Software Vulnerability
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Archives
| Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |Fri, 28 Nov 08
tivoli_access_manager_for_e-business
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5257
webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-business allows remote attackers to cause a denial of service (crash or hang) via HTTP requests, as demonstrated by a McAfee vulnerability scan.
Fri, 28 Nov 08
virtualox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5256
The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file.
Fri, 28 Nov 08
opensuse, suse_linux, suse_linux_enterprise_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4636
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.
Fri, 28 Nov 08
enterprise_linux, enterprise_linux_desktop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4315
tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.
Fri, 28 Nov 08
enterprise_linux, enterprise_linux_desktop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4313
A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.
Fri, 28 Nov 08
freebsd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5162
The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.
Fri, 28 Nov 08
hf
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2378
Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling of the -k option.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5248
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5247
The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5246
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5245
xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5244
Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5243
The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5242
demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5241
Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM).
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5240
xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code v...
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5239
xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows.
Thu, 27 Nov 08
xine
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5238
Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field.
Thu, 27 Nov 08
xine
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5237
Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c.
Thu, 27 Nov 08
xine
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5236
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_fil...
Thu, 27 Nov 08
xine
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5235
Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5234
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5233
xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
Thu, 27 Nov 08
windows
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5232
Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 27 Nov 08
iprint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5231
Stack-based buffer overflow in the ExecuteRequest method in the Novell iPrint ActiveX control in ienipp.ocx in Novell iPrint Client 5.06 and earlier allows remote attackers to execute arbitrary code via a long target-frame option value, a different vulnerability than CVE-2008-2431.
Thu, 27 Nov 08
iprint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2432
Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument.
Thu, 27 Nov 08
iprint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2431
Multiple buffer overflows in Novell iPrint Client before 5.06 allow remote attackers to execute arbitrary code by calling the Novell iPrint ActiveX control (aka ienipp.ocx) with (1) a long third argument to the GetDriverFile method; a long first argument to the (2) GetPrinterURLList or (3) GetPrinterURLList2 method; (4) a long argument to the GetFileList method; a long argument to the (5) GetServerVersion, (6) GetResourceList, or (7) DeleteResource method, related to nipplib.dll; a long uploa...
Thu, 27 Nov 08
basic
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2429
Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php. NOTE: vector 1 might overlap CVE-2007-3183.3, and vector 2 might overlap CVE-2005-1865.2.
Thu, 27 Nov 08
cisco
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5230
The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng.
Thu, 27 Nov 08
windows, windowst
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5229
Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command.
Thu, 27 Nov 08
workplace_content_management
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5228
Cross-site scripting (XSS) vulnerability in IBM Workplace Content Management (WCM) 6.0G and 6.1 before CF8, when a Page Navigation Component shows menu entries, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in the URI, related to parameters "not being encoded."
Thu, 27 Nov 08
phpcow
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5227
Unspecified vulnerability in PHPCow allows remote attackers to execute arbitrary code via unknown vectors, related to a "file inclusion vulnerability," as exploited in the wild in November 2008.
Thu, 27 Nov 08
flash_media_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5109
The default configuration of Adobe Flash Media Server (FMS) 3.0 does not enable SWF Verification for (1) RTMPE and (2) RTMPTE sessions, which makes it easier for remote attackers to make copies of video content via stream-capture software.
Thu, 27 Nov 08
streamripper
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4829
Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via (1) a long "Zwitterion v" HTTP header, related to the http_parse_sc_header function; (2) a crafted pls playlist with a long entry, related to the http_get_pls function; or (3) a crafted m3u playlist with a long File entry, related to the http_get_m3u function.
Thu, 27 Nov 08
iphone_os, safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4233
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.
Thu, 27 Nov 08
iphone_os, safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4232
Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.
Thu, 27 Nov 08
iphone_os, safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4231
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Thu, 27 Nov 08
iphone_os
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4230
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593.
Thu, 27 Nov 08
iphone_os
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4229
Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.
Thu, 27 Nov 08
iphone_os
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4228
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number.
Thu, 27 Nov 08
iphone_os
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4227
Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level that was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic.
Thu, 27 Nov 08
libxml
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4226
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
Thu, 27 Nov 08
libxml
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4225
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
Thu, 27 Nov 08
iphone_os
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1586
ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image.
Wed, 26 Nov 08
mambads, mambo
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5226
SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.
Wed, 26 Nov 08
docushare
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5225
Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories.
Wed, 26 Nov 08
kent-web_mart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5224
Cross-site scripting (XSS) vulnerability in Kent Web Mart 1.61 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Wed, 26 Nov 08
commerce
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5223
SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
Wed, 26 Nov 08
dvbbs
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5222
SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Wed, 26 Nov 08
wportfolio
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5221
The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.
Wed, 26 Nov 08
wportfolio
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5220
Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.
Wed, 26 Nov 08
videoscript
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5219
The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters.
Wed, 26 Nov 08
freeze_greetings
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5218
ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords.
Tue, 25 Nov 08
txtcms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5217
Directory traversal vulnerability in index.php in txtCMS 0.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.
Tue, 25 Nov 08
zeuscart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5216
SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Tue, 25 Nov 08
clanlite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5215
SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter.
Tue, 25 Nov 08
clanlite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5214
Cross-site scripting (XSS) vulnerability in service/calendrier.php in ClanLite 2.2006.05.20 allows remote attackers to inject arbitrary web script or HTML via the annee parameter.
Tue, 25 Nov 08
aj_article
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5213
SQL injection vulnerability in featured_article.php in AJ Article 1.0 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a search detail action.
Tue, 25 Nov 08
aj_auction
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5212
SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
Tue, 25 Nov 08
sphider
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5211
Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506.
Tue, 25 Nov 08
phpblock
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5210
Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter to (1) script/init/createallimagecache.php, (2) allincludefortick.php and (3) test.php in script/tick/, and (4) modules/dungeon/tick/allincludefortick.php, different vectors than CVE-2008-1776.
Tue, 25 Nov 08
admidio
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5209
Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Tue, 25 Nov 08
com_datsogallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5208
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
Tue, 25 Nov 08
jonascms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5207
Multiple directory traversal vulnerabilities in Jonascms 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the taal parameter to (1) backup.php and (2) gb_voegtoe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 25 Nov 08
mosxml
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5206
PHP remote file inclusion vulnerability in modules/mod_mainmenu.php in MosXML 1 Alpha allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 25 Nov 08
wellyblog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5205
Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allows remote attackers to inject arbitrary web script or HTML via the articleid parameter in an add action.
