Software Vulnerability
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Archives
| Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |Sat, 30 Aug 08
thickbox_gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3859
Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php.
Sat, 30 Aug 08
DB2 Universal Database
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3858
The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT data stream that simulates a V7 client connect request.
Sat, 30 Aug 08
DB2 Universal Database
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3857
The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump.
Sat, 30 Aug 08
DB2 Universal Database
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3856
The routine infrastructure component in IBM DB2 9.1 before Fixpak 5 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors.
Sat, 30 Aug 08
DB2 Universal Database
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3855
Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664.
Sat, 30 Aug 08
DB2 Universal Database
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3854
Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function.
Sat, 30 Aug 08
DB2 Universal Database
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3853
Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this might be related to CVE-2008-0698.
Sat, 30 Aug 08
DB2 Universal Database
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3852
Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 has unknown impact and attack vectors.
Fri, 29 Aug 08
Pluck
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3851
Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an in...
Fri, 29 Aug 08
file_transfer_fta
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3850
Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.
Fri, 29 Aug 08
civic-cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3849
Cross-site scripting (XSS) vulnerability in the calendar controller in Civic Website Manager before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving (1) month, (2) day, and (3) year fields.
Fri, 29 Aug 08
z-breaknews
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3848
SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 29 Aug 08
an_guestbook
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3847
Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook (ANG) before 0.7.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Fri, 29 Aug 08
mysql-lists
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3846
Cross-site scripting (XSS) vulnerability in mysql-lists 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Fri, 29 Aug 08
crafty_syntax_live_help
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3845
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.
Fri, 29 Aug 08
OpenSSH
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3844
Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as distributed in August 2008 by servers outside Red Hat but signed with a Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: the scope of this vulnerability is restricted to users who may have obtained packages through unofficial distribution points.
Fri, 29 Aug 08
CVE-2008-3843 (.net_framework)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3843
Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element.
Fri, 29 Aug 08
CVE-2008-3842 (.net_framework)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3842
Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "
Fri, 29 Aug 08
Freeway
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3841
Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway eCommerce 1.4.1.171 allows remote attackers to inject arbitrary web script or HTML via the search_link parameter.
Fri, 29 Aug 08
crafty_syntax_live_help
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3840
Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
Fri, 29 Aug 08
Solaris, opensolaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3839
Unspecified vulnerability in the NFS module in the kernel in Sun Solaris 10 and OpenSolaris snv_59 through snv_87, when configured as an NFS server without the nodevices option, allows local users to cause a denial of service (panic) via unspecified vectors.
Fri, 29 Aug 08
Solaris, opensolaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3838
Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global zones, possibly leading to file modifications or a denial of service.
Fri, 29 Aug 08
Ruby
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3790
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."
Fri, 29 Aug 08
Samba
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3789
Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.
Fri, 29 Aug 08
la_cooda_wiz, lacoodast
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3739
Cross-site scripting (XSS) vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences.
Fri, 29 Aug 08
lacoodast
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3738
Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
Fri, 29 Aug 08
la_cooda_wiz, lacoodast
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3737
Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to execute arbitrary PHP scripts, and delete files, read files, and possibly have unknown other impact.
Fri, 29 Aug 08
la_cooda_wiz, lacoodast
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3736
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to (a) change passwords or (b) change configurations as arbitrary users via unspecified vectors.
Fri, 29 Aug 08
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3526
Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option.
Fri, 29 Aug 08
Libxml2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3281
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
Thu, 28 Aug 08
OfficeScan, worry_free_business_security, client_server_messaging_suite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2433
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration."
Thu, 28 Aug 08
libTIFF
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2327
Multiple buffer underflows in the (1) LZWDecode and (2) LZWDecodeCompat functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file. NOTE: some of these details are obtained from third party information.
Thu, 28 Aug 08
xfile
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1682
Multiple stack-based buffer overflows in the FileManager ActiveX control in SAFmgPws.dll in SoftArtisans XFile before 2.4.0 allow remote attackers to execute arbitrary code via unspecified calls to the (1) BuildPath, (2) GetDriveName, (3) DriveExists, or (4) DeleteFile method.
Thu, 28 Aug 08
swfdec
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3796
Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial of service (application crash) via a 1x1 JPEG image.
Thu, 28 Aug 08
ws_ftp_home
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3795
Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response."
Thu, 28 Aug 08
WordPress
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3747
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.
Thu, 28 Aug 08
neon
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3746
neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication and Digest domain parameter support.
Thu, 28 Aug 08
upload_module, Drupal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3745
The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.
Thu, 28 Aug 08
Drupal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3744
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to (1) add or (2) delete user access rules as administrators via an unspecified URL.
Thu, 28 Aug 08
Drupal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3743
Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements.
Thu, 28 Aug 08
Drupal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3742
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.
Thu, 28 Aug 08
Drupal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3741
The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML.
Thu, 28 Aug 08
Drupal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3740
Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Wed, 27 Aug 08
VLC Media Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3794
Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a stack-based buffer overflow.
Wed, 27 Aug 08
PicturesPro Photo Cart
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3788
Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php.
Wed, 27 Aug 08
web_directory_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3787
SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
Wed, 27 Aug 08
PicturesPro Photo Cart
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3786
Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action.
Wed, 27 Aug 08
miacms, com_component
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3785
Multiple SQL injection vulnerabilities in the com_content component in MiaCMS 4.6.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) view, (2) category, or (3) blogsection action to index.php.
Wed, 27 Aug 08
btitracker, xbtitracker
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3784
SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earlier and xBtiTracker 2.0.542 and earlier allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.
