 3.2.1.1 allows remote attackers to execute arbitrary code via a long SRC property value. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 27 Jun 08
benja_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2879
Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers to add or delete a menu.
Fri, 27 Jun 08
academic_web_tools
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2878
Open redirect vulnerability in rss_getfile.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter.
Fri, 27 Jun 08
cmsworks
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2877
PHP remote file inclusion vulnerability in admin/include/lib.module.php in cmsWorks 2.2 RC4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter.
Fri, 27 Jun 08
munky
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2876
Directory traversal vulnerability in index.php in mUnky 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the zone parameter.
Fri, 27 Jun 08
webdevindo-cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2875
SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 allows remote attackers to execute arbitrary SQL commands via the hal parameter.
Fri, 27 Jun 08
softbiz_jokes_and_funny_pics_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2874
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbjoke_id parameter, a different vector than CVE-2008-1050.
Fri, 27 Jun 08
shibby_shop
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2873
sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.
Fri, 27 Jun 08
shibby_shop
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2872
SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.
Fri, 27 Jun 08
PEGames
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2871
Multiple cross-site scripting (XSS) vulnerabilities in template2.php in PEGames allow remote attackers to inject arbitrary web script or HTML via the (1) sitetitle, (2) sitenav, (3) sitemain, and (4) sitealt parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 27 Jun 08
sharecms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2870
Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow remote attackers to execute arbitrary SQL commands via the (1) eventID parameter to event_info.php and the (2) userID parameter to list_user.php.
Fri, 27 Jun 08
link_ads_1
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2869
SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
Fri, 27 Jun 08
DUcalendar
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2868
SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter.
Fri, 27 Jun 08
viral_dx_1
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2867
SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter.
Fri, 27 Jun 08
Unified CallManager, Unified Communications Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2730
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843.
Fri, 27 Jun 08
Unified CallManager, Unified Communications Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2062
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.
Fri, 27 Jun 08
Unified CallManager, Unified Communications Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2061
The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748.
Thu, 26 Jun 08
cauposhop_classic
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2866
SQL injection vulnerability in csc_article_details.php in Caupo.net CaupoShop Classic 1.3 allows remote attackers to execute arbitrary SQL commands via the saArticle[ID] parameter.
Thu, 26 Jun 08
php_site_lock
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2865
SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site Lock 2.0 allows remote attackers to execute arbitrary SQL commands via the articleid parameter in a show_article action.
Thu, 26 Jun 08
site_composer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2864
eLineStudio Site Composer (ESC) 2.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) trigger.asp or (2) common2.asp in cms/include/, which reveals the database path.
Thu, 26 Jun 08
site_composer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2863
Multiple absolute path traversal vulnerabilities in eLineStudio Site Composer (ESC) 2.6 allow remote attackers to create or delete arbitrary directories via a full pathname in the inpCurrFolder parameter to (1) folderdel_.asp or (2) foldernew.asp in cms/assetmanager/.
Thu, 26 Jun 08
site_composer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2862
Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp.
Thu, 26 Jun 08
site_composer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2861
Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail parameters to login.asp.
Thu, 26 Jun 08
aj_auction
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2860
SQL injection vulnerability in category.php in AJSquare AJ Auction Pro web 2.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
Thu, 26 Jun 08
SurgeMail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2859
Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command."
Thu, 26 Jun 08
webchamado
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2858
SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 26 Jun 08
AskMe Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2857
AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
Thu, 26 Jun 08
ownrs
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2856
SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Thu, 26 Jun 08
ownrs
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2855
Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Thu, 26 Jun 08
orlando_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2854
Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[preloc] parameter to (1) modules/core/logger/init.php and (2) AJAX/newscat.php.
Thu, 26 Jun 08
easy_webstore
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2853
SQL injection vulnerability in index.php in Easy Webstore 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_path parameter.
Thu, 26 Jun 08
CGIWrap
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2852
Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when an Internet Explorer based browser is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to failure to set the charset in error messages.
Thu, 26 Jun 08
offsystem
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2851
Multiple buffer overflows in OFF System before 0.19.14 allow remote attackers to have an unknown impact via unspecified vectors related to "parsing of http headers."
Thu, 26 Jun 08
trailscout_module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2850
SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API.
Thu, 26 Jun 08
trailscout_module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2849
Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors.
Thu, 26 Jun 08
DekiWiki
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2848
Cross-site scripting (XSS) vulnerability in the search functionality in MindTouch DekiWiki before 8.05.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Thu, 26 Jun 08
maxtrade_aoi
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2847
SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 allows remote attackers to execute arbitrary SQL commands via the categori parameter in a pocategorisell action to modules.php.
Thu, 26 Jun 08
boatscripts_classifieds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2846
SQL injection vulnerability in index.php in BoatScripts Classifieds allows remote attackers to execute arbitrary SQL commands via the type parameter.