Tue, 25 Nov 08
poweraward
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5204
Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15...
Tue, 25 Nov 08
poweraward
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5203
Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter.
Tue, 25 Nov 08
otmanager_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5202
Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS 24a allows remote attackers to inject arbitrary web script or HTML via the conteudo parameter.
Tue, 25 Nov 08
otmanager_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5201
Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
Tue, 25 Nov 08
com_xewebtv
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5200
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
Tue, 25 Nov 08
ideabox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5199
PHP remote file inclusion vulnerability in include.php in PHPOutsourcing IdeaBox (aka IdeBox) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the gorumDir parameter.
Tue, 25 Nov 08
acmlmboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5198
SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter.
Tue, 25 Nov 08
php-fusion
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5197
SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action.
Tue, 25 Nov 08
the_kroax_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5196
SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter.
Sat, 22 Nov 08
sebraccms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5195
Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors.
Sat, 22 Nov 08
online_booking_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5194
SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 22 Nov 08
philboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5193
Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024.
Sat, 22 Nov 08
philboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5192
SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might overlap CVE-2008-2334, CVE-2008-1939, CVE-2007-2641, or CVE-2007-0920.
Sat, 22 Nov 08
seportal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5191
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.
Sat, 22 Nov 08
eshop100
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5190
SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter.
Sat, 22 Nov 08
ruby_on_rails
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5189
CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
Sat, 22 Nov 08
ecryptfs_utils
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5188
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
Sat, 22 Nov 08
imlib2
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5187
The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 22 Nov 08
geshi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5186
** DISPUTED ** The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows contro...
Sat, 22 Nov 08
geshi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5185
The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using "<".
Sat, 22 Nov 08
cups
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5184
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
Sat, 22 Nov 08
cups
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5183
cupsd in CUPS before 1.3.8 allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.
Sat, 22 Nov 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5182
The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount.
Fri, 21 Nov 08
office_communicator
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5181
Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons.
Fri, 21 Nov 08
office_communicator
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5180
Microsoft Communicator allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
Fri, 21 Nov 08
office_communications_server, office_communicator, windows_live_messenger
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5179
Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet.
Fri, 21 Nov 08
opera
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5178
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI.
Fri, 21 Nov 08
yosemite_backup
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5177
Stack-based buffer overflow in the DtbClsLogin function in Yosemite Backup 8.7 allows remote attackers to (1) execute arbitrary code on a Linux platform, related to libytlindtb.so; or (2) cause a denial of service (application crash) and possibly execute arbitrary code on a Windows platform, related to ytwindtb.dll; via a long username field during authentication.
Fri, 21 Nov 08
wincom_mpd_total
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5176
Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.623 and earlier allow remote attackers to execute arbitrary code via (1) a long 0x02 command to the remote administration service on TCP port 13500 or (2) a long invalid control filename to LPDService.exe on TCP port 515.
Thu, 20 Nov 08
aceftpfreeware, aceftppro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5175
Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
Thu, 20 Nov 08
jokes_complete_website
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5174
SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid parameter.
Thu, 20 Nov 08
testmaker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5173
Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors.
Thu, 20 Nov 08
yazd_forum_software
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5172
Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Software 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to (a) search.jsp, and the (2) msg parameter to (b) error.jsp and (c) userAccount.jsp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 20 Nov 08
phpblaster_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5171
Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) DB, (2) lang, and (3) skin parameters.
Thu, 20 Nov 08
cheats_complete_website
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5170
SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
Thu, 20 Nov 08
drinks_complete_website
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5169
SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter.
Thu, 20 Nov 08
tips_complete_website
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5168
SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 allows remote attackers to execute arbitrary SQL commands via the tipid parameter.
Thu, 20 Nov 08
orca
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5167
PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.
Thu, 20 Nov 08
riddles_website
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5166
SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter.
Thu, 20 Nov 08
eticket
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5165
Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php.
Thu, 20 Nov 08
the_rat_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5164
Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) viewarticle.php and (b) viewarticle2.php and the (2) PATH_INFO to viewarticle.php.
Thu, 20 Nov 08
the_rat_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5163
Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewarticle.php and (2) viewarticle2.php.
Thu, 20 Nov 08
openssh, tectia_client, tectia_connector, tectia_connectsecure, tectia_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5161
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easi...
Wed, 19 Nov 08
myserver
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5160
Unspecified vulnerability in MyServer 0.8.11 allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests with the HTTP GET, DELETE, OPTIONS, and possibly other methods, related to a "204 No Content error."
Wed, 19 Nov 08
wincome_mpd_total
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5159
Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption.
Wed, 19 Nov 08
wincome_mpd_total
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5158
Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving "simply skipping the auth stage."
Wed, 19 Nov 08
tau
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5157
tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts.
Wed, 19 Nov 08
systemimager-server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5156
si_mkbootserver in systemimager-server 3.6.3 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.inetd.conf or (2) /tmp/pxe.conf.*.tmp temporary file.
Wed, 19 Nov 08
smsclient
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5155
mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/header.##### or (2) /tmp/body.##### temporary file, or append data to arbitrary files via a symlink attack on the (3) /tmp/sms.log temporary file.
Wed, 19 Nov 08
p3nfs
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5154
bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file.
Wed, 19 Nov 08
moodle
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5153
spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.
Wed, 19 Nov 08
mh-book
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5152
inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file.
Wed, 19 Nov 08
mayavi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5151
test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file.
Wed, 19 Nov 08
maildirsync
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5150
sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file.
Wed, 19 Nov 08
libncbi6
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5149
fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.
Wed, 19 Nov 08
gnetlist
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5148
sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.
Wed, 19 Nov 08
docvert
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5147
test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/outer.odt temporary file.
Wed, 19 Nov 08
ctn
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5146
add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.
Wed, 19 Nov 08
ltp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5145
ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file.
Wed, 19 Nov 08
nvidia-cg-toolkit
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5144
nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file.
Wed, 19 Nov 08
multi-gnome-terminal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5143
mgt-helper in multi-gnome-terminal 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.debug or (2) /tmp/*.env temporary file.
Wed, 19 Nov 08
freebsd-sendpr
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5142
sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pr.##### temporary file.
Wed, 19 Nov 08
flamethrower
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5141
flamethrower in flamethrower 0.1.8 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/multicast.tar.##### temporary file.
Wed, 19 Nov 08
mailscanner
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5140
trend-autoupdate.new in mailscanner 4.55.10 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file.
