Software Vulnerability
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Archives
| Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |Tue, 30 Sep 08
fedora
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3524
rc.sysinit in initscripts before 8.76.3-1 in Fedora 9 allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run.
Tue, 30 Sep 08
pcu400
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2474
Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit 400 (PCU400) 4.4 through 4.6 allows remote attackers to execute arbitrary code via a crafted packet using the (1) IEC60870-5-101 or (2) IEC60870-5-104 communication protocol to the X87 web interface.
Tue, 30 Sep 08
lighttpd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4298
Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.
Tue, 30 Sep 08
mercurial
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4297
Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.
Tue, 30 Sep 08
linksys_wrt350n
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4296
The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.
Tue, 30 Sep 08
windows_mobile
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4295
Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
Tue, 30 Sep 08
tivoli_netcool_webtop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4294
IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user privileges after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation, as demonstrated by a root session that is still valid after a subsequent read-only session has begun.
Tue, 30 Sep 08
opera
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4293
Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to execute arbitrary code via unknown vectors in which Opera is launched by other applications.
Tue, 30 Sep 08
CVE-2008-4292 (opera, opera9.50)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4292
Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory.
Tue, 30 Sep 08
CVE-2008-4200 (opera, opera9.50)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4200
Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker.
Tue, 30 Sep 08
CVE-2008-4199 (opera, opera9.50)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4199
Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."
Tue, 30 Sep 08
CVE-2008-4198 (opera, opera9.50)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4198
Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the http page.
Tue, 30 Sep 08
opera
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4197
Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.
Tue, 30 Sep 08
CVE-2008-4196 (opera, opera9.50)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4196
Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Tue, 30 Sep 08
CVE-2008-4195 (opera, opera9.50)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4195
Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script.
Tue, 30 Sep 08
cmdb, service_desk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4119
Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms."
Tue, 30 Sep 08
seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4070
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages."
Tue, 30 Sep 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3528
The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this...
Tue, 30 Sep 08
ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3813
Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet.
Tue, 30 Sep 08
ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3812
Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet.
Tue, 30 Sep 08
ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3811
Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different vulnerability than CVE-2008-3810.
Tue, 30 Sep 08
ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3810
Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than CVE-2008-3811.
Tue, 30 Sep 08
ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3809
Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet.
Tue, 30 Sep 08
ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3808
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet.
Tue, 30 Sep 08
ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3807
Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this community and sending SNMP requests.
Tue, 30 Sep 08
ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3806
Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3805.
Tue, 30 Sep 08
ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3805
Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3806.
Tue, 30 Sep 08
ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3804
Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software path is used.
Tue, 30 Sep 08
ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3803
A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances.
Tue, 30 Sep 08
ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3802
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka Cisco bug ID CSCsk42759, a different vulnerability than CVE-2008-3800 and CVE-2008-3801.
Tue, 30 Sep 08
ios, unified_callmanager, unified_communications_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3801
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802.
Tue, 30 Sep 08
ios, unified_callmanager, unified_communications_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3800
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.
Tue, 30 Sep 08
ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3799
Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages.
Tue, 30 Sep 08
ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3798
Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session.
Tue, 30 Sep 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3638
Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs.
Tue, 30 Sep 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3637
The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."
Tue, 30 Sep 08
ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2739
The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a different vulnerability than CVE-2008-1447.
Sat, 27 Sep 08
freebsd, netbsd, openbsd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4247
ftpd in OpenBSD 4.3, FreeBSD 7.0, and NetBSD 4.0 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
Sat, 27 Sep 08
denora_irc_stats
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4246
Unspecified vulnerability in Denora IRC Stats Server before 1.4.1 allows remote IRC servers to cause a denial of service (application crash) via a crafted CTCP response.
Sat, 27 Sep 08
rianxosencabos_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4245
The Admin Control Panel in Rianxosencabos CMS 0.9 does not require administrator privileges, which allows remote authenticated users to (1) change a user's privileges, (2) delete a user account, or perform unspecified other administrative actions via vectors involving an admin lista action to the default URI, possibly related to useradmin.php.
Sat, 27 Sep 08
rianxosencabos_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4244
Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1.