Thu, 26 Jun 08
mybizz-classifieds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2845
SQL injection vulnerability in index.php in MyBizz-Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Thu, 26 Jun 08
carscripts_classifieds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2844
SQL injection vulnerability in index.php in Carscripts Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Thu, 26 Jun 08
cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2843
Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp.
Thu, 26 Jun 08
cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2842
Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doITLive CMS 2.50 and earlier allows remote attackers to inject arbitrary web script or HTML via the FILE parameter.
Thu, 26 Jun 08
Acrobat Reader, Acrobat 3D
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2641
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."
Thu, 26 Jun 08
enterprise_linux, desktop, desktop_workstation
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1951
Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries before 1-13a.el4_6.1 in Red Hat Enterprise Linux (RHEL) 4, and before 1-31.el5_2.1 in RHEL 5, allows local users to gain privileges via a malicious library in a certain subdirectory of /var/tmp, related to an incorrect RPATH setting, as demonstrated by a malicious libc.so library for tog-pegasus.
Thu, 26 Jun 08
XChat, ie
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2841
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.
Thu, 26 Jun 08
exero_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2840
Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompage.php, (2) errors/404.php, (3) members/memberslist.php, (4) members/profile.php, (5) news/fullview.php, (6) news/index.php, (7) nopermission.php, (8) usercp/avatar.php, or (9) usercp/editpassword.php in themes/Default/. NOTE: some of these details are obtained from third party information.
Thu, 26 Jun 08
traindepot
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2839
Cross-site scripting (XSS) vulnerability in the search module in Traindepot 0.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to index.php.
Thu, 26 Jun 08
traindepot
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2838
Directory traversal vulnerability in index.php in Traindepot 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter.
Thu, 26 Jun 08
cms-brd
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2837
SQL injection vulnerability in index.php in CMS-BRD allows remote attackers to execute arbitrary SQL commands via the menuclick parameter.
Thu, 26 Jun 08
WebCalendar
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2836
PHP remote file inclusion vulnerability in send_reminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter and a 0 value for the noSet parameter, a different vector than CVE-2007-1483.
Thu, 26 Jun 08
igsuite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2835
SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows remote attackers to execute arbitrary SQL commands via the formid parameter.
Thu, 26 Jun 08
scientific_image_database
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2834
SQL injection vulnerability in projects.php in Scientific Image DataBase 0.41 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Thu, 26 Jun 08
CVE-2008-2833 (le.cms)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2833
admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters.
Thu, 26 Jun 08
aspwebcalendar2008
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2832
Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/.
Thu, 26 Jun 08
Ruby
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2726
Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
Thu, 26 Jun 08
Ruby
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2725
Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative...
Thu, 26 Jun 08
Ruby
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2664
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, althou...
Thu, 26 Jun 08
Ruby
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2663
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritativ...
Thu, 26 Jun 08
Ruby
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2662
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to R...
Thu, 26 Jun 08
nconvert, gfl_sdk, xnview
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2427
Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file.
Thu, 26 Jun 08
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2830
ARDAgent in Apple Mac OS X 10.4 and 10.5 allows local users to gain privileges via an osascript tell command.
Thu, 26 Jun 08
PHP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2829
php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message.
Thu, 26 Jun 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2307
Unspecified vulnerability in WebKit in Apple Safari before 3.1.2 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.
Thu, 26 Jun 08
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2306
Apple Safari before 3.1.2 on Windows does not follow certain Internet Explorer zone settings that limit the automatic downloading of files and automatic launching of executables, which allows remote attackers to bypass intended access restrictions and execute arbitrary code.
Thu, 26 Jun 08
TMSNC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2828
Stack-based buffer overflow in tmsnc allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an MSN packet with a UBX commands containing a large UBX payload length field.
Thu, 26 Jun 08
perl
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2827
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.
Thu, 26 Jun 08
xen_para_virtualized_frame_buffer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1952
The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amoount of guest memory.
Thu, 26 Jun 08
CVE-2008-2825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2825
Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Thu, 26 Jun 08
WorkCentre
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2824
Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors.
Thu, 26 Jun 08
phpeasyblog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2823
SQL injection vulnerability in newsarchive.php in PHPeasyblog (formerly phpeasynews) 1.13 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.
Thu, 26 Jun 08
3d-ftp_client
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2822
Multiple directory traversal vulnerabilities in the FTP client in 3D-FTP Client 8.01 (8.0 build 1) allow remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a (1) LIST or (2) MLSD command.
Thu, 26 Jun 08
secure_ftp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2821
Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.
Thu, 26 Jun 08
open_azimyt_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2820
Directory traversal vulnerability in lang/lang-system.php in Open Azimyt CMS 0.22 minimal and 0.21 stable allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
Thu, 26 Jun 08
blognplus
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2819
SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and earlier MySQL and PostgreSQL editions allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Thu, 26 Jun 08
Easy-Clanpage
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2818
Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the section parameter to the default URI.