Wed, 19 Nov 08
jailer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5139
updatejail in jailer 0.4 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file.
Wed, 19 Nov 08
libpam_mount
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5138
passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file.
Wed, 19 Nov 08
tkman
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5137
tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file.
Wed, 19 Nov 08
tkusr
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5136
tkusr in tkusr 0.82 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/tkusr.pgm temporary file.
Wed, 19 Nov 08
os-prober
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5135
** DISPUTED ** os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users."
Wed, 19 Nov 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5134
Buffer overflow in the lbs_process_bss function in drivers/net/wireless/libertas/scan.c in the libertas subsystem in the Linux kernel before 2.6.27.5 allows remote attackers to have an unknown impact via an "invalid beacon/probe response."
Wed, 19 Nov 08
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5133
ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named.
Wed, 19 Nov 08
memht_portal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5132
SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
Wed, 19 Nov 08
news_and_article_system
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5131
Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel (admin/index.php).
Wed, 19 Nov 08
calendar_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5130
Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb.
Wed, 19 Nov 08
poll_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5129
Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb.
Wed, 19 Nov 08
membership_manager_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5128
Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb.
Wed, 19 Nov 08
contact_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5127
Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb.
Wed, 19 Nov 08
CVE-2008-5126
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5126
Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.
Wed, 19 Nov 08
ccleague
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5125
admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin.
Wed, 19 Nov 08
secure_ftp_applet
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5124
JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks.
Wed, 19 Nov 08
ccleague
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5123
SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter.
Wed, 19 Nov 08
CVE-2008-5122 (cms4000.net)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5122
SQL injection vulnerability in ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter.
Wed, 19 Nov 08
deterministic_network_enhancer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5121
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.
Wed, 19 Nov 08
openvms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5120
Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.
Wed, 19 Nov 08
dxshopcart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5119
Cross-site scripting (XSS) vulnerability in search.php in Scripts4Profit DXShopCart 4.30mc allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
Wed, 19 Nov 08
java_system_identity_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5118
Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection."
Wed, 19 Nov 08
java_system_identity_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5117
Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Wed, 19 Nov 08
java_system_identity_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5116
Unspecified vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to access files in the local filesystem of the IDM server via unknown vectors.
Wed, 19 Nov 08
java_system_identity_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5115
Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to obtain access to the Administrator account via unspecified vectors.
Wed, 19 Nov 08
java_system_identity_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5114
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Wed, 19 Nov 08
wordpress
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5113
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.
Wed, 19 Nov 08
windows
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5112
The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
Wed, 19 Nov 08
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5111
Unspecified vulnerability in the socket function in Sun Solaris 10 and OpenSolaris snv_57 through snv_91, when InfiniBand hardware is not installed, allows local users to cause a denial of service (panic) via unknown vectors, related to the socksdpv_close function.
Wed, 19 Nov 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5025
Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933.
Wed, 19 Nov 08
initscripts
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4832
rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time.
Wed, 19 Nov 08
service_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4415
Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors.
Wed, 19 Nov 08
serverprotect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0014
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013.
Wed, 19 Nov 08
serverprotect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0013
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014.
Wed, 19 Nov 08
serverprotect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0012
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014.
Wed, 19 Nov 08
serverprotect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0074
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC.
Wed, 19 Nov 08
serverprotect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0073
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read operation over RPC.
Wed, 19 Nov 08
serverprotect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0072
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC.
Wed, 19 Nov 08
serverprotect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5269
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, probably related to an RPC interface.
Wed, 19 Nov 08
serverprotect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5268
Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface."
Wed, 19 Nov 08
syslog-ng
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5110
syslog-ng does not call chdir before it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present.
Wed, 19 Nov 08
adobe_air
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5108
Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context-dependent attackers to execute untrusted JavaScript in an AIR application via unknown attack vectors.
Wed, 19 Nov 08
flash_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4824
Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors."
Wed, 19 Nov 08
desktop_server, presentation_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5107
The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.
Wed, 19 Nov 08
sami_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5106
Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to an arbitrary command, which triggers the overflow when the SamyFtp.binlog log file is viewed in the management console. NOTE: this may overlap CVE-2006-0441 and CVE-2006-2212.
Wed, 19 Nov 08
sami_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5105
KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash or hang) via certain (1) APPE, (2) CWD, (3) DELE, (4) MKD, (5) RMD, (6) RETR, (7) RNFR, (8) RNTO, (9) SIZE, and (10) STOR commands.
Wed, 19 Nov 08
vmbuilder
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5104
Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions.
Wed, 19 Nov 08
vmbuilder
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5103
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.
Wed, 19 Nov 08
zope
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5102
PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.
Wed, 19 Nov 08
optipng
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5101
Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow."
Wed, 19 Nov 08
CVE-2008-5100 (.net_framework)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5100
The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
Tue, 18 Nov 08
logical_domain_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5099
Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l" command, a different vulnerability than CVE-2008-4992.
Tue, 18 Nov 08
java_system_messaging_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5098
Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-2904.
Tue, 18 Nov 08
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4216
The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files."
Tue, 18 Nov 08
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3644
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.
Tue, 18 Nov 08
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3623
Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces.
Tue, 18 Nov 08
myfwb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5097
SQL injection vulnerability in index.php in MyFWB 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
Tue, 18 Nov 08
file_list_extension
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5096
Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.
Tue, 18 Nov 08
identity_manager_roles_based_provisioning_module, user_application
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5095
Cross-site scripting (XSS) vulnerability in the Novell User Application 3.0.1, 3.5.0, and 3.5.1; and Identity Manager Roles Based Provisioning Module 3.6.0 and 3.6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Tue, 18 Nov 08
edirectory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5094
Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors.
Tue, 18 Nov 08
edirectory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5093
Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Tue, 18 Nov 08
edirectory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5092
Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header.
Tue, 18 Nov 08
edirectory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5091
Buffer overflow in the LDAP Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors, possibly related to an "invalid extensibleMatch filter."
Tue, 18 Nov 08
advanced_electron_forum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5090
Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.
Tue, 18 Nov 08
activereports
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5089
Multiple insecure method vulnerabilities in the DDActiveReportsViewer2.ARViewer2 ActiveX control (arview2.ocx) in Data Dynamics ActiveReports 2.5.0.1314 allow remote attackers to overwrite arbitrary files via a call to the (1) Pages.Save, (2) PrintReport, or (3) Canvas.Save method.
Tue, 18 Nov 08
phpkb_knowledge_base_software
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5088
Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than CVE-2008-1909.