Sat, 27 Sep 08
unreal_tournament_3
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4243
Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 (UT3) 1.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
Sat, 27 Sep 08
proftpd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4242
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
Fri, 26 Sep 08
ultra_plus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4241
SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie.
Fri, 26 Sep 08
firefox, seamonkey
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4069
The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.
Fri, 26 Sep 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4068
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.
Fri, 26 Sep 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4067
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.
Fri, 26 Sep 08
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4066
Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav?ascript" sequence, aka "HTML escaped low surrogates bug."
Fri, 26 Sep 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4065
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."
Fri, 26 Sep 08
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4064
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in t...
Fri, 26 Sep 08
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4063
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a cer...
Fri, 26 Sep 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4062
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) int...
Fri, 26 Sep 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4061
Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.
Fri, 26 Sep 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4060
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.
Fri, 26 Sep 08
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4059
The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.
Fri, 26 Sep 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4058
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.
Fri, 26 Sep 08
firefox, seamonkey
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3837
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.
Fri, 26 Sep 08
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3836
feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions.
Fri, 26 Sep 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3835
The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.
Fri, 26 Sep 08
firefox, seamonkey
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0016
Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
Fri, 26 Sep 08
osads_alliance_database
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4208
Unspecified vulnerability in OSADS Alliance Database before 2.1 has unknown impact and attack vectors, possibly related to includes/functions.php, a different issue than CVE-2006-2874.
Fri, 26 Sep 08
dolphin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4207
Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php in the main folder, which allows remote attackers to obtain sensitive information via a direct request.
Fri, 26 Sep 08
dolphin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4206
PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter.
Fri, 26 Sep 08
dolphin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4205
SQL injection vulnerability in index.php in Attachmax Dolphin 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a Search action.
Fri, 26 Sep 08
hotel_reservation_system
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4204
SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation System (HRS) allows remote attackers to execute arbitrary SQL commands via the city parameter.
Fri, 26 Sep 08
czarnews
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4203
SQL injection vulnerability in cn_users.php in CzarNews 1.20 and earlier allows remote attackers to execute arbitrary SQL commands via a recook cookie.
Fri, 26 Sep 08
linkscaffepro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4202
SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 allows remote attackers to execute arbitrary SQL commands via the idd parameter in a deadlink action.
Fri, 26 Sep 08
squirrelmail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3663
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Fri, 26 Sep 08
fuzzylime_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3098
Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuzzylime (cms) before 3.03 allows remote attackers to inject arbitrary web script or HTML via the user parameter to the login form.
Fri, 26 Sep 08
faad2
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201
Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.
Fri, 26 Sep 08
pdnsd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4194
The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug."
Fri, 26 Sep 08
securitygateway
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4193
Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter.
Fri, 26 Sep 08
emacspeak
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4191
extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file.
Thu, 25 Sep 08
openswan
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4190
The IPSEC livetest tool in Openswan 2.4.4 and earlier allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files.
Thu, 25 Sep 08
mantis
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3102
Mantis does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Thu, 25 Sep 08
talk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4153
The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, does not perform access checks for a node before displaying comments, which allows remote attackers to obtain sensitive information.
Thu, 25 Sep 08
talk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4152
Cross-site scripting (XSS) vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via a node title.
Thu, 25 Sep 08
cyask
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4151
Directory traversal vulnerability in collect.php in CYASK 3.x allows remote attackers to read arbitrary files via a .. (dot dot) in the neturl parameter.
Thu, 25 Sep 08
diesel_joke_site
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4150
SQL injection vulnerability in picture_category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3763.
Thu, 25 Sep 08
link_to_us
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4149
Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to Us module 5.x before 5.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link page header" field.
Thu, 25 Sep 08
mailhandler
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4148
SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API.
Thu, 25 Sep 08
mailsave
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4147
Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x before 5.x-3.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an attached file that has a modified Content-Type.
Thu, 25 Sep 08
addalink
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4146
Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field.
Thu, 25 Sep 08
addalink
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4145
SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
Thu, 25 Sep 08
e-gold_script_shop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4144
SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Script Shop allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action.