Thu, 26 Jun 08
nitro_web_gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2817
SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action.
Thu, 26 Jun 08
oxygen
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2816
SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin Board) 2.0 allows remote attackers to execute arbitrary SQL commands via the repquote parameter in a reply action, a different vector than CVE-2006-1572.
Thu, 26 Jun 08
mymarket
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2815
SQL injection vulnerability in shopping/index.php in MyMarket 1.72 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Thu, 26 Jun 08
wallcity-server_shoutcast_admin_panel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2814
Cross-site scripting (XSS) vulnerability in WallCity-Server Shoutcast Admin Panel 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter to the login interface. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 26 Jun 08
wallcity-server_shoutcast_admin_panel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2813
Directory traversal vulnerability in index.php in WallCity-Server Shoutcast Admin Panel 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
Sat, 21 Jun 08
OpUtils
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2797
Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 21 Jun 08
FreeCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2796
SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
Sat, 21 Jun 08
UltraEdit
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2795
Directory traversal vulnerability in the FTP and SFTP clients in IDM Computer Solutions Inc UltraEdit 14.00b allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) or a .. (dot dot backslash) in a response to a LIST command.
Sat, 21 Jun 08
Altiris Notification Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2794
Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors.
Sat, 21 Jun 08
ClipShare
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2793
SQL injection vulnerability in group_posts.php in ClipShare before 3.0.1 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
Sat, 21 Jun 08
eroCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2792
SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter.
Sat, 21 Jun 08
Comparison Engine Power Script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2791
SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 21 Jun 08
easyTrade
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2790
SQL injection vulnerability in detail.php in MountainGrafix easyTrade 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 21 Jun 08
BASIC-CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2789
SQL injection vulnerability in pages/index.php in BASIC-CMS allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
Sat, 21 Jun 08
OpenDocMan
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2788
Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.
Sat, 21 Jun 08
OpenDocMan
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2787
Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter.
Sat, 21 Jun 08
PHP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2666
Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.
Sat, 21 Jun 08
PHP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2665
Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run.
Sat, 21 Jun 08
Firefox
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2786
Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes.
Sat, 21 Jun 08
Firefox
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2785
Unspecified vulnerability in Firefox 3.0 and 2.0.x has unknown impact and remote attack vectors, aka ZDI-CAN-349.
Sat, 21 Jun 08
spamdyke
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2784
The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.
Sat, 21 Jun 08
Groupware, Groupware Webmail Edition, Kronolith
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2783
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 21 Jun 08
otomigenx
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2782
Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) library_rss.php and (2) rss.php.
Sat, 21 Jun 08
Handshakes
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2781
SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allows remote attackers to execute arbitrary SQL commands via the fname parameter in a members search action.
Sat, 21 Jun 08
Anubis Plugin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2780
The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file.
Sat, 21 Jun 08
CuteFTP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2779
Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via .. (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Sat, 21 Jun 08
RevokeBB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2778
SQL injection vulnerability in inc/class_search.php in the Search System in RevokeBB 1.0 RC11 allows remote attackers to execute arbitrary SQL commands via the search parameter.
Sat, 21 Jun 08
Ortro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2777
Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Sat, 21 Jun 08
DT Centrepiece
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2776
Cross-site scripting (XSS) vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 21 Jun 08
DT Centrepiece
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2775
SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to execute arbitrary SQL commands via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 21 Jun 08
CKGold Shopping Cart
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2774
SQL injection vulnerability in item.php in CartKeeper CKGold Shopping Cart 2.5 and 2.7 allows remote attackers to execute arbitrary SQL commands via the category_id parameter, a different vector than CVE-2007-4736.
Fri, 20 Jun 08
taxonomy_image_module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2773
Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Fri, 20 Jun 08
magic_tabs_module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2772
The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks."
Fri, 20 Jun 08
node_hierarchy_module, Drupal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2771
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.
Fri, 20 Jun 08
mycrocms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2770
SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.
Fri, 20 Jun 08
phpRaider
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2769
PHP remote file inclusion vulnerability in authentication/smf/smf.functions.php in Simple Machines phpRaider 1.0.6 and 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[smf_path] parameter.
Fri, 20 Jun 08
Absolute Poll Manager XE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2768
Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors ("all fields").
Fri, 20 Jun 08
Absolute Poll Manager XE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2767
SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter.
Fri, 20 Jun 08
Absolute Image Gallery XE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2766
Cross-site scripting (XSS) vulnerability in Xigla Absolute Image Gallery XE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) admin/search.asp and (2) gallery.asp.
Fri, 20 Jun 08
Absolute Image Gallery XE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2765
SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.
Fri, 20 Jun 08
Absolute Live Support XE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2764
Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors ("all fields").
Fri, 20 Jun 08
Absolute Live Support XE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2763
SQL injection vulnerability in search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
Fri, 20 Jun 08
absolute_form_processor_xe
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2762
SQL injection vulnerability in search.asp in Xigla Absolute Form Processor XE 4.0 allows remote authenticated administrators s to execute arbitrary SQL commands via the orderby parameter.