Tue, 18 Nov 08
another_backend_login
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5087
SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Sat, 15 Nov 08
htop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5076
htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings."
Sat, 15 Nov 08
e-uploader_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5075
Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the view parameter to (g) browser.php.
Sat, 15 Nov 08
freshlinks_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5074
SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
Sat, 15 Nov 08
zenworks_desktop_management
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5073
Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method.
Sat, 15 Nov 08
mega_codec_pack
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5072
vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers to cause a denial of service (application crash) via a malformed FLV file.
Sat, 15 Nov 08
yoxel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5071
Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.
Sat, 15 Nov 08
pro_chat_rooms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5070
SQL injection vulnerability in Pro Chat Rooms 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the gud parameter to (1) index.php and (2) admin.php.
Sat, 15 Nov 08
panuwat_promoteweb_mysql
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5069
SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 15 Nov 08
kmita_gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5068
Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter to index.php and the (2) searchtext parameter to search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 15 Nov 08
kmita_catalogue
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5067
Cross-site scripting (XSS) vulnerability in search.php in Kmita Catalogue 2.x allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 15 Nov 08
themesitescript
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5066
PHP remote file inclusion vulnerability in upload/admin/frontpage_right.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.
Sat, 15 Nov 08
tlguesbook
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5065
TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin.
Fri, 14 Nov 08
websoccer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5064
SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 14 Nov 08
otmanager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5063
PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter.
Fri, 14 Nov 08
mini_web_calendar
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5062
Directory traversal vulnerability in php/cal_pdf.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to read arbitrary files via directory traversal sequences in the thefile parameter.
Fri, 14 Nov 08
mini_web_calendar
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5061
Cross-site scripting (XSS) vulnerability in php/cal_default.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL.
Fri, 14 Nov 08
modernbill
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5060
Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) run_auto_suspend.cron.php, and (3) send_email_cache.php in include/scripts/; (4) include/misc/mod_2checkout/2checkout_return.inc.php; and (5) include/html/nettools.popup.php, different vectors than CVE-2006-4034 and CVE-2005-1054.
Fri, 14 Nov 08
modernbill
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5059
Cross-site scripting (XSS) vulnerability in index.php in ModernBill 4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the new_language parameter in a login action.
Fri, 14 Nov 08
pre_simple_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5058
SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. NOTE: some of these details are obtained from third party information.
Fri, 14 Nov 08
dizi_portali
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5057
SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the film parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 14 Nov 08
triolive
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5056
Cross-site scripting (XSS) vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to inject arbitrary web script or HTML via the department_id parameter to index.php.
Fri, 14 Nov 08
triolive
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5055
SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to execute arbitrary SQL commands via the department_id parameter to index.php.
Fri, 14 Nov 08
membership_system
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5054
Multiple SQL injection vulnerabilities in Develop It Easy Membership System 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters to customer_login.php and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
Fri, 14 Nov 08
com_rssreader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5053
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5052
The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5024
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.
Fri, 14 Nov 08
firefox, seamonkey
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5023
Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5022
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5021
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.
Fri, 14 Nov 08
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5019
The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5018
The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5017
Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5016
The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.
Fri, 14 Nov 08
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5015
Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5014
jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.
Fri, 14 Nov 08
firefox, seamonkey
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5013
Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5012
Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.
Fri, 14 Nov 08
firefox, seamonkey
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0017
The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.
Fri, 14 Nov 08
jooblog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5051
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.
Fri, 14 Nov 08
clamav
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5050
Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.
Fri, 14 Nov 08
anti-keylogger_elite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5049
Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft Anti-Keylogger Elite 3.3.0 and earlier, and possibly other versions including 3.3.3, allows local users to gain privileges via long inputs to the (1) 0x002224A4, (2) 0x002224C0, and (3) 0x002224CC IOCTL.
Fri, 14 Nov 08
anti-trojan_elite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5048
Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and earlier, and possibly 4.2.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long inputs to the 0x00222494 IOCTL.
Fri, 14 Nov 08
rental_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5047
SQL injection vulnerability in admin/index.php in Mole Group Rental Script allows remote attackers to execute arbitrary SQL commands via the username parameter.
Fri, 14 Nov 08
pizza_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5046
SQL injection vulnerability in index.php in Mole Group Pizza Script allows remote attackers to execute arbitrary SQL commands via the manufacturers_id parameter.
Fri, 14 Nov 08
ftp_now
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5045
Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly other versions, allows remote FTP servers to cause a denial of service (crash) via a 200 server response that is exactly 1024 characters long.
Fri, 14 Nov 08
gnutls
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4989
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).
Fri, 14 Nov 08
windows_server_2003, windows_vista
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5044
Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
Fri, 14 Nov 08
metrica_service_assurance_framework
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5043
Multiple cross-site scripting (XSS) vulnerabilities in the web-based interface in IBM Metrica Service Assurance Framework allow remote authenticated users to inject arbitrary web script or HTML via (1) the elementid parameter in a generatedreportresults action to the ReportTree program, (2) the jnlpname parameter to the Launch program, or (3) the :tasklabel parameter to the ReportRequest program, related to the name of a report.
Fri, 14 Nov 08
windows
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4037
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability."
Fri, 14 Nov 08
CVE-2008-4033 (20007_office_system, expression_web, office_compatibility_pack_for_word_excel_ppt...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4033
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
Fri, 14 Nov 08
internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4029
Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability."
Fri, 14 Nov 08
photovideotube
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5042
Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php.
Fri, 14 Nov 08
ro002_router
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5041
Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default password for the "rdc123" account, which makes it easier for remote attackers to obtain access. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 14 Nov 08
myforum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5040
Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1.
Fri, 14 Nov 08
league_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5039
Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php.
Fri, 14 Nov 08
edirectory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5038
Use after free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.
Fri, 14 Nov 08
image_gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5037
SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Wed, 12 Nov 08
vlc_media_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5036
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
Wed, 12 Nov 08
hardware_management_console
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5035
The Resource Monitoring and Control (RMC) daemon in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 and 3.3.0 SP2 allows remote attackers to cause a denial of service (daemon crash or hang) via a packet with an invalid length.
Wed, 12 Nov 08
printfilters-ppd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5034
** DISPUTED ** master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. NOTE: the vendor disputes this vulnerability, stating 'this package does not have " possibility of attack with the help of symlinks"'.
Wed, 12 Nov 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5033
The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service (NULL function pointer dereference and OOPS) via unknown vectors.
Wed, 12 Nov 08
vlc_media_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5032
Multiple stack-based buffer overflows in VideoLAN VLC media player 0.5.0 through 0.9.5 allow user-assisted attackers to execute arbitrary code via (1) the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c; or (2) an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c.