Wed, 27 Aug 08
matterdaddy_market
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3783
Multiple SQL injection vulnerabilities in index.php in Matterdaddy Market 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters.
Wed, 27 Aug 08
acg_ptp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3782
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in ACG-PTP 1.0.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Category name field under Advertisement Packages, the (2) Reason field under Credit/Debit Users, and the (3) FAQ question and (4) FAQ answer fields under Add New FAQ Entry.
Wed, 27 Aug 08
gbrowse
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3781
Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Wed, 27 Aug 08
five_star_review_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3780
SQL injection vulnerability in recommend.php in Five Star Review Script allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
Wed, 27 Aug 08
five_star_review_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3779
Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action.
Wed, 27 Aug 08
SIP Enablement Services, Communication Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3778
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.
Wed, 27 Aug 08
SIP Enablement Services, Communication Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3777
The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.
Wed, 27 Aug 08
web_based_admin_view
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3776
Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
Tue, 26 Aug 08
folder_lock
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3775
Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the password, which allows local administrators to obtain sensitive information by reading and decrypting the QualityControl\_pack registry value.
Tue, 26 Aug 08
simasy_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3774
SQL injection vulnerability in index.php in Simasy CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 26 Aug 08
vbulletin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3773
Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]).
Tue, 26 Aug 08
videosharing
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3772
SQL injection vulnerability in categories_portal.php in Pars4u Videosharing 1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
Tue, 26 Aug 08
videosharing
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3771
Cross-site scripting (XSS) vulnerability in members.php in Pars4u Videosharing 1 allows remote attackers to inject arbitrary web script or HTML via the PageNo parameter.
Tue, 26 Aug 08
Freeway
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3770
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/account.php, and (4) french/account_newsletters.php in includes/languages/; (5) includes/modules/faqdesk/faqdesk_article_require.php; (6) includes/modules/newsdesk/newsdesk_article_require.php; (7) card1...
Tue, 26 Aug 08
Freeway
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3769
PHP remote file inclusion vulnerability in admin/create_order_new.php in Freeway 1.4.1.171, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the include_page parameter.
Tue, 26 Aug 08
sunshop_shopping_cart
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3768
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors.
Tue, 26 Aug 08
phpBazar
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3767
SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
Tue, 26 Aug 08
low_latency_internet_connection_tool
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3766
Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon) before 2.1.2 allows remote attackers to cause a denial of service (application crash) via malformed protocol messages.
Fri, 22 Aug 08
quick_poll_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3765
SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 22 Aug 08
php_live_helper
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3764
Eval injection vulnerability in chat.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters.
Fri, 22 Aug 08
php_live_helper
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3763
Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file.
Fri, 22 Aug 08
php_live_helper
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3762
SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.
Fri, 22 Aug 08
VMWare Workstation
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3761
hcmon.sys in VMware Workstation 6.0.0.45731 uses the METHOD_NEITHER communication method for IOCTLs, which has an unknown impact (possibly crash) and local attack vectors via a crafted IOCTL request.
Fri, 22 Aug 08
Vanilla
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3760
Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to trigger the logout of other users via a link or IMG tag to the SignOutNow action in people.php.
Fri, 22 Aug 08
Vanilla
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3759
Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors.
Fri, 22 Aug 08
Vanilla
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3758
Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. NOTE: some of these details are obtained from third party information.
Fri, 22 Aug 08
forced_matrix_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3757
SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 22 Aug 08
viral_marketing_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3756
SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 22 Aug 08
classifieds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3755
SQL injection vulnerability in view.php in YourFreeWorld Classifieds Script allows remote attackers to execute arbitrary SQL commands via the category parameter.
Fri, 22 Aug 08
Stylish Text Ads Script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3754
SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 22 Aug 08
programs_rating_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3753
SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 22 Aug 08
ad-exchange_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3752
SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 22 Aug 08
Short Url and Url Tracker Script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3751
SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 22 Aug 08
url_rotator_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3750
SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 22 Aug 08
banner_management_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3749
SQL injection vulnerability in tr.php in Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 22 Aug 08
active_php_bookmarks, apb
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3748
SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 22 Aug 08
phpizabi
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3735
Cross-site scripting (XSS) vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action.
Fri, 22 Aug 08
ws_ftp_home, WS_FTP Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3734
Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response).
Fri, 22 Aug 08
eo-video
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3733
Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .eop (aka playlist) file with a ProjectElement element that contains a long Name element.
Fri, 22 Aug 08
VLC Media Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3732
Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Fri, 22 Aug 08
serv-u_file_server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3731
Unspecified vulnerability in Serv-U File Server 7.x before 7.2.0.1 allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging.
Fri, 22 Aug 08
NOAH, nordicwind_document_management_system
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3730
Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Fri, 22 Aug 08
mailscan
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3729
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie.
Fri, 22 Aug 08
mailscan
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3728
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests to files under LOG/.
Fri, 22 Aug 08
mailscan
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3727
Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
Fri, 22 Aug 08
mailscan
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3726
Cross-site scripting (XSS) vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI.
Fri, 22 Aug 08
ad_board_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3725
SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 22 Aug 08
Papoo
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3724
SQL injection vulnerability in index.php in Papoo before 3.7.2 allows remote attackers to execute arbitrary SQL commands via the suchanzahl parameter.
Fri, 22 Aug 08
phpizabi
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3723
Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE: some of these details are obtained from third party information.
Fri, 22 Aug 08
fipsCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3722
SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the kat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 22 Aug 08
DMCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3721
PHP remote file inclusion vulnerability in user_language.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter.
Fri, 22 Aug 08
DMCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3720
SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679.