Fri, 20 Jun 08
absolute_banner_manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2761
Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in (1) searchbanners.asp and (2) listadvertisers.asp, and other unspecified fields. NOTE: some of these details are obtained from third party information.
Fri, 20 Jun 08
absolute_banner_manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2760
SQL injection vulnerability in searchbanners.asp in Xigla Absolute Banner Manager XE 2.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
Fri, 20 Jun 08
absolute_form_processor_xe
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2759
Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showfields, (2) text, and (3) submissions parameters to search.asp and the (4) name parameter to users.asp. NOTE: some of these details are obtained from third party information.
Fri, 20 Jun 08
absolute_news_manager_xe
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2758
Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parameter to (b) admin/publishers.asp, and other unspecified vectors to (c) anmviewer.asp and (d) editarticleX.asp in admin/. NOTE: some of these details are obtained from third party information.
Fri, 20 Jun 08
absolute_news_manager_xe
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2757
SQL injection vulnerability in search.asp in Xigla Absolute News Manager XE 3.2 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
Fri, 20 Jun 08
absolute_control_panel_xe
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2756
Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla Absolute Control Panel XE 1.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter and other unspecified parameters. NOTE: some of these details are obtained from third party information.
Fri, 20 Jun 08
jamm_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2755
SQL injection vulnerability in index.php in JAMM CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 20 Jun 08
efiction
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2754
SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter.
Fri, 20 Jun 08
CVE-2008-2753 (6.0)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2753
Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) xslIdn parameter to (a) utils/getXsl.aspx, and the (2) part parameter to (b) getXml.aspx and (c) getXls.aspx in utils/.
Thu, 19 Jun 08
Word
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2752
Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
Thu, 19 Jun 08
Java System Application Server, glassfish
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2751
Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass,...
Thu, 19 Jun 08
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2750
The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable.
Thu, 19 Jun 08
Java System Calendar Server, one_calendar_server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2749
Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging (aka service.http.commandlog.all) is enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
Thu, 19 Jun 08
Skulltag
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2748
Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a denial of service (daemon hang) via a series of long, malformed connect packets, related to these packets being "parsed multiple times."
Thu, 19 Jun 08
dynamic_update_client
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2747
No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLMSOFTWAREVitalwerksDUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.
Thu, 19 Jun 08
Flex, flex_builder
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2640
Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/. NOTE: Firefox...
Thu, 19 Jun 08
TorrentTrader Classic
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2428
Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) wantusername parameter to account-signup.php, or the (3) receiver parameter to account-inbox.php in a msg action.
Thu, 19 Jun 08
Intrusion Prevention System
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2060
Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a "specific series of jumbo Ethernet frames."
Thu, 19 Jun 08
eDirectory
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0925
Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack."
Wed, 18 Jun 08
gllcts2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2746
SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the detail parameter.
Wed, 18 Jun 08
annotation_software
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2745
Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in Black Ice Software Annotation Plugin 10.95 allows remote attackers to execute arbitrary code via a long parameter to the AnnoSaveToTiff method.
Wed, 18 Jun 08
vbulletin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2744
Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors and an "obscure method." NOTE: the vector is probably in the redirect parameter to the Admin Control Panel (admincp/index.php).
Wed, 18 Jun 08
xerox_4110, xerox_4590, xerox_4595
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2743
Cross-site scripting (XSS) vulnerability in the embedded web server in Xerox 4110, 4590, and 4595 Copier/Printers allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
Wed, 18 Jun 08
Achievo
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2742
Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
Wed, 18 Jun 08
Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2724
Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions.
Wed, 18 Jun 08
Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2723
embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address."
Wed, 18 Jun 08
Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2722
Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive.
Wed, 18 Jun 08
Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2721
Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album.
Wed, 18 Jun 08
Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2720
Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) host and (2) path components of a URL.
Wed, 18 Jun 08
netwide_assembler, NASM
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2719
Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.
Wed, 18 Jun 08
TYPO3
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2718
Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Wed, 18 Jun 08
TYPO3, apache webserver
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2717
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
Wed, 18 Jun 08
Opera
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2716
Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks.
Wed, 18 Jun 08
Opera
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2715
Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns.
Wed, 18 Jun 08
Opera
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2714
Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced."
Wed, 18 Jun 08
ClamAV
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2713
libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.
Wed, 18 Jun 08
vim
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2712
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (2) zipplugin, (3) xpm.vim, (4) gzip_vim, and (5) netrw.
Wed, 18 Jun 08
Fetchmail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2711
fetchmail 6.3.8 and earlier, when running in -v -v mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which is not properly handled when using vsnprintf to format log messages.
Wed, 18 Jun 08
Solaris, opensolaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2710
Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed compa...
Wed, 18 Jun 08
OS_400
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2709
Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios.