Thu, 25 Sep 08
shopping_cart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4143
SQL injection vulnerability in category_search.php in RazorCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the id parameter.
Thu, 25 Sep 08
e-php_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4142
SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
Thu, 25 Sep 08
CVE-2008-4141 (.x10_automatic_mp3_script)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4141
Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.php.
Thu, 25 Sep 08
CVE-2008-4140 (quick.cart)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4140
Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string.
Thu, 25 Sep 08
CVE-2008-4139 (quick.cms.lite)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4139
Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution Quick.Cms.Lite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query string.
Thu, 25 Sep 08
technote
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4138
PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in Technote 7 allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter.
Thu, 25 Sep 08
php_crawler
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4137
PHP remote file inclusion vulnerability in footer.php in PHP-Crawler 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the footer_file parameter.
Thu, 25 Sep 08
pftp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4136
Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote attackers to cause a denial of service (service crash) via multiple RETR commands, possibly involving long filenames.
Wed, 24 Sep 08
workcentre, workcentre_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4189
Buffer overflow in the printer sharing services in the Samba code in Xerox ESS/Network Controller in Pro 2xx Series before *.60.22.016, 7655/7665/7675 products before 040.033.53050, and 56xx Series before 21.113.02.015 allows remote attackers to modify system configuration via unknown attack vectors related to "Remote Service Message Block (SMB) responses." NOTE: due to insufficient details, it is unclear whether this is a duplicate of an existing CVE identifier for Samba.
Wed, 24 Sep 08
secure_directory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4188
Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) extension before 1.0.2 allows remote attackers to execute arbitrary code via unknown vectors related to "injection of control characters."
Wed, 24 Sep 08
proactive_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4187
Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
Wed, 24 Sep 08
webcms_portal_edition
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4186
SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id_doc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 24 Sep 08
webcms_portal_edition
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4185
SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213.
Wed, 24 Sep 08
webcms_portal_edition
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4184
Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal Edition allows remote attackers to inject arbitrary web script or HTML via the patron parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 24 Sep 08
integramod
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4183
IntegraMOD 1.4.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup via a direct request to a backup/backup-yyyy-dd-mm.sql filename.
Wed, 24 Sep 08
turba_contact_manager_h3
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4182
Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session.
Wed, 24 Sep 08
fantastico_de_luxe
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4181
Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
Wed, 24 Sep 08
nooms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4180
Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the g_dbuser parameter and a password in the g_dbpwd parameter, and possibly a "localhost" g_dbhost parameter value, related to a "Mysql Remote Brute Force Vulnerability."
Wed, 24 Sep 08
nooms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4179
Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) page_id parameter to smileys.php and the (2) q parameter to search.php.
Wed, 24 Sep 08
builder, new_addon
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4178
SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
Wed, 24 Sep 08
pre_real_estate_listings
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4177
SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter.
Wed, 24 Sep 08
fot_video_scripti
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4176
SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta allows remote attackers to execute arbitrary SQL commands via the oyun parameter.
Wed, 24 Sep 08
linkbidscript
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4175
Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) ucat parameter to upgrade.php and the (2) id parameter to linkadmin/edit.php.
Wed, 24 Sep 08
dynamic_mp3_lister
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4174
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dynamic MP3 Lister 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) currentpath, (2) invert, (3) search, and (4) sort parameters.
Wed, 24 Sep 08
drupal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3661
Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Wed, 24 Sep 08
jboss_enterprise_application_platform
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3519
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273.
Wed, 24 Sep 08
memht_portal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4164
cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
Wed, 24 Sep 08
bind
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4163
Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors.
Wed, 24 Sep 08
nooms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4162
Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the g_site_url parameter.
Wed, 24 Sep 08
assetman
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4161
SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action.
Wed, 24 Sep 08
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4160
Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation.
Wed, 24 Sep 08
suse_linux
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3949
Emacs in SUSE Linux imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.
Wed, 24 Sep 08
proarcadescript
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4173
SQL injection vulnerability in ProArcadeScript 1.3 allows remote attackers to execute arbitrary SQL commands via the random parameter to the default URI.