Fri, 22 Aug 08
affiliate_directory
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3719
SQL injection vulnerability in directory.php in SFS Affiliate Directory allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action.
Fri, 22 Aug 08
cyberbb
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3718
Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter to show_topic.php and the (2) user parameter to profile.php.
Thu, 21 Aug 08
harmoni
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3717
Harmoni before 1.6.0 does not require administrative privileges to list (1) user names or (2) asset ids, which allows remote attackers to obtain sensitive information.
Thu, 21 Aug 08
harmoni
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3716
Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component.
Thu, 21 Aug 08
flexcms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3715
Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter.
Thu, 21 Aug 08
AWStats
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3714
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.
Thu, 21 Aug 08
phpbasket
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3713
SQL injection vulnerability in product.php in PHPBasket allows remote attackers to execute arbitrary SQL commands via the pro_id parameter.
Thu, 21 Aug 08
Mambo
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3712
Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php.
Thu, 21 Aug 08
phpArcadeScript
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3711
SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a browse action.
Thu, 21 Aug 08
cyboards_php_lite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3710
Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) script_path parameter to (a) options.php and the (2) lang_code parameter to (b) copy_vip.php and (c) process_edit_board.php in adminopts/. NOTE: some of these vectors might not be vulnerabilities under proper installation.
Thu, 21 Aug 08
cyboards_php_lite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3709
Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the (1) lOptionsOptions, (2) lNavAdminOptions, or (3) lNavReturn parameter to options.php; or the (4) lNavReturn parameter to subscribe.php.
Thu, 21 Aug 08
dotcms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3708
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot.
Thu, 21 Aug 08
cyboards_php_lite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3707
Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the script_path parameter to (1) flat_read.php, (2) post.php, (3) process_post.php, (4) process_search.php, (5) forum.php, (6) process_subscribe.php, (7) read.php, (8) search.php, (9) subscribe.php in path/; and (10) add_ban.php, (11) add_ban_form.php, (12) add_board.php, (13) add_vip.php, (14) add_vip_form.php, (15) copy_ban.php, (16) copy_vip.php, (1...
Thu, 21 Aug 08
zeejobsite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3706
SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
Thu, 21 Aug 08
echovnc
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3705
Stack-based buffer overflow in the CLogger::WriteFormated function in echoware/Logger.cpp in EchoVNC Linux before 1.1.2 allows remote echoServers to execute arbitrary code via a large (1) group or (2) user list, aka a "very crowded echoServer" attack. NOTE: some of these details are obtained from third party information.
Wed, 20 Aug 08
Visual Studio
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3704
Stack-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0 allows remote attackers to execute arbitrary code via a long Mask parameter, as exploited in the wild in August 2008. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 20 Aug 08
postfix
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2937
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
Wed, 20 Aug 08
postfix
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2936
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.
Wed, 20 Aug 08
Veritas Storage Foundation
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3703
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.
Wed, 20 Aug 08
yelp, gnome
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3533
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.
Wed, 20 Aug 08
party_poker_client
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3324
The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update.
Wed, 20 Aug 08
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3276
Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field.
Wed, 20 Aug 08
enterprise_linux
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3270
yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of official Red Hat packages that were not requested.
Wed, 20 Aug 08
openwsman
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2234
Multiple buffer overflows in Openwsman 1.2.0 and 2.0.0 allow remote attackers to execute arbitrary code via a crafted "Authorization: Basic" HTTP header.
Tue, 19 Aug 08
openwsman
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2233
The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors.
Tue, 19 Aug 08
anigif, download_accelerator_plus
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3702
Multiple stack-based buffer overflows in the Animation GIF ActiveX control in JComSoft AniGIF.ocx 1.12 and 2.47, as used in products such as SpeedBit Download Accelerator Plus (DAP) 8.6, allow remote attackers to execute arbitrary code via a long argument to the (1) ReadGIF or (2) ReadGIF2 method.
Tue, 19 Aug 08
SupportSuite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3701
SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action.
Tue, 19 Aug 08
SupportSuite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3700
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.
Sat, 16 Aug 08
PHP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3660
PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.
Sat, 16 Aug 08
PHP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3659
Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.
Sat, 16 Aug 08
PHP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3658
Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Sat, 16 Aug 08
Amarok
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3699
The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.
Sat, 16 Aug 08
Ruby
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3443
The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
Sat, 16 Aug 08
http_antivirus_proxy, havp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3688
sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable.
Sat, 16 Aug 08
Xen, xen_flask_module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3687
Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall.
Sat, 16 Aug 08
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3686
The rt6_fill_node function in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference.
Sat, 16 Aug 08
Java System Web Proxy Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3683
Unspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service (failure to accept connections) via unknown vectors, probably related to exhaustion of file descriptors.
Sat, 16 Aug 08
Linux Imaging and Printing Project
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2941
The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207.
Sat, 16 Aug 08
Linux Imaging and Printing Project
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2940
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.
Sat, 16 Aug 08
Network Satellite Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2369
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.
Sat, 16 Aug 08
php_realty
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3682
SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter.
Sat, 16 Aug 08
com_user
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3681
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly restrict access, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
Sat, 16 Aug 08
Ventrilo
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3680
The decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet to TCP port 3784.
Sat, 16 Aug 08
PhpLinkExchange
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3679
Multiple cross-site scripting (XSS) vulnerabilities in index.php in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a (1) user_add, (2) recip, (3) tellafriend, or (4) contact action, or (5) in a request without an action; or (6) the id parameter in a tellafriend action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 16 Aug 08
freeway
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3678
Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway before 1.4.2.197 allows remote attackers to inject arbitrary web script or HTML via the URL.