Wed, 18 Jun 08
Solaris, opensolaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2708
Unspecified vulnerability in the Sun (1) UltraSPARC T2 and (2) UltraSPARC T2+ kernel modules in Sun Solaris 10, and OpenSolaris before snv_93, allows local users to cause a denial of service (panic) via unspecified vectors, probably related to core files.
Wed, 18 Jun 08
x11
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2362
Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.
Wed, 18 Jun 08
x11
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2361
Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.
Wed, 18 Jun 08
x11
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2360
Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow.
Wed, 18 Jun 08
FreeType
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1808
Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.
Wed, 18 Jun 08
FreeType
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1807
FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.
Wed, 18 Jun 08
FreeType
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1806
Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.
Wed, 18 Jun 08
x11
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1379
Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height.
Wed, 18 Jun 08
x11
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1377
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
Wed, 18 Jun 08
network_interface_controller
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2707
Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors.
Wed, 18 Jun 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2706
Unspecified vulnerability in the event port implementation in Sun Solaris 10 allows local users to cause a denial of service (panic) by submitting and retrieving user-defined events, probably related to a NULL dereference.
Wed, 18 Jun 08
Java System Access Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2705
Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors.
Wed, 18 Jun 08
citectscada, citectfacilities
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2639
Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222.
Wed, 18 Jun 08
OpenOffice
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2366
Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path.
Wed, 18 Jun 08
BitTorrent, uTorrent
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0071
The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header.
Tue, 17 Jun 08
GroupWise Messenger
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2704
Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID. NOTE: it is not clear whether this issue crosses privilege boundaries.
Tue, 17 Jun 08
GroupWise Messenger
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2703
Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses."
Tue, 17 Jun 08
alftp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2702
Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Tue, 17 Jun 08
com_gameq
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2701
SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php.
Tue, 17 Jun 08
galatolo_webmanager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2700
SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Tue, 17 Jun 08
galatolo_webmanager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2699
Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php.
Tue, 17 Jun 08
webalbum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2698
Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php (aka the "add comment" section) in WEBalbum 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) id, or (3) category parameter.
Tue, 17 Jun 08
com_rapidrecipe, rapid_recipe
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2697
SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php.
Tue, 17 Jun 08
exiv2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2696
Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to "pretty printing" and the RationalValue::toLong function.
Tue, 17 Jun 08
phpinv
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2695
Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
Tue, 17 Jun 08
phpinv
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2694
Cross-site scripting (XSS) vulnerability in search.php in phpInv 0.8.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
Tue, 17 Jun 08
barcode_sdk
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2693
Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control in BITiff.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via a long first argument to the SetByteOrder method.
Tue, 17 Jun 08
com_yvcomment
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2692
SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php.
Tue, 17 Jun 08
faq_manager_experience
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2691
SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter.
Tue, 17 Jun 08
BrowserCRM
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2690
Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter to (1) kb.php, (2) login.php, (3) index.php, (4) contact_view.php, and (5) contact.php in pub/, different vectors than CVE-2008-????. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 17 Jun 08
BrowserCRM
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2689
PHP remote file inclusion vulnerability in pub/clients.php in BrowserCRM 5.002.00 allows remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter.
Tue, 17 Jun 08
pilot_cart
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2688
SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the article parameter in a kb action.
Tue, 17 Jun 08
ProManager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2687
Directory traversal vulnerability in inc/config.php in ProManager 0.73 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
Tue, 17 Jun 08
flux_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2686
webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows remote attackers to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request for this filename.
Tue, 17 Jun 08
motion
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2654
Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and compiler.
Tue, 17 Jun 08
Apache HTTP Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
Fri, 13 Jun 08
BattleBlog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2685
SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626.
Fri, 13 Jun 08
black_ice_barcode_sdk
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2684
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via long strings in the two arguments to the DownloadImageFileURL method, which trigger memory corruption. NOTE: some of these details are obtained from third party information.
Fri, 13 Jun 08
barcode_sdk
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2683
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information.
Fri, 13 Jun 08
realm_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2682
_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.
Fri, 13 Jun 08
realm_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2681
Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to _db/compact.asp, which reveals the database path in an error message.
Fri, 13 Jun 08
realm_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2680
Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp in Realm CMS 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) CmpctedDB and (2) Boyut parameters.
Fri, 13 Jun 08
realm_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2679
SQL injection vulnerability in the KeyWordsList function in _includes/inc_routines.asp in Realm CMS 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI.
Fri, 13 Jun 08
Telephone Directory 2008
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2678
Multiple SQL injection vulnerabilities in Telephone Directory 2008, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) code parameter in a confirm_data action to edit1.php and the (2) id parameter to view_more.php.