Wed, 24 Sep 08
cars-vehicles_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4172
SQL injection vulnerability in page.php in Cars & Vehicle (aka Cars-Vehicle Script) allows remote attackers to execute arbitrary SQL commands via the lnkid parameter.
Wed, 24 Sep 08
invision_power_board
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4171
SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter.
Wed, 24 Sep 08
oscommerce
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4170
create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message.
Tue, 23 Sep 08
easyindex
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4169
SQL injection vulnerability in detaillist.php in iScripts EasyIndex allows remote attackers to execute arbitrary SQL commands via the produid parameter.
Tue, 23 Sep 08
stingray_fts
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4168
Cross-site scripting (XSS) vulnerability in verify_login.jsp in Pro2col Stingray FTS allows remote attackers to inject arbitrary web script or HTML via the form_username parameter (aka user name field).
Tue, 23 Sep 08
ezphotogallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4167
useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account.
Tue, 23 Sep 08
avant_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4166
Integer overflow in the JavaScript engine in Avant Browser 11.7 Build 9 and earlier allows remote attackers to cause a denial of service (application crash) by attempting to URL encode a string containing many instances of an invalid character.
Tue, 23 Sep 08
kolab_groupware_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4165
admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the referer string.
Tue, 23 Sep 08
jaw_portal, zanfi_cms_lite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4159
SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter.
Tue, 23 Sep 08
zanfi_cms_lite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4158
Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc parameters.
Tue, 23 Sep 08
phpvid
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4157
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610.
Tue, 23 Sep 08
gaming_portal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4156
SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Portal 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
Tue, 23 Sep 08
easysite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4155
Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1) module or (2) action parameter in (a) www/index.php; the (3) module, (4) ss_module, or (5) ss_action parameter in (b) modules/Module/index.php or (c) modules/Themes/index.php; or the (6) module parameter in (d) inc/vmenu.php.
Tue, 23 Sep 08
webedition_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4154
SQL injection vulnerability in living-e webEdition CMS allows remote attackers to execute arbitrary SQL commands via the we_objectID parameter.
Tue, 23 Sep 08
symbian_os
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4135
Symbian OS S60 3rd edition on the Nokia E90 Communicator and Nseries N82 allows remote attackers to cause a denial of service (device crash) via multiple deauthentication (DeAuth) frames.
Tue, 23 Sep 08
phprealty
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4134
PHP remote file inclusion vulnerability in manager/static/view.php in phpRealty 0.03 and earlier, and possibly other versions before 0.05, allows remote attackers to execute arbitrary PHP code via a URL in the INC parameter.
Tue, 23 Sep 08
dir-100
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4133
The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.
Tue, 23 Sep 08
vsflexgrid
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4132
Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne VSFlexGrid 7.0.1.151 and 8.0.20072.239 allows remote attackers to execute arbitrary code via a long first argument to the Archive method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 23 Sep 08
solaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4131
Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs.
Sat, 20 Sep 08
gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4130
Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to "interact with the embedding page."
Sat, 20 Sep 08
gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4129
Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.
Sat, 20 Sep 08
ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4128
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.
Sat, 20 Sep 08
gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3662
Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Sat, 20 Sep 08
flexnet_connect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2470
The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service (memory corruption and browser crash) and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response.
Sat, 20 Sep 08
ie
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4127
Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function.
Sat, 20 Sep 08
python-dns
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4126
PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099.
Sat, 20 Sep 08
phpbb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4125
The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632.
Sat, 20 Sep 08
python
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4108
Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
Sat, 20 Sep 08
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4107
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.
Sat, 20 Sep 08
wordpress
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4106
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password ...
Sat, 20 Sep 08
joomla
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4105
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.
Sat, 20 Sep 08
joomla
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4104
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
Sat, 20 Sep 08
com_mailto
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4103
The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam.
Sat, 20 Sep 08
joomla
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4102
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.
Sat, 20 Sep 08
vim
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4101
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.
Sat, 20 Sep 08
adns
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4100
GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.