Sat, 16 Aug 08
Freeway
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3677
Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors.
Sat, 16 Aug 08
hMailServer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3676
Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands.
Sat, 16 Aug 08
gelatocms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3675
Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) full pathname in the img parameter. NOTE: some of these details are obtained from third party information.
Fri, 15 Aug 08
Hawk, Runtime Agent, iprocess_engine, mainframe_service_tracker
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3338
Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message.
Fri, 15 Aug 08
tubeguru_video_sharing_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3674
SQL injection vulnerability in ugroups.php in PozScripts TubeGuru Video Sharing Script allows remote attackers to execute arbitrary SQL commands via the UID parameter.
Fri, 15 Aug 08
classified_ads
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3673
SQL injection vulnerability in browsecats.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-????.
Fri, 15 Aug 08
classified_ads
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3672
SQL injection vulnerability in showcategory.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-????. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 15 Aug 08
true_image_echo_server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3671
Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 15 Aug 08
article_friendly
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3670
SQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter.
Fri, 15 Aug 08
zeereviews
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3669
SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
Fri, 15 Aug 08
yogurt_social_network_module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3668
Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap.
Fri, 15 Aug 08
maxthon_browser
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3667
Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows remote attackers to execute arbitrary code via a long Content-type HTTP header.
Fri, 15 Aug 08
HP-UX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1668
Unspecified vulnerability in ftpd (aka wu-ftpd 2.4.x) in HP-UX B.11.11 allows remote attackers to gain privileges via unknown vectors.
Fri, 15 Aug 08
Solaris, opensolaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3666
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured; and (2) local users to cause a denial of service (panic) via a call to sendfilev or sendfile.
Thu, 14 Aug 08
VirtualCenter
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3514
Unspecified vulnerability in VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 allows attackers to determine valid user names via an "attempt to assign permissions to other system users."
Thu, 14 Aug 08
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2259
Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability."
Thu, 14 Aug 08
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2258
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2257, aka "HTML Objects Memory Corruption Vulnerability."
Thu, 14 Aug 08
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2257
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2258, aka "HTML Objects Memory Corruption Vulnerability."
Thu, 14 Aug 08
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2256
Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability."
Thu, 14 Aug 08
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2255
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability."
Thu, 14 Aug 08
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2254
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability."
Thu, 14 Aug 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1457
The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
Thu, 14 Aug 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1456
Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
Thu, 14 Aug 08
Ruby
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3657
The dl module in Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
Thu, 14 Aug 08
Ruby
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3656
Algorithmic complexity vulnerability in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.
Thu, 14 Aug 08
Ruby
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3655
Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.
Thu, 14 Aug 08
tikiki_cms_groupware
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3654
Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.
Thu, 14 Aug 08
tikiki_cms_groupware
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3653
Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.
Thu, 14 Aug 08
racoon
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3652
src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).
Thu, 14 Aug 08
ipsec_tools_racoon_daemon
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3651
Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.
Thu, 14 Aug 08
Groupware Webmail Edition
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3650
Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.
Thu, 14 Aug 08
article_friendly
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3649
SQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter.
Thu, 14 Aug 08
presenter
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3516
Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3515.
Thu, 14 Aug 08
presenter
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3515
Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516.
Thu, 14 Aug 08
Tomcat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2938
Directory traversal vulnerability in Apache Tomcat 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370.
Thu, 14 Aug 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2246
Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
Thu, 14 Aug 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2245
Heap-based buffer overflow in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
Thu, 14 Aug 08
CVE-2008-1455 (office_powerpoint, office_powerpoint_viewer, compatibility_pack_word_excel_powerp...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1455
A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka "Parsing Overflow Vulnerability."
Thu, 14 Aug 08
Outlook Express, Windows Mail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1448
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not properly handle MHTML URL redirections, which allows remote attackers to bypass Internet Explorer domain restrictions via crafted HTTP headers, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
Thu, 14 Aug 08
office_powerpoint_viewer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0121
A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
Thu, 14 Aug 08
office_powerpoint_viewer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0120
A "memory allocation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, aka "Memory Allocation Vulnerability."
Thu, 14 Aug 08
Windows Messenger
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0082
An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.
Thu, 14 Aug 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3648
nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
Thu, 14 Aug 08
Office, office_converter_pack, Works
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3460
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability."
Thu, 14 Aug 08
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3275
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 does not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.
Thu, 14 Aug 08
personal_firewall, Internet Security Suite, host_based_intrusion_prevention_system
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3174
Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related to "insufficient validation."
Thu, 14 Aug 08
Office, office_converter_pack, Works
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3021
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018.
Thu, 14 Aug 08
Office, office_converter_pack, Works
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3020
Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability."
Thu, 14 Aug 08
Office, office_converter_pack, Works
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3019
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability."
Thu, 14 Aug 08
Office, office_converter_pack, Works
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3018
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021.
Thu, 14 Aug 08
Office, office_excel_viewer, office_compatibility_pack, SharePoint Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3006
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability."
Thu, 14 Aug 08
Office
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3005
Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac, do not properly validate an unspecified array index when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Index Array Vulnerability."
Thu, 14 Aug 08
Office, office_excel_viewer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3004
Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability."
Thu, 14 Aug 08
Office
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3003
Microsoft Office Excel 2007 Gold and SP1, does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
Thu, 14 Aug 08
CVE-2008-2926 (Internet Security Suite 2007, Internet Security Suite 2008, personal_firewall_200...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2926
The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request.
Wed, 13 Aug 08
email_server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3607
The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via multiple long LOGIN commands.