Fri, 13 Jun 08
Telephone Directory 2008
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2677
Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Directory 2008 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
Fri, 13 Jun 08
Joomla, com_news_portal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2676
SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
Fri, 13 Jun 08
PHP Image Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2675
Cross-site scripting (XSS) vulnerability in index.php in PHP Image Gallery allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 13 Jun 08
CVE-2008-2674 (Interstage Application Server Enterprise, Interstage Application Server Plus, Int...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2674
Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors.
Fri, 13 Jun 08
pnews
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2673
SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
Fri, 13 Jun 08
erfurtWiki
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2672
Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and earlier, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) ewiki_id and (2) ewiki_action parameters to fragments/css.php, and possibly the (3) id parameter to the default URI. NOTE: the default URI is site-specific but often performs an include_once of ewiki.php.
Fri, 13 Jun 08
dcfm_blog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2671
SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 13 Jun 08
isblog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2670
Multiple SQL injection vulnerabilities in index.php in Insanely Simple Blog 0.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter, or (2) the term parameter in a search action. NOTE: the current_subsection parameter is already covered by CVE-2007-3889.
Fri, 13 Jun 08
yblog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2669
Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php.
Fri, 13 Jun 08
yblog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2668
Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php.
Fri, 13 Jun 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1453
The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets.
Fri, 13 Jun 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1451
The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
Fri, 13 Jun 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1445
Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
Fri, 13 Jun 08
DirectX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1444
Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
Fri, 13 Jun 08
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1442
Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability."
Fri, 13 Jun 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1441
Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
Fri, 13 Jun 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1440
Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
Fri, 13 Jun 08
backweb, desktop_manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0956
Multiple stack-based buffer overflows in the BackWeb Lite Install Runner ActiveX control in the BackWeb Web Package ActiveX object in LiteInstActivator.dll in BackWeb before 8.1.1.87, as used in Logitech Desktop Manager (LDM) before 2.56, allow remote attackers to execute arbitrary code via unspecified vectors.
Fri, 13 Jun 08
DirectX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0011
Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
Thu, 12 Jun 08
reportbug, reportbug-ng
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2230
Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and (2) reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory.
Thu, 12 Jun 08
smeweb
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2652
Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters.
Thu, 12 Jun 08
com_joobb
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2651
SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the forum parameter in a forum action to index.php.
Thu, 12 Jun 08
CMSimple
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2650
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
Thu, 12 Jun 08
DesktopOnNet
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2649
Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 Beta allow remote attackers to execute arbitrary PHP code via a URL in the app_path parameter to (1) don3_requiem.don3app/don3_requiem.php and (2) frontpage.don3app/frontpage.php.
Thu, 12 Jun 08
mebiblio
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2648
Unrestricted file upload vulnerability in upload/uploader.html in meBiblio 0.4.7 allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the files/ directory.
Thu, 12 Jun 08
mebiblio
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2647
SQL injection vulnerability in admin/journal_change_mask.inc.php in meBiblio 0.4.7 allows remote attackers to execute arbitrary SQL commands via the JID parameter.
Thu, 12 Jun 08
mebiblio
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2646
Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sql parameter to dbadd.inc.php, (2) InsertJournal parameter to add_journal_mask.inc.php, (3) InsertBibliography parameter to insert_mask.inc.php, and (4) LabelYear parameter to search_mask.inc.php.
Thu, 12 Jun 08
brim
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2645
Multiple PHP remote file inclusion vulnerabilities in Brim (formerly Booby) 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in (1) barrel/, (2) barry/, (3) mylook/, (4) oerdec/, (5) penguin/, (6) sidebar/, (7) slashdot/, and (8) text-only/ in templates/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.
Thu, 12 Jun 08
smeweb
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2644
Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the (1) data parameter to catalog.php, the (2) keyword parameter to search.php, the (3) page parameter to bb.php, and the (4) new_s parameter to order.php.
Thu, 12 Jun 08
com_biblestudy
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2643
SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.
Thu, 12 Jun 08
otomigenx
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2642
SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remote attackers to execute arbitrary SQL commands via the userAccount parameter (aka the User Name field) to index.php. NOTE: some of these details are obtained from third party information.
Thu, 12 Jun 08
CVE-2008-2152 (OpenOffice.org)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2152
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow.
Thu, 12 Jun 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1585
Apple QuickTime before 7.5 allows remote attackers to execute arbitrary programs via crafted file: URLs.
Thu, 12 Jun 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1584
Stack-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted Indeo video codec content in a movie file.
Thu, 12 Jun 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1583
Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581.
Thu, 12 Jun 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1582
Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption.
Thu, 12 Jun 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1581
Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image.
Wed, 11 Jun 08
CVE-2008-0960
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0960
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; and (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a l...
Wed, 11 Jun 08
1-book
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2638
Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.
Wed, 11 Jun 08
firepass_ssl_vpn
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2637
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in webyfiers.php and (2) the sql_matchscope parameter in index.php.
Wed, 11 Jun 08
linksys_wrh54g_router
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2636
The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page" sequence, and ends with a ".asp" sequence.