Sat, 20 Sep 08
python-dns
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4099
PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Fri, 19 Sep 08
sound_master_2nd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4118
Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Fri, 19 Sep 08
management_center
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4117
Unspecified vulnerability in a web page in the PRM module in Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
Fri, 19 Sep 08
itunes, quicktime
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4116
Heap-based buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file.
Fri, 19 Sep 08
openssh
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4109
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch, and before 4.6p1-1 on sid and lenny, uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.
Fri, 19 Sep 08
mysql
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4098
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
Fri, 19 Sep 08
mysql
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4097
MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.
Fri, 19 Sep 08
phpmyadmin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4096
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.
Fri, 19 Sep 08
illustrator
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3961
Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macintosh allow user-assisted attackers to execute arbitrary code via a crafted AI file.
Fri, 19 Sep 08
twiki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3195
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.
Fri, 19 Sep 08
landesk_management_suite, landesk_security_suite, landesk_server_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2468
Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Manager 8.8 and earlier allow remote attackers to execute arbitrary code via a crafted heal request, related to the StringToMap and StringSize arguments.
Fri, 19 Sep 08
flexnet_connect, intallshield_update_agent
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1093
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.
Thu, 18 Sep 08
talkback
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4115
TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function.
Thu, 18 Sep 08
windows-nt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4114
srv.sys in Microsoft Windows Vista SP1 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, as demonstrated by a request to the PIPElsarpc named pipe.
Thu, 18 Sep 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4113
The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.
Thu, 18 Sep 08
twiki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4112
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable.
Thu, 18 Sep 08
websphere_application_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4111
Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors.
Thu, 18 Sep 08
iphone, ipod_touch, safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3950
Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.
Thu, 18 Sep 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3622
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection."
Thu, 18 Sep 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3621
VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media.
Thu, 18 Sep 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3619
Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files.
Thu, 18 Sep 08
mac_os_x
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3618
The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing was unintended.
Thu, 18 Sep 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3617
Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer.
Thu, 18 Sep 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3616
Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions.
Thu, 18 Sep 08
mac_os_x
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3613
Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network.
Thu, 18 Sep 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3611
Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a password-change attempt is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen.
Thu, 18 Sep 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3610
Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list.
Thu, 18 Sep 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3609
The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file.
Thu, 18 Sep 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3608
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile.
Thu, 18 Sep 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2332
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.
Thu, 18 Sep 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2331
Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator.
Thu, 18 Sep 08
mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2330
slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue."
Thu, 18 Sep 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2329
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used allows attackers to enumerate user names via wildcard characters in the Login Window.
Thu, 18 Sep 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2312
Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file.
Thu, 18 Sep 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2305
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."
Thu, 18 Sep 08
sql_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4110
Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in ToolsBinnsqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue might only be exploitable in limited browser configurations.
Thu, 18 Sep 08
client-server-messaging_security, officescan
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2437
Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.
Wed, 17 Sep 08
flip4mac_wmv
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4095
Multiple unspecified vulnerabilities in Flip4Mac WMV before 2.2.1 have unknown impact and attack vectors, different vulnerabilities than CVE-2007-6713.
Tue, 16 Sep 08
yourownbux
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4093
SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter.
Tue, 16 Sep 08
myphpnuke
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4092
SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter.
Tue, 16 Sep 08
web_directory_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4091
SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.
Tue, 16 Sep 08
coupon_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4090
SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an addtocart action, a different vector than CVE-2007-2672.
Tue, 16 Sep 08
myphpnuke
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4089
Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
Tue, 16 Sep 08
myphpnuke
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4088
SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
Tue, 16 Sep 08
beatcraft
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4087
Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allows user-assisted attackers to cause a denial of service or execute arbitrary code via a Beatcraft Project (aka bcproj) file with a long string in a certain instruments title field.
Tue, 16 Sep 08
reciprocal_links_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4086
SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.
Tue, 16 Sep 08
plait
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4085
Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/.
Tue, 16 Sep 08
easyclassifields
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4084
SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action.
Tue, 16 Sep 08
brim
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4083
Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information.
Tue, 16 Sep 08
brim
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4082
SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php.
Tue, 16 Sep 08
stash
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4081
admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie.