Wed, 13 Aug 08
WinGate
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3606
Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information.
Wed, 13 Aug 08
encrypted_usb_manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3605
Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, when the Re-use Threshold for passwords is nonzero, allows remote attackers to conduct offline brute force attacks via unknown vectors.
Wed, 13 Aug 08
zeebuddy
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3604
SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
Wed, 13 Aug 08
Vacation Rental Script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3603
SQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections action.
Wed, 13 Aug 08
php_ring_webring_system
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3602
admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
Wed, 13 Aug 08
Quicksilver Forums
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3601
SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action.
Wed, 13 Aug 08
Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3600
Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action.
Wed, 13 Aug 08
openimpro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3599
SQL injection vulnerability in image.php in OpenImpro 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Wed, 13 Aug 08
psipuss
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3598
Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php.
Wed, 13 Aug 08
Skulltag
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3597
Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game.
Wed, 13 Aug 08
harmoni
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3596
Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allows remote attackers to inject arbitrary web script or HTML via the Username field, which is inserted into logs that could be rendered when viewed by an administrator.
Wed, 13 Aug 08
txtsql
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3595
PHP remote file inclusion vulnerability in examples/txtSQLAdmin/startup.php in txtSQL 2.2 Final allows remote attackers to execute arbitrary PHP code via a URL in the CFG[txtsql][class] parameter.
Wed, 13 Aug 08
E-Store Kit-1, E-Store Kit-2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3594
SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter.
Wed, 13 Aug 08
syzygycms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3593
Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
Wed, 13 Aug 08
symphony
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3592
Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/.
Wed, 13 Aug 08
symphony
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3591
SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.
Wed, 13 Aug 08
CVE-2008-3590 (e.z._poll)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3590
Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 13 Aug 08
mozilocms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3589
Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.
Wed, 13 Aug 08
phsBlog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3588
Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to comments.php, (2) cid parameter to index.php, and the (3) urltitle parameter to entries.php.
Wed, 13 Aug 08
homes_4_sale
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3587
Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter.
Wed, 13 Aug 08
com_ezstore
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3586
SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
Wed, 13 Aug 08
greencart_php_shopping_cart
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3585
Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) product_desc.php and (2) store_info.php.
Wed, 13 Aug 08
intellitamper
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3583
Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. NOTE: this might be related to CVE-2008-3360.
Wed, 13 Aug 08
php-mysql, php-mysql_news_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3582
SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Wed, 13 Aug 08
k-links
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3581
Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the login_message parameter in a login action.
Wed, 13 Aug 08
k-links
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3580
Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to visit.php, or the PATH_INFO to the default URI under (2) report/, (3) addreview/, or (4) refer/.
Wed, 13 Aug 08
atmail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3579
Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitation of CVE-2008-3395. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 13 Aug 08
HydraIRC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3578
HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long irc:// URI.
Wed, 13 Aug 08
OpenTTD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3577
Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttd_main function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments.
Wed, 13 Aug 08
OpenTTD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3576
Buffer overflow in the TruncateString function in src/gfx.cpp in OpenTTD before 0.6.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string. NOTE: some of these details are obtained from third party information.
Wed, 13 Aug 08
ezcontents_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3575
PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[gsLanguage] parameter, a different vector than CVE-2006-4477 and CVE-2004-0132.
Wed, 13 Aug 08
Pluck
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3574
Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/head...
Wed, 13 Aug 08
pligg, PHP-Nuke
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3573
The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string.
Wed, 13 Aug 08
Pligg CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3572
Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 allows remote attackers to inject arbitrary web script or HTML via the category parameter.
Wed, 13 Aug 08
phaser
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3571
The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900.
Wed, 13 Aug 08
africa_be_gone
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3570
PHP remote file inclusion vulnerability in index.php in Africa Be Gone (ABG) 1.0a allows remote attackers to execute arbitrary PHP code via a URL in the abg_path parameter.
Wed, 13 Aug 08
XAMPP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3569
Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php.
Wed, 13 Aug 08
unak-cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3568
Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote attackers to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a different vulnerability than CVE-2006-4890.1.
Wed, 13 Aug 08
Winamp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3567
Unspecified vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 has unknown impact and attack vectors.
Wed, 13 Aug 08
freeForum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3566
Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter to (1) the default URI or (2) index.php, or (3) the PATH_INFO to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 13 Aug 08
mrbs
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3565
Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 13 Aug 08
dayfox_blog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3564
Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
Wed, 13 Aug 08
Plogger
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3563
Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings.
Wed, 13 Aug 08
Chupix CMS, cms_contact_module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3562
Directory traversal vulnerability in index.php in the Contact module in Chupix CMS 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mods parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 13 Aug 08
shopsystem
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3561
SQL injection vulnerability in s03.php in Powergap Shopsystem, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the ag parameter.
Wed, 13 Aug 08
jboss_enterprise_application_server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3273
JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.
Wed, 13 Aug 08
kshop_module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3560
Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter.
Wed, 13 Aug 08
KAPhotoservice
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3559
Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice allow remote attackers to inject arbitrary web script or HTML via the (1) filename parameter to search.asp and the (2) page parameter to order.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 13 Aug 08
webex_meeting_manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3558
Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Webex Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method. NOTE: some of these details are obtained from third party information.
Wed, 13 Aug 08
free_hosting_manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3557
Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies.
Wed, 13 Aug 08
battlenet_clan_script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3556
Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522.
Wed, 13 Aug 08
links, forum, gallery, knowledge_base
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3555
Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, and (4) Links 4.1.44 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences.
Wed, 13 Aug 08
discuz
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3554
SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action.