Wed, 12 Nov 08
python
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5031
Multiple integer overflows in Python 2.5.2 allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.
Wed, 12 Nov 08
libcaudio
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5030
Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote attackers to execute arbitrary code via long CDDB data.
Wed, 12 Nov 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5029
The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.
Wed, 12 Nov 08
mdrmsap_activex_control, sapgui
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4387
Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer.
Wed, 12 Nov 08
monitor, nagios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5028
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
Wed, 12 Nov 08
monitor, nagios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5027
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
Wed, 12 Nov 08
sharepoint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5026
Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents.
Wed, 12 Nov 08
lotus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5011
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860.
Wed, 12 Nov 08
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5010
in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.
Wed, 12 Nov 08
CVE-2008-5009 (solstice_x.25)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5009
Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file.
Tue, 11 Nov 08
secret_rabbit_code
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5008
Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or libsamplerate) before 0.1.4, when "extreme low conversion ratios" are used, allows user-assisted attackers to have an unknown impact via a crafted audio file.
Tue, 11 Nov 08
lazarus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5007
create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory.
Tue, 11 Nov 08
imap_toolkit
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5006
smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.
Tue, 11 Nov 08
alpine, imap_toolkit
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5005
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by th...
Tue, 11 Nov 08
bloggie_lite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5004
SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 11 Nov 08
shahrood
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5003
SQL injection vulnerability in ndetail.php in Shahrood allows remote attackers to execute arbitrary SQL commands via the id parameter.
Tue, 11 Nov 08
chilkat_crypt_activex_control
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5002
Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
Tue, 11 Nov 08
ultravnc
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5001
Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified parameters, a different issue than CVE-2008-0610.
Tue, 11 Nov 08
phpx
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5000
SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via uppercase characters in the news_id parameter.
Tue, 11 Nov 08
ace, esx, esxi, player, server, workstation
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4915
The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS.
Tue, 11 Nov 08
coldfusion
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4831
Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors.
Tue, 11 Nov 08
flash_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4823
Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute.
Tue, 11 Nov 08
flash_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4822
Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.
Tue, 11 Nov 08
flash_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4821
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors.
Tue, 11 Nov 08
flash_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4820
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors.
Tue, 11 Nov 08
flash_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4819
Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
Tue, 11 Nov 08
flash_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4818
Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers.
Tue, 11 Nov 08
esx, esxi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4281
Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors.
Tue, 11 Nov 08
unistim_ip_phone
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4999
Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the original researcher was not able to reliably reproduce the issue.
Tue, 11 Nov 08
twiki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4998
** DISPUTED ** postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid."
Tue, 11 Nov 08
datafreedom-perl
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4997
** DISPUTED ** dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. NOTE: the vendor disputes this vulnerability, stating that the vector is solely "an EXAMPLE used in the manpage."
Tue, 11 Nov 08
initramfs-tools
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4996
** DISPUTED ** init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable."
Tue, 11 Nov 08
bk2site
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4995
redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/redirect.log temporary file. NOTE: this vulnerability is only limited to debug mode, which is disabled by default.
Tue, 11 Nov 08
xmcd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4994
The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.*pid temporary file.
Sat, 8 Nov 08
xen
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4993
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.
Sat, 8 Nov 08
CVE-2008-4992 (blade_t6300_server, blade_t6320_server, fire_enterprise_server_t1000, fire_enterp...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4992
The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and 7.1.3 through 7.1.3.e on UltraSPARC T1, T2, and T2+ processors allows logical domain users to access memory in other logical domains via unknown vectors.
Sat, 8 Nov 08
tru64
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4414
Unspecified vulnerability in the AdvFS showfile command in HP Tru64 UNIX 5.1B-3 and 5.1B-4 allows local users to gain privileges via unspecified vectors.
Fri, 7 Nov 08
ec-cube
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4991
SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and earlier, 1.4.7 and earlier, and 1.5.0-beta2 and earlier; and Community Edition 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the parameter.
Fri, 7 Nov 08
xcal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4988
pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pscal##### temporary file.
Fri, 7 Nov 08
xastir
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4987
xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ldconfig.tmp, (b) /tmp/ldconf.tmp, and (c) /tmp/ld.so.conf temporary files, related to the (1) get-maptools.sh and (2) get_shapelib.sh scripts.
Fri, 7 Nov 08
wims
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4986
wims 3.62 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/env#####, (b) /tmp/sed#####, and (c) /tmp/referer-home.log temporary files, related to the (1) coqweb and (2) account.sh scripts.
Fri, 7 Nov 08
vdr
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4985
vdrleaktest in vdr 1.6.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/memleaktest.log temporary file.
Fri, 7 Nov 08
scratchbox2
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4984
scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/dpkg.#####.tmp, (b) /tmp/missing_deps.#####, and (c) /tmp/sb2-pkg-chk.$tstamp.##### temporary files, related to the (1) dpkg-checkbuilddeps and (2) sb2-check-pkg-mappings scripts.
Fri, 7 Nov 08
scilab-bin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4983
scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, (c) /tmp/SciLink#####3, (d) /tmp/*.#####, (e) /tmp/*.#####.res, (f) /tmp/*.#####.err, and (g) /tmp/*.#####.diff temporary files, related to the (1) scilink, (2) scidoc, and (3) scidem scripts.
Fri, 7 Nov 08
rkhunter
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4982
rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rkhunter-debug temporary file. NOTE: this is probably a different vulnerability than CVE-2005-1270.
Fri, 7 Nov 08
realtimebattle
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4981
perl.robot in realtimebattle 1.0.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl.robot.log temporary file.
Fri, 7 Nov 08
rccp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4980
delqueueask in rccp 0.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cccp_tmp.txt temporary file.
Fri, 7 Nov 08
rancid
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4979
getipacctg in rancid 2.3.2~a8 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/ipacct.#####.prefixes, (2) /tmp/ipacct.#####.sorted, (3) /tmp/ipacct.#####.pl, and (4) /tmp/ipacct.##### temporary files.
Fri, 7 Nov 08
radiance
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4978
radiance 3R9+20080530 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/opt.fmt, (b) /tmp/out#####.fmt, (c) /tmp/tf#####.dat, (d) /tmp/gsf#####, (e) /tmp/sc#####.sh, (f) /tmp/il#####.pic, (g) /tmp/tl#####.pic, (h) /tmp/ds#####.pic, (i) /tmp/tfa#####, and (j) /tmp/sed##### temporary files, related to the (1) optics2rad, (2) pdelta, (3) dayfact, and (4) raddepend scripts.