Tue, 16 Sep 08
stash
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4080
SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. NOTE: some of these details are obtained from third party information.
Tue, 16 Sep 08
movable_type
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4079
Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Tue, 16 Sep 08
ledgersmb, sql-ledger
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4078
SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Tue, 16 Sep 08
ledgersmb, sql-ledger
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4077
The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
Tue, 16 Sep 08
interactive_bbs, simple_bbs, topics_bbs, tor_board
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4076
Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917.
Tue, 16 Sep 08
d-iscussion_board
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4075
Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.
Tue, 16 Sep 08
autodealers_cms_autonline
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4074
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
Tue, 16 Sep 08
autodealers_cms_autonline
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4073
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action.
Tue, 16 Sep 08
phsblog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4072
Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588.
Tue, 16 Sep 08
acrobat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4071
A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL.
Tue, 16 Sep 08
kernel, postfix
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3889
Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.
Tue, 16 Sep 08
horde, popoon
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3824
Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.
Tue, 16 Sep 08
horde
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3823
Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.
Tue, 16 Sep 08
CVE-2008-3529 (desktop, desktop_workstation, enterprise_linux, enterprise_linux_desktop, libxml2...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3529
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long XML entity name.
Tue, 16 Sep 08
freeipa
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3274
The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.
Tue, 16 Sep 08
adminutil
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2932
Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via % (percent) encoded HTTP input to unspecified CGI scripts in Fedora Directory Server. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-2929.
Tue, 16 Sep 08
sharity
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4057
Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a "serious security problem."
Tue, 16 Sep 08
matterdaddy_market
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4056
Cross-site scripting (XSS) vulnerability in admin/login.php in Matterdaddy Market 1.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 16 Sep 08
million_pixel_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4055
SQL injection vulnerability in tops_top.php in Million Pixel Ad Script (Million Pixel Script) allows remote attackers to execute arbitrary SQL commands via the id_cat parameter.
Tue, 16 Sep 08
download_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4054
SQL injection vulnerability in indir.php in Kolifa.net Download Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Tue, 16 Sep 08
popnupblog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4053
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) cat_id, and (3) view parameters.
Tue, 16 Sep 08
openvms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4052
Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors.
Tue, 16 Sep 08
smart_survey
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4051
Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart Survey 1.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 16 Sep 08
friendly_pppoe_client
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4050
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method.
Tue, 16 Sep 08
friendly_pppoe_client
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4049
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method.
Tue, 16 Sep 08
friendly_pppoe_client
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4048
Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary code via a long third argument to the CreateURLShortcut method.
Tue, 16 Sep 08
novell_forum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4047
Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7.0, 7.1, 7.2, 7.3, and 8.0 allows remote attackers to execute arbitrary TCL code via a modified URL. NOTE: this might overlap CVE-2007-6515.
Tue, 16 Sep 08
elitecms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4046
SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
Tue, 16 Sep 08
CVE-2008-4045 (@mail)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4045
Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML via the (1) file and (2) HelpFile parameters to parse.php, the (3) Folder and (4) start parameters to showmail.php, and the (5) abookview parameter to abook.php.
Tue, 16 Sep 08
aj_hyip
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4044
SQL injection vulnerability in article/readarticle.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the artid parameter.
Tue, 16 Sep 08
aj_hyip
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4043
Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute arbitrary SQL commands via the artid parameter to (1) acme/article/comment.php or (2) prime/article/comment.php.
Tue, 16 Sep 08
postfix
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4042
Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.
Tue, 16 Sep 08
softalk_mail_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4041
The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1.431 allows remote authenticated users to cause a denial of service (resource consumption and daemon crash) via a long IMAP APPEND command with certain repeated parameters.
Tue, 16 Sep 08
fs_118mfp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4040
Directory traversal vulnerability in the Kyocera Command Center in Kyocera FS-118MFP allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
Tue, 16 Sep 08
spice_classifieds
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4039
SQL injection vulnerability in index.php in Spice Classifieds allows remote attackers to execute arbitrary SQL commands via the cat_path parameter.
Tue, 16 Sep 08
netbsd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3584
NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a crafted PPPoE packet.
Fri, 5 Sep 08
Ed
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3916
Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.
Fri, 5 Sep 08
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3911
The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file.
Fri, 5 Sep 08
dns2tcp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3910
dns2tcp before 0.4.1 does not properly handle negative values in a certain length field in the input argument to the (1) dns_simple_decode or (2) dns_decode function, which allows remote attackers to overwrite a buffer and have unspecified other impact.
Fri, 5 Sep 08
Django
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3909
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.
Fri, 5 Sep 08
wordnet
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3908
Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context-dependent attackers to execute arbitrary code via (1) a long argument on the command line; a long (2) WNSEARCHDIR, (3) WNHOME, or (4) WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka data file). NOTE: since WordNet itself does not run with special privileges, this issue only crosses privilege boundaries when WordNet is invoked as a third party component.
Fri, 5 Sep 08
newsbeuter
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3907
The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL.
Fri, 5 Sep 08
Mono
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3906
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
Fri, 5 Sep 08
Ruby
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3905
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Fri, 5 Sep 08
gpicview
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3904
src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
Fri, 5 Sep 08
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6716
fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.
Fri, 5 Sep 08
adaptive_security_appliance_5500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2736
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636.
Fri, 5 Sep 08
adaptive_security_appliance_5500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2735
The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of service (device reload) via a URI in a crafted SSL or HTTP packet, aka Bug ID CSCsq19369.
Fri, 5 Sep 08
adaptive_security_appliance_5500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2734
Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a denial of service (memory consumption and VPN hang) via a crafted SSL or HTTP packet, aka Bug ID CSCso66472.
Fri, 5 Sep 08
adaptive_security_appliance_5500, PIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2733
Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942.
Fri, 5 Sep 08
adaptive_security_appliance_5500, PIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2732
Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a denial of service (device reload) via unknown vectors, aka Bug IDs CSCsq07867, CSCsq57091, CSCsk60581, and CSCsq39315.
Fri, 5 Sep 08
Cisco Secure Access Control Server, Secure ACS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2441
CSRadius.exe in Cisco Secure ACS does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via a crafted (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS packet.
Fri, 5 Sep 08
ClamAV
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1389
libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."
Thu, 4 Sep 08
68dtt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3902
HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer, aka SSRT080104.
Thu, 4 Sep 08
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1739
Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption.
Thu, 4 Sep 08
software_suspend_2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3901
Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Thu, 4 Sep 08
bios
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3900
Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Thu, 4 Sep 08
TrueCrypt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3899
TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the researcher mentions a response from the vendor denying the vulnerability.
Thu, 4 Sep 08
drivecrypt_plus_pack
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3898
Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Thu, 4 Sep 08
disckcryptor
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3897
DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Thu, 4 Sep 08
grub_legacy
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3896
Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Thu, 4 Sep 08
lilo
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3895
LILO 22.6.1 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Thu, 4 Sep 08
lenovo_7cetb5ww
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3894
IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Thu, 4 Sep 08
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3893
Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Thu, 4 Sep 08
VMWare Workstation, VMWare Player, ACE, VMware Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3892
Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a ca...
Thu, 4 Sep 08
google_apps
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3891
The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field.
Thu, 4 Sep 08
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3792
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.26.3 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst,...
Thu, 4 Sep 08
lightweight_x11_desktop_environment
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3791
src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rot.jpg temporary file.
Thu, 4 Sep 08
VMWare Workstation, VMWare Player, ACE, VMware Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3698
Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors.
Thu, 4 Sep 08
VMware Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3697
An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request.
Thu, 4 Sep 08
VMWare Workstation, VMWare Player, ACE, VMware Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3696
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3...
Thu, 4 Sep 08
VMWare Workstation, VMWare Player, ACE, VMware Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3695
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3...
Thu, 4 Sep 08
VMWare Workstation, VMWare Player, ACE, VMware Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3694
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3...
Thu, 4 Sep 08
VMWare Workstation, VMWare Player, ACE, VMware Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3693
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3...
Thu, 4 Sep 08
VMWare Workstation, VMWare Player, ACE, VMware Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3692
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3...
Thu, 4 Sep 08
VMWare Workstation, VMWare Player, ACE, VMware Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3691
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3...
Thu, 4 Sep 08
OpenView Network Node Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3537
Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3536.
Thu, 4 Sep 08
OpenView Network Node Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3536
Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3537.
Thu, 4 Sep 08
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3525
The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.
Thu, 4 Sep 08
vtiger_crm
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3101
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php.
Thu, 4 Sep 08
esx
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2101
The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process.
Wed, 3 Sep 08
mini_nuke_freehost
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3888
SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a member_details action.
Wed, 3 Sep 08
dotProject
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3887
Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in a viewuser action.
Wed, 3 Sep 08
dotProject
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3886
Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, (2) the date parameter in a calendar day_view action, (3) the callback parameter in a public calendar action, or (4) the type parameter in a ticketsmith action.
Wed, 3 Sep 08
Blogn
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3885
Cross-site request forgery (CSRF) vulnerability in Blogn (BURO GUN) 1.9.7 and earlier allows remote attackers to make content modifications as arbitrary users via unspecified vectors. NOTE: some of these details are obtained from third party information.
Wed, 3 Sep 08
Blogn
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3884
Cross-site scripting (XSS) vulnerability in Blogn (BURO GUN) 1.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2006-6176.
Wed, 3 Sep 08
caudium
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3883
configvar in Caudium 1.4.12 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/roken#####.pike temporary file.
Wed, 3 Sep 08
zoneminder
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3882
ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands (aka "Command Injection") via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.
Wed, 3 Sep 08
zoneminder
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3881
Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to unspecified "zm_html_view_*.php" files.
Wed, 3 Sep 08
zoneminder
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3880
SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter.
Wed, 3 Sep 08
ultra_office_control
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3879
The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument (SaveAsDocument argument) to the Save method.
Wed, 3 Sep 08
ultra_office_control
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3878
Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 in Ultra Shareware Ultra Office Control allows remote attackers to execute arbitrary code via long strUrl, strFile, and strPostData parameters to the HttpUpload method.
Wed, 3 Sep 08
mixcraft
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3877
Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96 and 4.2 Build 98 allows user-assisted attackers to execute arbitrary code via a crafted .mx4 file.
Wed, 3 Sep 08
iPhone
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3876
Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow.
Wed, 3 Sep 08
Solaris, opensolaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3875
The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls.
Wed, 3 Sep 08
Libxml2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3538
libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."
Wed, 3 Sep 08
Wireshark, Ethereal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3146
Unspecified vulnerability in Wireshark and Ethereal on SUSE Linux allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
Wed, 3 Sep 08
Ruby
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2728
Integer overflow in the rb_ary_splice function in Ruby 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "1.6.x variant" of the "beg + rlen" issue.
Wed, 3 Sep 08
Ruby
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2727
Integer overflow in the rb_ary_splice function in Ruby 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "1.6.x variant" of the "REALLOC_N" variant.
Wed, 3 Sep 08
Directory Server, directory_server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3283
Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests.
Wed, 3 Sep 08
CVE-2008-3282 (OpenOffice.org)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3282
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152.
Wed, 3 Sep 08
Directory Server, directory_server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2930
Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem.
Wed, 3 Sep 08
Directory Server, directory_server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2929
Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.
Wed, 3 Sep 08
Directory Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2928
Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header.
Wed, 3 Sep 08
Vanilla
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3874
Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). NOTE: some of these details are obtained from third party information.
Wed, 3 Sep 08
Flash Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3873
The System.setClipboard method in Adobe Flash Player allows remote attackers to populate the clipboard with a URL that is difficult to delete, as exploited in the wild in August 2008.
Wed, 3 Sep 08
web_print_object, print_wizard
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3480
Stack-based buffer overflow in the Anzio Web Print Object (WePO) ActiveX control 3.2.19 and 3.2.24, as used in Anzio Print Wizard, allows remote attackers to execute arbitrary code via a long mainurl parameter.
Wed, 3 Sep 08
phpMyRealty
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3861
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php.
Wed, 3 Sep 08
Lotus Quickr
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3860
Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-...