Wed, 11 Jun 08
bitkinex
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2635
Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a .. (dot dot) in (1) a response to a LIST command from the BitKinex FTP client and (2) a response to a PROPFIND command from the BitKinex WebDAV client. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Wed, 11 Jun 08
i-pos_internet_pay_online_store
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2634
SQL injection vulnerability in index.asp in I-Pos Internet Pay Online Store 1.3 Beta and earlier allows remote attackers to execute arbitrary SQL commands via the item parameter.
Wed, 11 Jun 08
Joomla, com_joomradio
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2633
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.
Wed, 11 Jun 08
Joomla, com_acctexp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2632
SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php.
Wed, 11 Jun 08
MDaemon
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2631
The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 11 Jun 08
com_jb2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2630
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php.
Wed, 11 Jun 08
LifeType, pblog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2629
SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.
Wed, 11 Jun 08
Joomla, com_equotes
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2628
SQL injection vulnerability in the eQuotes (com_equotes) component 0.9.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
Wed, 11 Jun 08
com_idoblog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2627
SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 and earlier and 1.0, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the userid parameter in a userblog action to index.php.
Wed, 11 Jun 08
BattleBlog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2626
SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter.
Wed, 11 Jun 08
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2358
The Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and probably other versions, does not properly check feature lengths, which might allow remote attackers to execute arbitrary code, related to an unspecified "overflow."
Wed, 11 Jun 08
Kernel, Debian Linux
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1673
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one erro...
Tue, 10 Jun 08
client
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1106
The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files.
Tue, 10 Jun 08
cbrpager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2575
cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.
Tue, 10 Jun 08
flashblog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2574
Unrestricted file upload vulnerability in admin/Editor/imgupload.php in FlashBlog 0.31 beta allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in tus_imagenes/.
Tue, 10 Jun 08
Skype
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2545
Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case.
Tue, 10 Jun 08
opensuse
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2389
opensuse-updater in openSUSE 10.2 allows local users to access arbitrary files via a symlink attack.
Tue, 10 Jun 08
opensuse
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2388
Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have unspecified impact and attack vectors. NOTE: the vendor states that these "can be considered no security problem."
Tue, 10 Jun 08
Skype
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1805
Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist.
Tue, 10 Jun 08
freeSSHd
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2573
Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command.
Tue, 10 Jun 08
flashblog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2572
SQL injection vulnerability in php/leer_comentarios.php in FlashBlog allows remote attackers to execute arbitrary SQL commands via the articulo_id parameter.
Tue, 10 Jun 08
LimeSurvey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2571
Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerly PHPSurveyor) before 1.71 allows remote attackers to change arbitrary quotas as administrators via a "modify quota" action.
Tue, 10 Jun 08
LimeSurvey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2570
Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) before 1.71 have unknown impact and attack vectors.
Tue, 10 Jun 08
easybook_component
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2569
SQL injection vulnerability in the EasyBook (com_easybook) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a deleteentry action to index.php.
Tue, 10 Jun 08
Joomla, com_simpleshop
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2568
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.
Tue, 10 Jun 08
Sleipnir, Portable Sleipnir, Grani
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2567
Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 Release2 and earlier, Portable Sleipnir 2.7.1 Release2 and earlier, and Grani 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a history mechanism and favorites search, a different vulnerability than CVE-2007-6002.
Tue, 10 Jun 08
php-address_book
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2566
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.
Tue, 10 Jun 08
php-address_book
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2565
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php.
Tue, 10 Jun 08
Joomla, com_jotloader
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2564
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
Tue, 10 Jun 08
samtodo
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2563
Multiple cross-site scripting (XSS) vulnerabilities in (1) dsp_main.php and (2) dsp_task_editor.php in SamTodo 1.1 allow remote attackers to inject arbitrary web script or HTML via the (a) tid parameter in a main.taskeditor edit action, and the (b) completed parameter in a main.default action, to index.php.
Tue, 10 Jun 08
PowerPhlogger
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2562
SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action.
Tue, 10 Jun 08
427BB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2561
Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to (a) register.php, (b) reminder.php, and (c) search.php; the (2) uname, (3) email, and (4) email2 parameters to register.php; the (5) email parameter to reminder.php; and the (6) keywords parameter to search.php.
Tue, 10 Jun 08
427BB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2560
SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter.
Sat, 7 Jun 08
Borland Interbase
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2559
Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows remote attackers to execute arbitrary code via a malformed packet to TCP port 3050, which triggers a stack-based buffer overflow. NOTE: this issue might be related to CVE-2008-0467.
Sat, 7 Jun 08
CRE Loaded
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2558
CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP.
Sat, 7 Jun 08
CRE Loaded
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2557
Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) Links and (2) Links Submit pages.
Sat, 7 Jun 08
php_visit_counter
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2556
SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the datespan parameter in a read action.
Sat, 7 Jun 08
EasyWay
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2555
SQL injection vulnerability in index.php in EasyWay CMS allows remote attackers to execute arbitrary SQL commands via the mid parameter.