Fri, 7 Nov 08
postfix
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4977
** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it."
Fri, 7 Nov 08
ogle, ogle-mmx
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4976
ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/ogle_audio.#####, (b) /tmp/ogle_cli.#####, (c) /tmp/ogle_ctrl.#####, (d) /tmp/ogle_gui.#####, (e) /tmp/ogle_mpeg_ps.#####, (f) /tmp/ogle_mpeg_vs.#####, (g) /tmp/ogle_nav.#####, and (h) /tmp/ogle_vout.#####, temporary files, related to the (1) ogle_audio_debug, (2) ogle_cli_debug, (3) ogle_ctrl_debug, (4) ogle_gui_debug, (5) ogle_mpeg_ps_debug, (6) ogle_mpeg_vs_debug, (7) ogle_nav_debu...
Fri, 7 Nov 08
newsgate
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4975
mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mmp##### temporary file.
Fri, 7 Nov 08
netmrg
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4974
rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*.xml and (2) /tmp/*.backup temporary files.
Fri, 7 Nov 08
myspell
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4973
i2myspell in myspell 3.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/i2my#####.1 and (2) /tmp/i2my#####.2 temporary files.
Fri, 7 Nov 08
mgt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4972
mailgo in mgt 2.31 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mailgo##### temporary file.
Fri, 7 Nov 08
mafft
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4971
mafft-homologs in mafft 6.240 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/_vf#?????, (2) /tmp/_if#?????, (3) /tmp/_pf#?????, (4) /tmp/_af#?????, (5) /tmp/_rid#?????, (6) /tmp/_res#?????, (7) /tmp/_q#?????, and (8) /tmp/_bf#????? temporary files.
Fri, 7 Nov 08
lustre-tests
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4970
runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file.
Fri, 7 Nov 08
ltp-network-test
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4969
ltp-network-test 20060918 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/vsftpd.conf, (b) /tmp/udp/2/*, (c) /tmp/tcp/2/*, (d) /tmp/udp/3/*, (e) /tmp/tcp/3/*, (f) /tmp/nfs_fsstress.udp.2.log, (g) /tmp/nfs_fsstress.udp.3.log, (h) /tmp/nfs_fsstress.tcp.2.log, (i) /tmp/nfs_fsstress.tcp.3.log, and (j) /tmp/nfs_fsstress.sardata temporary files, related to the (1) ftp_setup_vsftp_conf and (2) nfs_fsstress.sh scripts.
Fri, 7 Nov 08
lmbench
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4968
The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/sdiff.##### temporary file.
Fri, 7 Nov 08
linuxtrade
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4967
linuxtrade 3.65 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/bwk, (b) /tmp/zzz, and (c) /tmp/ggg temporary files, related to the (1) linuxtrade.bwkvol, (2) linuxtrade.wn, and (3) moneyam.helper scripts.
Fri, 7 Nov 08
linux-patch-openswan
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4966
linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/snap##### and (b) /tmp/nightly##### temporary files, related to the (1) maysnap and (2) maytest scripts.
Fri, 7 Nov 08
liguidsoap
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4965
liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/liguidsoap.liq, (2) /tmp/lig.#####.log, and (3) /tmp/emission.ogg temporary files.
Fri, 7 Nov 08
konwert
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4964
filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary files via a symlink attack on a /tmp/any-##### temporary file.
Fri, 7 Nov 08
catos, ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4963
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP packet.
Fri, 7 Nov 08
kernel, linux_kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4395
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.
Fri, 7 Nov 08
impose+
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4960
impose in impose+ 0.2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-tmp.ps and (2) /tmp/bboxx-* temporary files.
Fri, 7 Nov 08
gpsdrive-scripts
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4959
geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/geo.google, (2) /tmp/geo.yahoo, (3) /tmp/geo.coords, and (4) /tmp/geo#####.coords temporary files.
Fri, 7 Nov 08
gdrae
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4958
gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gdrae/palabra temporary file.
Fri, 7 Nov 08
gccxml
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4957
find_flags in gccxml 0.9.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file.
Fri, 7 Nov 08
fwbuilder
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4956
fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ssh-agent.##### temporary file.
Fri, 7 Nov 08
freevo
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4955
freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-#####.pid, (2) /tmp/freevo-gdb, (3) /tmp/freevo-gdb.sh, and (4) /tmp/*.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code.
Fri, 7 Nov 08
fml
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4954
mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/debugbuf temporary file.
Fri, 7 Nov 08
firehol
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4953
** DISPUTED ** firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824*PID-RANGE symlinks."
Fri, 7 Nov 08
emacs-jabber
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4952
emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file.
Fri, 7 Nov 08
dtc-common
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4951
dtc 0.29.6 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/awstats.log, (b) /tmp/spam.log.#####, and (c) /tmp/spam_err.log temporary files, related to the (1) accesslog.php and (2) sa-wrapper scripts.
Fri, 7 Nov 08
dpkg-cross
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4950
** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments within a chroot."
Fri, 7 Nov 08
dist
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4949
dist 3.5 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/cil#####, (b) /tmp/pdo#####, and (c) /tmp/pdn##### temporary files, related to the (1) patcil and (2) patdiff scripts.
Fri, 7 Nov 08
digitaldj
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4948
fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ddj_fest.tmp temporary file.
Fri, 7 Nov 08
dhis-server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4947
dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file.
Fri, 7 Nov 08
convirt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4946
convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5) common/provision.sh, (6) example/provision.sh, and (7) Windows_CD_Install/provision.sh scripts in image_store/.
Fri, 7 Nov 08
cdrw-taper
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4945
amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite arbitrary files via a symlink attack involving a /tmp/amlabel-cdrw.##### temporary directory.
Fri, 7 Nov 08
cdcontrol
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4944
writtercontrol in cdcontrol 1.90 allows local users to overwrite arbitrary files via a symlink attack on /tmp/v-recorder*-out temporary files.
Fri, 7 Nov 08
bulmages-servers
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4943
bulmages-servers 0.11.1 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/error.txt, (b) /tmp/errores.txt, and possibly other temporary files, related to the (1) creabulmafact, (2) creabulmacont, and possibly (3) actualizabulmacont, (4) installbulmages-db, and (5) actualizabulmafact scripts.
Fri, 7 Nov 08
audiolink
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4942
audiolink in audiolink 0.05 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/audiolink.db.tmp and (2) /tmp/audiolink.tb.tmp temporary files.
Fri, 7 Nov 08
arb-common
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4941
arb-common 0.0 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/arb_fdnaml_*, (b) /tmp/arb_pids_*, (c) /tmp/arbdsmz.html, and (d) /tmp/arbdsmz.htm temporary files, related to the (1) arb_fastdnaml and (2) dszmconnect.pl scripts.
Thu, 6 Nov 08
aptoncd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4940
xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/aptoncd temporary file.
Thu, 6 Nov 08
apertium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4939
apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####.lex.cc, (b) /tmp/#####.deformat.l, (c) /tmp/#####.reformat.l, (d) /tmp/#####docxorig, (e) /tmp/#####docxsalida.zip, (f) /tmp/#####xlsxembed, (g) /tmp/#####xlsxorig, and (h) /tmp/#####xslxsalida.zip temporary files, related to the (1) apertium-gen-deformat, (2) apertium-gen-reformat, and (3) apertium scripts.
Thu, 6 Nov 08
aegis, aegis-web
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4938
aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####, (b) /tmp/#####.intro, (c) /tmp/aegis.#####.ae, (d) /tmp/aegis.#####, (e) /tmp/aegis.#####.1, (f) /tmp/aegis.#####.2, (g) /tmp/aegis.#####.log, and (h) /tmp/aegis.#####.out temporary files, related to the (1) bng_dvlpd.sh, (2) bng_rvwd.sh, (3) awt_dvlp.sh, (4) awt_intgrtn.sh, and (5) aegis.cgi scripts.
Thu, 6 Nov 08
CVE-2008-4937
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4937
senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file.
Thu, 6 Nov 08
mgetty
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4936
faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
Thu, 6 Nov 08
aview
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4935
asciiview in aview 1.3.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/aview#####.pgm temporary file.
Thu, 6 Nov 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4934
The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted hfsplus filesystem image.
Thu, 6 Nov 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4933
Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function.
Thu, 6 Nov 08
u-mail_webmail_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4932
webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root.
Thu, 6 Nov 08
digital_signage
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4931
Cross-site scripting (XSS) vulnerability in the account module in firmCHANNEL Digital Signage 3.24, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php.
Thu, 6 Nov 08
acrobat, reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4817
The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.
Thu, 6 Nov 08
acrobat, reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4816
Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors.
Thu, 6 Nov 08
acrobat, reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4815
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.
Thu, 6 Nov 08
acrobat, reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4814
Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue."
Thu, 6 Nov 08
acrobat, reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4813
Adobe Reader and Acrobat 8.1.2 and earlier allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.
Thu, 6 Nov 08
acrobat, reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4812
Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.
Thu, 6 Nov 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3527
arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions.
Thu, 6 Nov 08
mybb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4930
MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks.
Thu, 6 Nov 08
mybb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4929
MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.
Thu, 6 Nov 08
mybb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4928
Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection.
Thu, 6 Nov 08
windows_media_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4927
Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 6 Nov 08
pdf417_activex
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4926
Multiple insecure method vulnerabilities in MW6 Technologies PDF417 ActiveX control (MW6PDF417Lib.PDF417, MW6PDF417.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
Thu, 6 Nov 08
datamatrix_activex
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4925
Multiple insecure method vulnerabilities in MW6 Technologies DataMatrix ActiveX control (DATAMATRIXLib.MW6DataMatrix, DataMatrix.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
Thu, 6 Nov 08
1d_barcode_decoder_activex
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4924
Multiple insecure method vulnerabilities in MW6 Technologies 1D Barcode ActiveX control (BARCODELib.MW6Barcode, Barcode.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
Thu, 6 Nov 08
aztec_activex
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4923
Multiple insecure method vulnerabilities in MW6 Technologies Aztec ActiveX control (AZTECLib.MW6Aztec, Aztec.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
Thu, 6 Nov 08
activex_control_for_microsoft_office_2000
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4922
Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or Zoom properties.
Thu, 6 Nov 08
chipmunk_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4921
board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to bypass authentication and gain administrator privileges via a direct request. NOTE: some of these details are obtained from third party information.
Wed, 5 Nov 08
agavi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4920
Directory traversal vulnerability in Agavi 1.0.0 beta 5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the cmplang parameter.
Wed, 5 Nov 08
expert_pdf_viewer_activex
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4919
Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method.
Wed, 5 Nov 08
sonicos
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4918
Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."
Wed, 5 Nov 08
linux
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4306
Unspecified vulnerability in enscript before 1.6.4 in Ubuntu Linux 6.06 LTS, 7.10, 8.04 LTS, and 8.10 has unknown impact and attack vectors, possibly related to a buffer overflow.
Wed, 5 Nov 08
system_management_homepage
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4413
Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users to gain "unauthorized access" via unknown vectors, possibly related to temporary file permissions.
Wed, 5 Nov 08
acrobat, reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2992
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 allows remote attackers to execute arbitrary code via a PDF file containing a crafted format string in the util.printf JavaScript function.
Wed, 5 Nov 08
dovecot
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4907
The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
Wed, 5 Nov 08
lyrics
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4906
SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter.
Wed, 5 Nov 08
typo
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4905
Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it easier for attackers to guess passwords via a brute force attack.
Wed, 5 Nov 08
typo
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4904
SQL injection vulnerability in the "Manage pages" feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with "blog publisher" rights to execute arbitrary SQL commands via the search[published_at] parameter.
Wed, 5 Nov 08
typo
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4903
Cross-site scripting (XSS) vulnerability in the leave comment (feedback) feature in Typo 5.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) comment[author] (Name) and (2) comment[url] (Website) parameters.
Wed, 5 Nov 08
article_publisher_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4902
SQL injection vulnerability in contact_author.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
Wed, 5 Nov 08
article_publisher_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4901
SQL injection vulnerability in admin/admin.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Wed, 5 Nov 08
classifieds_blaster_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4900
SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Wed, 5 Nov 08
rateme
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4899
Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe 1.3.3 allows remote attackers to perform unauthorized actions as other users via unspecified vectors.
Wed, 5 Nov 08
rateme
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4898
Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the rate parameter in a submit rate action.
Wed, 5 Nov 08
logz
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4897
SQL injection vulnerability in fichiers/add_url.php in Logz podcast CMS 1.3.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the art parameter.
Wed, 5 Nov 08
logz
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4896
Cross-site scripting (XSS) vulnerability in fichiers/add_url.php in Logz CMS 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the art parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 5 Nov 08
downline_builder_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4895
SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to execute arbitrary SQL commands via the id parameter.
Wed, 5 Nov 08
tribiq_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4894
Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the template_path parameter.
Wed, 5 Nov 08
tribiq_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4893
Cross-site scripting (XSS) vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the template_path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 5 Nov 08
mygallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4892
Cross-site scripting (XSS) vulnerability in gallery.inc.php in Planetluc MyGallery 1.7.2 and earlier, and possibly other versions before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via the mghash parameter. NOTE: some of these details are obtained from third party information.
Wed, 5 Nov 08
signme
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4891
Cross-site scripting (XSS) vulnerability in signme.inc.php in Planetluc SignMe 1.5 before 1.55 allows remote attackers to inject arbitrary web script or HTML via the hash parameter. NOTE: some of these details are obtained from third party information.
Wed, 5 Nov 08
lokicms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4913
Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.
Wed, 5 Nov 08
fotogalerie
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4912
SQL injection vulnerability in popup_img.php in the fotogalerie module in RS MAXSOFT allows remote attackers to execute arbitrary SQL commands via the fotoID parameter. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
Wed, 5 Nov 08
istant-replay
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4911
PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote attackers to execute arbitrary PHP code via a URL in the data parameter.
Wed, 5 Nov 08
java_web_start
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4910
The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.
Wed, 5 Nov 08
compact_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4909
Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and earlier allows remote attackers to perform unauthorized actions as legitimate users via unspecified vectors.
Wed, 5 Nov 08
crossfire
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4908
maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
Wed, 5 Nov 08
4_professional
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4890
SQL injection vulnerability in products.php in 1st News 4 Professional (PR 1) allows remote attackers to execute arbitrary SQL commands via the id parameter.
Wed, 5 Nov 08
clanportal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4889
SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action.
Wed, 5 Nov 08
netrisk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4888
Cross-site scripting (XSS) vulnerability in index.php in NetRisk 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.
Wed, 5 Nov 08
netrisk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4887
SQL injection vulnerability in index.php in NetRisk 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) profile or (2) game page.
Wed, 5 Nov 08
shopping_cart_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4886
SQL injection vulnerability in index.php in YourFreeWorld Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the c parameter.
Wed, 5 Nov 08
scrolling_text_ads_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4885
SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Wed, 5 Nov 08
classifieds_hosting_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4884
SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Wed, 5 Nov 08
blog_blaster_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4883
SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Wed, 5 Nov 08
autoresponder_hosting_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4882
SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Wed, 5 Nov 08
reminder_service_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4881
SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Wed, 5 Nov 08
php_shop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4880
SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879.
Wed, 5 Nov 08
php_shop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4879
SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2008-4880.
Tue, 4 Nov 08
interact
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3868
Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allows remote attackers to create super administrator accounts as super administrators.
Tue, 4 Nov 08
interact
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3867
SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter.
Tue, 4 Nov 08
webcards
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4878
Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file.
Tue, 4 Nov 08
webcards
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4877
SQL injection vulnerability in admin.php in WebCards 1.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: some of these details are obtained from third party information.
Tue, 4 Nov 08
voip841_dect_phone
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4876
Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page.
Tue, 4 Nov 08
voip841_dect_phone
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4875
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password.
Tue, 4 Nov 08
voip841_dect_phone
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4874
The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access.
Tue, 4 Nov 08
spboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4873
board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.
Tue, 4 Nov 08
itechbids
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4872
Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 4 Nov 08
my_little_forum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4871
Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2.0 Beta 23 allows remote attackers to inject arbitrary web script or HTML via BBcode IMG tags.
Tue, 4 Nov 08
dovecot
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4870
dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
Tue, 4 Nov 08
ffmpeg
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4869
FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak."
Tue, 4 Nov 08
ffmpeg
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4868
Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers."
Tue, 4 Nov 08
ffmpeg
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4867
Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.
Tue, 4 Nov 08
ffmpeg
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4866
Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY.
Tue, 4 Nov 08
valgrind
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4865
Untrusted search path vulnerability in valgrind allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.
Tue, 4 Nov 08
python
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4864
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
Tue, 4 Nov 08
blender
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4863
Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.
Tue, 4 Nov 08
net-snmp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4309
The getbulk code in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via vectors related to the number of responses or repeats.
Tue, 4 Nov 08
smarty
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4811
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.
Tue, 4 Nov 08
smarty
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4810
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions.
Tue, 4 Nov 08
lotus_connections
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4809
Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to "Active" content. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 4 Nov 08
lotus_connections
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4808
IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 4 Nov 08
lotus_connections
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4807
IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 4 Nov 08
lotus_connections
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4806
Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 4 Nov 08
lotus_connections
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4805
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (8) Global Search components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 4 Nov 08
pagemaker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6432
Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a malformed .PMD file, related to "Key Strings," a different vulnerability than CVE-2007-5169 and CVE-2007-5394.
Tue, 4 Nov 08
gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4804
SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
Tue, 4 Nov 08
gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4803
Cross-site scripting (XSS) vulnerability in index.php in Simple PHP Scripts gallery 0.1, 0.3, and 0.4 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 4 Nov 08
blog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4802
Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP Scripts blog 0.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 1 Nov 08
CVE-2008-4801 (tivoli_storage_manager, tivoli_storage_manager_client, tivoli_storage_manager_exp...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4801
Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port.
Sat, 1 Nov 08
debug_diagnostic_tool
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4800
The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
Sat, 1 Nov 08
netpbm
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4799
pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read.
Sat, 1 Nov 08
webgui
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4798
The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL.
Sat, 1 Nov 08
kantan_web_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4797
Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server 1.8 and earlier allows remote attackers to read arbitrary files via unknown vectors.
Sat, 1 Nov 08
snoopy
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4796
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. NOTE: some of these details are obtained from third party information.
Sat, 1 Nov 08
opera
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4795
The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.
Sat, 1 Nov 08
opera
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4794
Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.
Sat, 1 Nov 08
CVE-2008-2238 (openoffice.org)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2238
Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted EMF file associated with a StarOffice/StarSuite document.
Sat, 1 Nov 08
CVE-2008-2237 (openoffice.org)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2237
Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document.
Sat, 1 Nov 08
pagemaker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6021
Heap-based buffer overflow in Adobe PageMaker 7.0.1 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure.
Sat, 1 Nov 08
pagemaker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5394
Stack-based buffer overflow in Adobe PageMaker 7.0.1 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure, a different vulnerability than CVE-2007-5169.