Wed, 13 Aug 08
J2ME
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3553
Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Wed, 13 Aug 08
series_40
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3552
Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1 later devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11-15." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Wed, 13 Aug 08
java_platform_micro_edition, wireless_toolkit
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3551
Multiple unspecified vulnerabilities in Sun Java Platform Micro Edition (aka Java ME, J2ME, or mobile Java), as distributed in Sun Wireless Toolkit 2.5.2, allow remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Wed, 13 Aug 08
Rational ClearQuest
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3550
The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability.
Wed, 13 Aug 08
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3535
Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the Linux Test Project.
Wed, 13 Aug 08
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3534
The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count.
Wed, 13 Aug 08
Pidgin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3532
The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
Wed, 13 Aug 08
PowerDNS, authoritative_server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3337
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
Wed, 13 Aug 08
GnuTLS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2377
Use after free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.
Wed, 13 Aug 08
QEMU
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1945
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
Wed, 13 Aug 08
HP-UX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1664
Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.
Wed, 13 Aug 08
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3272
The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.
Wed, 13 Aug 08
Solaris, opensolaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0965
Unspecified vulnerability in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allows remote attackers to execute arbitrary code via a crafted SMB packet, a different vulnerability than CVE-2008-0964.
Wed, 13 Aug 08
Solaris, opensolaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0964
Unspecified vulnerability in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allows remote attackers to execute arbitrary code via a crafted SMB packet, a different vulnerability than CVE-2008-0965.
Sat, 9 Aug 08
opensolaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3549
Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in Sun Solaris 10 and OpenSolaris before snv_90 allows local users to cause a denial of service (system hang or panic) via unknown vectors.
Sat, 9 Aug 08
Netra T5220 Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3548
Unspecified vulnerability in the Sun Netra T5220 Server with firmware 7.1.3 allows local users to cause a denial of service (panic) via unknown vectors.
Sat, 9 Aug 08
GIT
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3546
Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.
Sat, 9 Aug 08
basis_consultant_book_catalog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3513
SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 9 Aug 08
Kleinanzeigen module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3512
SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php.
Sat, 9 Aug 08
Image Gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3511
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the im...
Sat, 9 Aug 08
Crafty Syntax Live Help
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3510
Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty Syntax Live Help (CSLH) 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter.
Sat, 9 Aug 08
LoveCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3509
LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code, related to "inserted page blocks." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 9 Aug 08
litenews
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3508
LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie.
Sat, 9 Aug 08
litenews
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3507
SQL injection vulnerability in index.php in LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.
Fri, 8 Aug 08
polypager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3506
SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to execute arbitrary SQL commands via the nr parameter to the default URI.
Fri, 8 Aug 08
polypager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3505
Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via the nr parameter to the default URI.
Fri, 8 Aug 08
mask_php_file_manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3504
Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 has unknown impact and remote attack vectors related to "manipulation of cookies."
Fri, 8 Aug 08
plain_black_webgui
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3503
RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data).
Fri, 8 Aug 08
request_tracker
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3502
Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl.
Fri, 8 Aug 08
Groupwise
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3501
Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Fri, 8 Aug 08
suggested_terms_module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3500
Cross-site scripting (XSS) vulnerability in the Suggested Terms module 5.x before 5.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via crafted Taxonomy terms.
Fri, 8 Aug 08
CVE-2008-3499 (cms4000.net)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3499
Unspecified vulnerability in "a page in the workarea folder" in Ektron CMS400.NET 7.00 through 7.04 and 7.50 through 7.52 has unknown impact and attack vectors.
Fri, 8 Aug 08
com_netinvoice
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3498
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.
Fri, 8 Aug 08
MyPHP CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3497
SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
Fri, 8 Aug 08
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3496
Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors.
Fri, 8 Aug 08
pcshey_portal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3495
SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter.
Fri, 8 Aug 08
R3000 Internet Filter
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3494
8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header.
Fri, 8 Aug 08
realvnc_windows_client
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3493
vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC servers to cause a denial of service (application crash) via a crafted frame buffer update packet.
Fri, 8 Aug 08
CVE-2008-3492 (America's Army)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3492
America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted UDP packet, probably involving a VoiceIndex value that is outside of the range specified by VOICE_MAX_CHATTERS.
Fri, 8 Aug 08
Apache
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2939
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI.
Fri, 8 Aug 08
ipost, itgp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3491
SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action.
Fri, 8 Aug 08
online_dating
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3490
SQL injection vulnerability in members/mail.php in E-topbiz Online Dating 3 1.0 allows remote authenticated users to execute arbitrary SQL commands via the mail_id parameter in a veiw action.
Thu, 7 Aug 08
PHPX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3489
SQL injection vulnerability in checkCookie function in includes/functions.inc.php in PHPX 3.5.16 allows remote attackers to execute arbitrary SQL commands via a PXL cookie.
Thu, 7 Aug 08
iManager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3488
Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors.
Thu, 7 Aug 08
phpauction_gpl_enhanced
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3487
SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Thu, 7 Aug 08
coppermine_photo_gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3486
Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie.
Thu, 7 Aug 08
MetaFrame Presentation Server, xp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3485
Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path.
Thu, 7 Aug 08
estoreaff
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3484
SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php.
Thu, 7 Aug 08
screwturn_wiki
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3483
Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and 2.0.30 allows remote attackers to inject arbitrary web script or HTML via error messages in the "/admin.aspx - System Log" page.
Thu, 7 Aug 08
BL_C111, BL_C131, BB_HCM511, BB_HCM531, BB_HCM580, BB_HCM581, BB_HCM527, BB_HCM515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3482
Cross-site scripting (XSS) vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Thu, 7 Aug 08
coppermine_photo_gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3481
themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
Thu, 7 Aug 08
xvm_virtualbox
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3431
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
Thu, 7 Aug 08
Ingres
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3389
Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport.
Thu, 7 Aug 08
Ingres
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3357
Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability."
Thu, 7 Aug 08
Ingres
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3356
verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.
Wed, 6 Aug 08
OpenVPN
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3459
Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) "lladdr" and (2) "iproute" configuration directives, probably related to shell metacharacters.
Wed, 6 Aug 08
vtiger_crm
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3458
Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory.
Wed, 6 Aug 08
phpMyAdmin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3457
Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php.
Wed, 6 Aug 08
phpMyAdmin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3456
phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.
Wed, 6 Aug 08
php_hosting_directory
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3455
PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter.
Wed, 6 Aug 08
php_hosting_directory
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3454
JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1.
Wed, 6 Aug 08
impresscms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3453
Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files."
Wed, 6 Aug 08
eNdonesia, calendar_module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3452
SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php.
Tue, 5 Aug 08
PhpWebGallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3451
PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile.
Tue, 5 Aug 08
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3450
Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors.
Tue, 5 Aug 08
MailEnable
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3449
MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder.
Tue, 5 Aug 08
csphonebook
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3448
Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.
Tue, 5 Aug 08
F-Prot Antivirus, scanning_engine
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3447
The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attackers to cause a denial of service (infinite loop) via a malformed ZIP archive, probably related to invalid offsets.
Tue, 5 Aug 08
letterit
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3446
Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
Tue, 5 Aug 08
phpMyRealty
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3445
SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter.
Tue, 5 Aug 08
Firefox
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3444
The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted but well-formed web page that contains "a simple set of legitimate HTML tags."
Tue, 5 Aug 08
websphere_portal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3423
IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors.
Tue, 5 Aug 08
Tomcat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2370
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
Tue, 5 Aug 08
quicklook
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2325
QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking."
Tue, 5 Aug 08
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2324
The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs.
Tue, 5 Aug 08
data_detectors_engine
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2323
Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages.
Tue, 5 Aug 08
coregraphics
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2322
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow.
Tue, 5 Aug 08
coregraphics
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2321
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments."
Tue, 5 Aug 08
carboncore
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2320
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename.
Tue, 5 Aug 08
Tomcat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1232
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
Tue, 5 Aug 08
WinZip
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3442
WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Tue, 5 Aug 08
Winamp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3441
Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Tue, 5 Aug 08
Java
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3440
Sun Java before 1.6.0_03 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Tue, 5 Aug 08
speedbit_video_accelerator
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3439
SpeedBit Video Acceleration before 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Tue, 5 Aug 08
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3438
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Tue, 5 Aug 08
CVE-2008-3437 (OpenOffice.org)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3437
OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Tue, 5 Aug 08
Notepad++
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3436
The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Tue, 5 Aug 08
browser_toolbar
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3435
LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Tue, 5 Aug 08
iTunes
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3434
Apple iTunes before 6.0.5.20 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Tue, 5 Aug 08
download_accelerator_plus
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3433
SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Tue, 5 Aug 08
CVE-2008-3175 (BrightStor ARCserve Backup, arcserve_backup_for_laptops_and_desktops, desktop_man...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3175
Unspecified vulnerability in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors, related to "insufficient bounds checking."
Tue, 5 Aug 08
Python
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3144
Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.
Tue, 5 Aug 08
Python
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3143
Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) as...
Sat, 2 Aug 08
Python
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3142
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.
Sat, 2 Aug 08
libxslt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2935
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
Sat, 2 Aug 08
Python
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2316
Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."
Sat, 2 Aug 08
Python
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2315
Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules.
Sat, 2 Aug 08
opensc
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2235
OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.
Sat, 2 Aug 08
MaxDB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1810
Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable.
Sat, 2 Aug 08
system_administration_manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1662
Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list."
Sat, 2 Aug 08
nfs_utils
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1376
A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions.
Fri, 1 Aug 08
K9 Web Protection, filter
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2952
Multiple stack-based buffer overflows in the filter service (aka k9filter.exe) in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow (1) remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and (2) man-in-the-middle attackers to execute arbitrary code via an HTTP response with a long HTTP version field.
Fri, 1 Aug 08
Eyeball Messenger SDK
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3430
Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in Eyeball MessengerSDK, as used in products such as SiOL Komunikator 1.3, allows remote attackers to execute arbitrary code via a large argument supplied to the BGColor method. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer.
Fri, 1 Aug 08
httrack, winhttrack
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3429
Buffer overflow in URI processing in HTTrack and WinHTTrack before 3.42-3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL.
Fri, 1 Aug 08
phpFreeChat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3428
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter.
Fri, 1 Aug 08
mimsy_xg
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3427
Multiple SQL injection vulnerabilities in Möbius for Mimsy XG 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in browse.php and (2) the s parameter in detail.php.
Fri, 1 Aug 08
Solaris, opensolaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3426
Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpicl, and prtfru.
Fri, 1 Aug 08
Java System Web Server plugin, N1 Service Provisioning System
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3425
Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors.
Fri, 1 Aug 08
condor
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3424
Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.
Fri, 1 Aug 08
Mono
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3422
Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren).
Fri, 1 Aug 08
Blackboard Academic Suite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3421
Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to change a student's configuration and enrollments via (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp.
Fri, 1 Aug 08
mobius_web_publishing_software
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3420
Multiple SQL injection vulnerabilities in Mobius Web Publishing Software 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to browse.php or (2) the s parameter in an exhibitions action to detail.php.
Fri, 1 Aug 08
youtuber_clone
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3419
SQL injection vulnerability in ugroups.php in Youtuber Clone allows remote attackers to execute arbitrary SQL commands via the UID parameter.
Fri, 1 Aug 08
trio
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3418
SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 1 Aug 08
fipsCMS light
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3417
SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the r parameter, a different vector than CVE-2006-6115 and CVE-2007-2561.
Fri, 1 Aug 08
IceBB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3416
SQL injection vulnerability in modules/members.php in IceBB before 1.0-rc9.3 allows remote attackers to execute arbitrary SQL commands via the username parameter in a members action to index.php, related to an incorrect protection mechanism in the clean_string function in includes/functions.php.
Fri, 1 Aug 08
CMScout
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3415
Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences.
Fri, 1 Aug 08
CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3414
SQL injection vulnerability in line2.php in SiteAdmin allows remote attackers to execute arbitrary SQL commands via the art parameter.
Fri, 1 Aug 08
Auction Platinum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3413
SQL injection vulnerability in category.php in Greatclone GC Auction Platinum allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
Fri, 1 Aug 08
epshop
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3412
SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI.
Fri, 1 Aug 08
akw-d800
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3411
The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests.
Fri, 1 Aug 08
unreal_tournament_3
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3410
Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a UDP packet in which the value of a certain size field is greater than the total packet length, aka attack 2 in ut3mendo.c.
Fri, 1 Aug 08
unreal_tournament_3
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3409
Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a UDP packet containing a large value in a certain size field, followed by a data string of that size, aka attack 1 in ut3mendo.c.
Fri, 1 Aug 08
CoolPlayer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3408
Stack-based buffer overflow in CoolPlayer allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file.
Fri, 1 Aug 08
phpLinkat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3407
phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie.
Fri, 1 Aug 08
phpLinkat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3406
SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
Fri, 1 Aug 08
nzfotolog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3405
Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter.
Fri, 1 Aug 08
mjguest
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3404
Cross-site scripting (XSS) vulnerability in guestbook.js.php in MJGuest 6.8 GT allows remote attackers to inject arbitrary web script or HTML via the link parameter.
Fri, 1 Aug 08
mojopersonals
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3403
SQL injection vulnerability in mojoClassified.cgi in MojoPersonals allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Fri, 1 Aug 08
hiox_random_ad
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3402
Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php.
Fri, 1 Aug 08
hiox_random_ad
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3401
PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
Fri, 1 Aug 08
xrms_crm
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3400
XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.
Fri, 1 Aug 08
xrms_crm
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3399
PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.
Fri, 1 Aug 08
xrms_crm
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3398
Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129.
Fri, 1 Aug 08
cerberus_cms
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3397
Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie.
Fri, 1 Aug 08
Unreal Tournament 2004
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3396
Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain sequence of malformed packets.
Fri, 1 Aug 08
atmail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3395
Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 1 Aug 08
bookmine
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3394
Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in BookMine allow remote attackers to inject arbitrary web script or HTML via the (1) gallery and (2) search_string parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 1 Aug 08
bookmine
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3393
SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 1 Aug 08
web_wiz_forums
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3392
Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp.
Fri, 1 Aug 08
web_wiz_forums
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3391
Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9.5 allow remote attackers to inject arbitrary web script or HTML via the mode parameter to (1) admin_group_details.asp and (2) admin_category_details.asp.
Fri, 1 Aug 08
minishowcase_image_gallery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3390
Directory traversal vulnerability in libraries/general.init.php in Minishowcase Image Gallery 09b136, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
Fri, 1 Aug 08
def_blog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3388
Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php.
Fri, 1 Aug 08
phpfootball
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3387
SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter.
Fri, 1 Aug 08
video_share_enterprise
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3386
SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086.
Fri, 1 Aug 08
php_help_agent
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3385
Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
Fri, 1 Aug 08
interact
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3384
Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) module and (2) file parameters.
Fri, 1 Aug 08
mojoauto
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3383
SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote attackers to execute arbitrary SQL commands via the cat_a parameter in a browse action.
Fri, 1 Aug 08
mojoclassifieds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3382
SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.
Fri, 1 Aug 08
MoinMoin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3381
Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Fri, 1 Aug 08
easybookmarker
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3380
Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in MyioSoft EasyBookMarker 4.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the rs parameter.
Fri, 1 Aug 08
visualpic
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3379
Cross-site scripting (XSS) vulnerability in Snark VisualPic 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the pic parameter to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 1 Aug 08
fizzmedia
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3378
SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
Fri, 1 Aug 08
phptest
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3377
SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
Fri, 1 Aug 08
Jamroom
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3376
Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors.
Fri, 1 Aug 08
Jamroom
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3375
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie.
Fri, 1 Aug 08
Gregarius
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3374
SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action.
Fri, 1 Aug 08
AVG Antivirus
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3373
The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allows remote attackers to cause a denial of service (engine crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.
Fri, 1 Aug 08
getacoder_clone
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3372
SQL injection vulnerability in search_form.php in Getacoder Clone allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
Fri, 1 Aug 08
TalkBack
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3371
Directory traversal vulnerability in install/help.php in TalkBack 2.3.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
Fri, 1 Aug 08
centera_universal_access
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3370
SQL injection vulnerability in the CUA Login Module in EMC Centera Universal Access (CUA) 4.0_4735.p4 allows remote attackers to execute arbitrary SQL commands via the user (user name) field.
Fri, 1 Aug 08
viart_shop
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3369
SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.