Sat, 7 Jun 08
BP Blog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2554
Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp.
Sat, 7 Jun 08
Slash
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2553
Cross-site scripting (XSS) vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter.
Sat, 7 Jun 08
Service Tag
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2552
Unspecified vulnerability in the Service Tag Registry on Sun Solaris 10, and Sun Service Tag before 1.1.3, allows local users to cause a denial of service (disk consumption) via unspecified vectors.
Sat, 7 Jun 08
Asterisk-Addons
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2543
The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets.
Sat, 7 Jun 08
BigView
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2542
Stack-based buffer overflow in the getline function in Ppm/ppm.C in NASA Ames Research Center BigView 1.8 allows user-assisted remote attackers to execute arbitrary code via a crafted PNM file.
Sat, 7 Jun 08
Slash
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2231
SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter.
Sat, 7 Jun 08
VMWare Workstation, Player, ACE, VMware Server, Fusion, esxi, ESX Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2100
Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
Sat, 7 Jun 08
esxi, ESX Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2097
The openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via unspecified vectors related to "invalid Content-Length."
Sat, 7 Jun 08
Kaspersky Anti-Virus, Kaspersky Internet Security
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1518
Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call.
Sat, 7 Jun 08
VMWare Workstation, Player, VMware Server, esxi, ESX Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0967
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via an unspecified option in a configuration file.
Sat, 7 Jun 08
VMWare Workstation, VMWare Player, ACE, VMware Server, ESX Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5671
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the .hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.
Fri, 6 Jun 08
instant_messenger
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2551
The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to "run."
Fri, 6 Jun 08
Adaptive Security Appliance, pix_security_appliance
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2059
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows remote attackers to bypass control-plane ACLs for the device via unknown vectors.
Fri, 6 Jun 08
Adaptive Security Appliance, pix_security_appliance
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2058
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(3)2 and 8.0.x before 8.0(2)17 allows remote attackers to cause a denial of service (device reload) via a port scan against TCP port 443 on the device.
Fri, 6 Jun 08
Adaptive Security Appliance, pix_security_appliance
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2057
The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a crafted packet.
Fri, 6 Jun 08
Adaptive Security Appliance, pix_security_appliance
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2056
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a crafted Transport Layer Security (TLS) packet to the device interface.
Fri, 6 Jun 08
Adaptive Security Appliance, pix_security_appliance
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2055
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70 and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface.
Fri, 6 Jun 08
Download Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1770
Unspecified vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via unknown vectors.
Fri, 6 Jun 08
WebSphere Application Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2550
Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP security header.
Fri, 6 Jun 08
etrust_secure_content_manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2541
Multiple stack-based buffer overflows in the HTTP Gateway Service in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via crafted FTP requests, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command.
Fri, 6 Jun 08
Java ASP Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2406
The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102.
Fri, 6 Jun 08
java_active_server_pages
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2405
Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications.
Fri, 6 Jun 08
Java ASP Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2404
Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field.
Fri, 6 Jun 08
Java ASP Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2403
Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the Path parameter to the MapPath method.
Fri, 6 Jun 08
Java ASP Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2402
The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents.
Fri, 6 Jun 08
java_active_server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2401
The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications.
Fri, 6 Jun 08
Evolution
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1109
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
Fri, 6 Jun 08
Evolution
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1108
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.
Fri, 6 Jun 08
Instant Support
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0953
Unspecified vulnerability in a certain ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 has unknown impact and remote attack vectors, a different vulnerability than CVE-2007-5608 and CVE-2008-0952.
Fri, 6 Jun 08
Instant Support
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0952
Unspecified vulnerability in a certain ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 has unknown impact and remote attack vectors, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.
Fri, 6 Jun 08
Instant Support
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5610
Unspecified vulnerability in a certain ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to cause a denial of service via unknown vectors.
Fri, 6 Jun 08
Instant Support
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5608
Unspecified vulnerability in a certain ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-0952 and CVE-2008-0953.
Fri, 6 Jun 08
Instant Support
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5607
Unspecified vulnerability in a certain ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5606.
Fri, 6 Jun 08
Instant Support
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5606
Unspecified vulnerability in a certain ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5607.
Fri, 6 Jun 08
Instant Support
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5605
Unspecified vulnerability in a certain ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5604, CVE-2007-5606, and CVE-2007-5607.
Fri, 6 Jun 08
Instant Support
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5604
Unspecified vulnerability in a certain ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5605, CVE-2007-5606, and CVE-2007-5607.
Fri, 6 Jun 08
Acrobat Reader
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2549
Adobe Acrobat Reader 8.1.2 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.
Fri, 6 Jun 08
razr
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2548
Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote attackers to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers memory corruption.
Fri, 6 Jun 08
windows_installer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2547
Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control.
Fri, 6 Jun 08
Open Source, Asterisk Business Edition
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2119
Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchec