Software Vulnerability
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Archives
| Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |Fri, 28 Nov 08
tivoli_access_manager_for_e-business
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5257
webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-business allows remote attackers to cause a denial of service (crash or hang) via HTTP requests, as demonstrated by a McAfee vulnerability scan.
Fri, 28 Nov 08
virtualox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5256
The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file.
Fri, 28 Nov 08
opensuse, suse_linux, suse_linux_enterprise_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4636
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.
Fri, 28 Nov 08
enterprise_linux, enterprise_linux_desktop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4315
tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.
Fri, 28 Nov 08
enterprise_linux, enterprise_linux_desktop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4313
A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.
Fri, 28 Nov 08
freebsd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5162
The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.
Fri, 28 Nov 08
hf
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2378
Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling of the -k option.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5248
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5247
The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5246
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5245
xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5244
Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5243
The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5242
demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5241
Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM).
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5240
xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code v...
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5239
xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows.
Thu, 27 Nov 08
xine
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5238
Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field.
Thu, 27 Nov 08
xine
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5237
Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c.
Thu, 27 Nov 08
xine
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5236
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_fil...
Thu, 27 Nov 08
xine
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5235
Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5234
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15.
Thu, 27 Nov 08
xine-lib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5233
xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
Thu, 27 Nov 08
windows
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5232
Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 27 Nov 08
iprint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5231
Stack-based buffer overflow in the ExecuteRequest method in the Novell iPrint ActiveX control in ienipp.ocx in Novell iPrint Client 5.06 and earlier allows remote attackers to execute arbitrary code via a long target-frame option value, a different vulnerability than CVE-2008-2431.
Thu, 27 Nov 08
iprint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2432
Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument.
Thu, 27 Nov 08
iprint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2431
Multiple buffer overflows in Novell iPrint Client before 5.06 allow remote attackers to execute arbitrary code by calling the Novell iPrint ActiveX control (aka ienipp.ocx) with (1) a long third argument to the GetDriverFile method; a long first argument to the (2) GetPrinterURLList or (3) GetPrinterURLList2 method; (4) a long argument to the GetFileList method; a long argument to the (5) GetServerVersion, (6) GetResourceList, or (7) DeleteResource method, related to nipplib.dll; a long uploa...
Thu, 27 Nov 08
basic
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2429
Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php. NOTE: vector 1 might overlap CVE-2007-3183.3, and vector 2 might overlap CVE-2005-1865.2.
Thu, 27 Nov 08
cisco
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5230
The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng.
Thu, 27 Nov 08
windows, windowst
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5229
Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command.
Thu, 27 Nov 08
workplace_content_management
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5228
Cross-site scripting (XSS) vulnerability in IBM Workplace Content Management (WCM) 6.0G and 6.1 before CF8, when a Page Navigation Component shows menu entries, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in the URI, related to parameters "not being encoded."
Thu, 27 Nov 08
phpcow
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5227
Unspecified vulnerability in PHPCow allows remote attackers to execute arbitrary code via unknown vectors, related to a "file inclusion vulnerability," as exploited in the wild in November 2008.
Thu, 27 Nov 08
flash_media_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5109
The default configuration of Adobe Flash Media Server (FMS) 3.0 does not enable SWF Verification for (1) RTMPE and (2) RTMPTE sessions, which makes it easier for remote attackers to make copies of video content via stream-capture software.
Thu, 27 Nov 08
streamripper
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4829
Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via (1) a long "Zwitterion v" HTTP header, related to the http_parse_sc_header function; (2) a crafted pls playlist with a long entry, related to the http_get_pls function; or (3) a crafted m3u playlist with a long File entry, related to the http_get_m3u function.
Thu, 27 Nov 08
iphone_os, safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4233
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.
Thu, 27 Nov 08
iphone_os, safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4232
Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.
Thu, 27 Nov 08
iphone_os, safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4231
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Thu, 27 Nov 08
iphone_os
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4230
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593.
Thu, 27 Nov 08
iphone_os
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4229
Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.
Thu, 27 Nov 08
iphone_os
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4228
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number.
Thu, 27 Nov 08
iphone_os
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4227
Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level that was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic.
Thu, 27 Nov 08
libxml
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4226
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
Thu, 27 Nov 08
libxml
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4225
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
Thu, 27 Nov 08
iphone_os
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1586
ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image.
Wed, 26 Nov 08
mambads, mambo
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5226
SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.
Wed, 26 Nov 08
docushare
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5225
Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories.
Wed, 26 Nov 08
kent-web_mart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5224
Cross-site scripting (XSS) vulnerability in Kent Web Mart 1.61 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Wed, 26 Nov 08
commerce
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5223
SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
Wed, 26 Nov 08
dvbbs
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5222
SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Wed, 26 Nov 08
wportfolio
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5221
The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.
Wed, 26 Nov 08
wportfolio
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5220
Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.
Wed, 26 Nov 08
videoscript
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5219
The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters.
Wed, 26 Nov 08
freeze_greetings
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5218
ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords.
Tue, 25 Nov 08
txtcms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5217
Directory traversal vulnerability in index.php in txtCMS 0.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.
Tue, 25 Nov 08
zeuscart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5216
SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Tue, 25 Nov 08
clanlite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5215
SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter.
Tue, 25 Nov 08
clanlite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5214
Cross-site scripting (XSS) vulnerability in service/calendrier.php in ClanLite 2.2006.05.20 allows remote attackers to inject arbitrary web script or HTML via the annee parameter.
Tue, 25 Nov 08
aj_article
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5213
SQL injection vulnerability in featured_article.php in AJ Article 1.0 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a search detail action.
Tue, 25 Nov 08
aj_auction
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5212
SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
Tue, 25 Nov 08
sphider
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5211
Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506.
Tue, 25 Nov 08
phpblock
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5210
Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter to (1) script/init/createallimagecache.php, (2) allincludefortick.php and (3) test.php in script/tick/, and (4) modules/dungeon/tick/allincludefortick.php, different vectors than CVE-2008-1776.
Tue, 25 Nov 08
admidio
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5209
Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Tue, 25 Nov 08
com_datsogallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5208
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
Tue, 25 Nov 08
jonascms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5207
Multiple directory traversal vulnerabilities in Jonascms 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the taal parameter to (1) backup.php and (2) gb_voegtoe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 25 Nov 08
mosxml
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5206
PHP remote file inclusion vulnerability in modules/mod_mainmenu.php in MosXML 1 Alpha allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 25 Nov 08
wellyblog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5205
Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allows remote attackers to inject arbitrary web script or HTML via the articleid parameter in an add action.
Tue, 25 Nov 08
poweraward
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5204
Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15...
Tue, 25 Nov 08
poweraward
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5203
Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter.
Tue, 25 Nov 08
otmanager_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5202
Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS 24a allows remote attackers to inject arbitrary web script or HTML via the conteudo parameter.
Tue, 25 Nov 08
otmanager_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5201
Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
Tue, 25 Nov 08
com_xewebtv
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5200
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
Tue, 25 Nov 08
ideabox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5199
PHP remote file inclusion vulnerability in include.php in PHPOutsourcing IdeaBox (aka IdeBox) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the gorumDir parameter.
Tue, 25 Nov 08
acmlmboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5198
SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter.
Tue, 25 Nov 08
php-fusion
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5197
SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action.
Tue, 25 Nov 08
the_kroax_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5196
SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter.
Sat, 22 Nov 08
sebraccms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5195
Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors.
Sat, 22 Nov 08
online_booking_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5194
SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 22 Nov 08
philboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5193
Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024.
Sat, 22 Nov 08
philboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5192
SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might overlap CVE-2008-2334, CVE-2008-1939, CVE-2007-2641, or CVE-2007-0920.
Sat, 22 Nov 08
seportal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5191
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.
Sat, 22 Nov 08
eshop100
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5190
SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter.
Sat, 22 Nov 08
ruby_on_rails
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5189
CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
Sat, 22 Nov 08
ecryptfs_utils
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5188
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
Sat, 22 Nov 08
imlib2
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5187
The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 22 Nov 08
geshi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5186
** DISPUTED ** The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows contro...
Sat, 22 Nov 08
geshi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5185
The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using "<".
Sat, 22 Nov 08
cups
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5184
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
Sat, 22 Nov 08
cups
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5183
cupsd in CUPS before 1.3.8 allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.
Sat, 22 Nov 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5182
The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount.
Fri, 21 Nov 08
office_communicator
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5181
Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons.
Fri, 21 Nov 08
office_communicator
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5180
Microsoft Communicator allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
Fri, 21 Nov 08
office_communications_server, office_communicator, windows_live_messenger
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5179
Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet.
Fri, 21 Nov 08
opera
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5178
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI.
Fri, 21 Nov 08
yosemite_backup
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5177
Stack-based buffer overflow in the DtbClsLogin function in Yosemite Backup 8.7 allows remote attackers to (1) execute arbitrary code on a Linux platform, related to libytlindtb.so; or (2) cause a denial of service (application crash) and possibly execute arbitrary code on a Windows platform, related to ytwindtb.dll; via a long username field during authentication.
Fri, 21 Nov 08
wincom_mpd_total
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5176
Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.623 and earlier allow remote attackers to execute arbitrary code via (1) a long 0x02 command to the remote administration service on TCP port 13500 or (2) a long invalid control filename to LPDService.exe on TCP port 515.
Thu, 20 Nov 08
aceftpfreeware, aceftppro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5175
Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
Thu, 20 Nov 08
jokes_complete_website
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5174
SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid parameter.
Thu, 20 Nov 08
testmaker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5173
Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors.
Thu, 20 Nov 08
yazd_forum_software
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5172
Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Software 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to (a) search.jsp, and the (2) msg parameter to (b) error.jsp and (c) userAccount.jsp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 20 Nov 08
phpblaster_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5171
Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) DB, (2) lang, and (3) skin parameters.
Thu, 20 Nov 08
cheats_complete_website
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5170
SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
Thu, 20 Nov 08
drinks_complete_website
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5169
SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter.
Thu, 20 Nov 08
tips_complete_website
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5168
SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 allows remote attackers to execute arbitrary SQL commands via the tipid parameter.
Thu, 20 Nov 08
orca
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5167
PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.
Thu, 20 Nov 08
riddles_website
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5166
SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter.
Thu, 20 Nov 08
eticket
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5165
Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php.
Thu, 20 Nov 08
the_rat_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5164
Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) viewarticle.php and (b) viewarticle2.php and the (2) PATH_INFO to viewarticle.php.
Thu, 20 Nov 08
the_rat_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5163
Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewarticle.php and (2) viewarticle2.php.
Thu, 20 Nov 08
openssh, tectia_client, tectia_connector, tectia_connectsecure, tectia_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5161
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easi...
Wed, 19 Nov 08
myserver
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5160
Unspecified vulnerability in MyServer 0.8.11 allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests with the HTTP GET, DELETE, OPTIONS, and possibly other methods, related to a "204 No Content error."
Wed, 19 Nov 08
wincome_mpd_total
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5159
Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption.
Wed, 19 Nov 08
wincome_mpd_total
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5158
Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving "simply skipping the auth stage."
Wed, 19 Nov 08
tau
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5157
tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts.
Wed, 19 Nov 08
systemimager-server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5156
si_mkbootserver in systemimager-server 3.6.3 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.inetd.conf or (2) /tmp/pxe.conf.*.tmp temporary file.
Wed, 19 Nov 08
smsclient
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5155
mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/header.##### or (2) /tmp/body.##### temporary file, or append data to arbitrary files via a symlink attack on the (3) /tmp/sms.log temporary file.
Wed, 19 Nov 08
p3nfs
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5154
bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file.
Wed, 19 Nov 08
moodle
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5153
spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.
Wed, 19 Nov 08
mh-book
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5152
inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file.
Wed, 19 Nov 08
mayavi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5151
test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file.
Wed, 19 Nov 08
maildirsync
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5150
sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file.
Wed, 19 Nov 08
libncbi6
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5149
fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.
Wed, 19 Nov 08
gnetlist
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5148
sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.
Wed, 19 Nov 08
docvert
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5147
test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/outer.odt temporary file.
Wed, 19 Nov 08
ctn
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5146
add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.
Wed, 19 Nov 08
ltp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5145
ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file.
Wed, 19 Nov 08
nvidia-cg-toolkit
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5144
nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file.
Wed, 19 Nov 08
multi-gnome-terminal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5143
mgt-helper in multi-gnome-terminal 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.debug or (2) /tmp/*.env temporary file.
Wed, 19 Nov 08
freebsd-sendpr
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5142
sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pr.##### temporary file.
Wed, 19 Nov 08
flamethrower
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5141
flamethrower in flamethrower 0.1.8 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/multicast.tar.##### temporary file.
Wed, 19 Nov 08
mailscanner
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5140
trend-autoupdate.new in mailscanner 4.55.10 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file.
Wed, 19 Nov 08
jailer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5139
updatejail in jailer 0.4 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file.
Wed, 19 Nov 08
libpam_mount
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5138
passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file.
Wed, 19 Nov 08
tkman
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5137
tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file.
Wed, 19 Nov 08
tkusr
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5136
tkusr in tkusr 0.82 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/tkusr.pgm temporary file.
Wed, 19 Nov 08
os-prober
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5135
** DISPUTED ** os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users."
Wed, 19 Nov 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5134
Buffer overflow in the lbs_process_bss function in drivers/net/wireless/libertas/scan.c in the libertas subsystem in the Linux kernel before 2.6.27.5 allows remote attackers to have an unknown impact via an "invalid beacon/probe response."
Wed, 19 Nov 08
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5133
ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named.
Wed, 19 Nov 08
memht_portal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5132
SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
Wed, 19 Nov 08
news_and_article_system
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5131
Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel (admin/index.php).
Wed, 19 Nov 08
calendar_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5130
Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb.
Wed, 19 Nov 08
poll_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5129
Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb.
Wed, 19 Nov 08
membership_manager_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5128
Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb.
Wed, 19 Nov 08
contact_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5127
Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb.
Wed, 19 Nov 08
CVE-2008-5126
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5126
Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.
Wed, 19 Nov 08
ccleague
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5125
admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin.
Wed, 19 Nov 08
secure_ftp_applet
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5124
JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks.
Wed, 19 Nov 08
ccleague
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5123
SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter.
Wed, 19 Nov 08
CVE-2008-5122 (cms4000.net)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5122
SQL injection vulnerability in ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter.
Wed, 19 Nov 08
deterministic_network_enhancer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5121
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the .DNE device interface.
Wed, 19 Nov 08
openvms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5120
Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.
Wed, 19 Nov 08
dxshopcart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5119
Cross-site scripting (XSS) vulnerability in search.php in Scripts4Profit DXShopCart 4.30mc allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
Wed, 19 Nov 08
java_system_identity_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5118
Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection."
Wed, 19 Nov 08
java_system_identity_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5117
Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Wed, 19 Nov 08
java_system_identity_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5116
Unspecified vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to access files in the local filesystem of the IDM server via unknown vectors.
Wed, 19 Nov 08
java_system_identity_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5115
Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to obtain access to the Administrator account via unspecified vectors.
Wed, 19 Nov 08
java_system_identity_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5114
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Wed, 19 Nov 08
wordpress
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5113
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.
Wed, 19 Nov 08
windows
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5112
The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
Wed, 19 Nov 08
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5111
Unspecified vulnerability in the socket function in Sun Solaris 10 and OpenSolaris snv_57 through snv_91, when InfiniBand hardware is not installed, allows local users to cause a denial of service (panic) via unknown vectors, related to the socksdpv_close function.
Wed, 19 Nov 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5025
Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933.
Wed, 19 Nov 08
initscripts
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4832
rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time.
Wed, 19 Nov 08
service_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4415
Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors.
Wed, 19 Nov 08
serverprotect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0014
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013.
Wed, 19 Nov 08
serverprotect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0013
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014.
Wed, 19 Nov 08
serverprotect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0012
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014.
Wed, 19 Nov 08
serverprotect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0074
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC.
Wed, 19 Nov 08
serverprotect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0073
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read operation over RPC.
Wed, 19 Nov 08
serverprotect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0072
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC.
Wed, 19 Nov 08
serverprotect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5269
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, probably related to an RPC interface.
Wed, 19 Nov 08
serverprotect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5268
Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface."
Wed, 19 Nov 08
syslog-ng
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5110
syslog-ng does not call chdir before it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present.
Wed, 19 Nov 08
adobe_air
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5108
Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context-dependent attackers to execute untrusted JavaScript in an AIR application via unknown attack vectors.
Wed, 19 Nov 08
flash_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4824
Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors."
Wed, 19 Nov 08
desktop_server, presentation_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5107
The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.
Wed, 19 Nov 08
sami_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5106
Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to an arbitrary command, which triggers the overflow when the SamyFtp.binlog log file is viewed in the management console. NOTE: this may overlap CVE-2006-0441 and CVE-2006-2212.
Wed, 19 Nov 08
sami_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5105
KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash or hang) via certain (1) APPE, (2) CWD, (3) DELE, (4) MKD, (5) RMD, (6) RETR, (7) RNFR, (8) RNTO, (9) SIZE, and (10) STOR commands.
Wed, 19 Nov 08
vmbuilder
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5104
Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions.
Wed, 19 Nov 08
vmbuilder
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5103
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.
Wed, 19 Nov 08
zope
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5102
PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.
Wed, 19 Nov 08
optipng
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5101
Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow."
Wed, 19 Nov 08
CVE-2008-5100 (.net_framework)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5100
The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
Tue, 18 Nov 08
logical_domain_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5099
Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l" command, a different vulnerability than CVE-2008-4992.
Tue, 18 Nov 08
java_system_messaging_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5098
Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-2904.
Tue, 18 Nov 08
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4216
The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files."
Tue, 18 Nov 08
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3644
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.
Tue, 18 Nov 08
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3623
Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces.
Tue, 18 Nov 08
myfwb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5097
SQL injection vulnerability in index.php in MyFWB 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
Tue, 18 Nov 08
file_list_extension
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5096
Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.
Tue, 18 Nov 08
identity_manager_roles_based_provisioning_module, user_application
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5095
Cross-site scripting (XSS) vulnerability in the Novell User Application 3.0.1, 3.5.0, and 3.5.1; and Identity Manager Roles Based Provisioning Module 3.6.0 and 3.6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Tue, 18 Nov 08
edirectory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5094
Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors.
Tue, 18 Nov 08
edirectory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5093
Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Tue, 18 Nov 08
edirectory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5092
Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header.
Tue, 18 Nov 08
edirectory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5091
Buffer overflow in the LDAP Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors, possibly related to an "invalid extensibleMatch filter."
Tue, 18 Nov 08
advanced_electron_forum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5090
Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.
Tue, 18 Nov 08
activereports
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5089
Multiple insecure method vulnerabilities in the DDActiveReportsViewer2.ARViewer2 ActiveX control (arview2.ocx) in Data Dynamics ActiveReports 2.5.0.1314 allow remote attackers to overwrite arbitrary files via a call to the (1) Pages.Save, (2) PrintReport, or (3) Canvas.Save method.
Tue, 18 Nov 08
phpkb_knowledge_base_software
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5088
Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than CVE-2008-1909.
Tue, 18 Nov 08
another_backend_login
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5087
SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Sat, 15 Nov 08
htop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5076
htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings."
Sat, 15 Nov 08
e-uploader_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5075
Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the view parameter to (g) browser.php.
Sat, 15 Nov 08
freshlinks_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5074
SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
Sat, 15 Nov 08
zenworks_desktop_management
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5073
Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method.
Sat, 15 Nov 08
mega_codec_pack
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5072
vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers to cause a denial of service (application crash) via a malformed FLV file.
Sat, 15 Nov 08
yoxel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5071
Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.
Sat, 15 Nov 08
pro_chat_rooms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5070
SQL injection vulnerability in Pro Chat Rooms 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the gud parameter to (1) index.php and (2) admin.php.
Sat, 15 Nov 08
panuwat_promoteweb_mysql
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5069
SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 15 Nov 08
kmita_gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5068
Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter to index.php and the (2) searchtext parameter to search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 15 Nov 08
kmita_catalogue
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5067
Cross-site scripting (XSS) vulnerability in search.php in Kmita Catalogue 2.x allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 15 Nov 08
themesitescript
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5066
PHP remote file inclusion vulnerability in upload/admin/frontpage_right.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.
Sat, 15 Nov 08
tlguesbook
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5065
TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin.
Fri, 14 Nov 08
websoccer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5064
SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 14 Nov 08
otmanager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5063
PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter.
Fri, 14 Nov 08
mini_web_calendar
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5062
Directory traversal vulnerability in php/cal_pdf.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to read arbitrary files via directory traversal sequences in the thefile parameter.
Fri, 14 Nov 08
mini_web_calendar
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5061
Cross-site scripting (XSS) vulnerability in php/cal_default.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL.
Fri, 14 Nov 08
modernbill
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5060
Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) run_auto_suspend.cron.php, and (3) send_email_cache.php in include/scripts/; (4) include/misc/mod_2checkout/2checkout_return.inc.php; and (5) include/html/nettools.popup.php, different vectors than CVE-2006-4034 and CVE-2005-1054.
Fri, 14 Nov 08
modernbill
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5059
Cross-site scripting (XSS) vulnerability in index.php in ModernBill 4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the new_language parameter in a login action.
Fri, 14 Nov 08
pre_simple_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5058
SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. NOTE: some of these details are obtained from third party information.
Fri, 14 Nov 08
dizi_portali
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5057
SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the film parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 14 Nov 08
triolive
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5056
Cross-site scripting (XSS) vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to inject arbitrary web script or HTML via the department_id parameter to index.php.
Fri, 14 Nov 08
triolive
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5055
SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to execute arbitrary SQL commands via the department_id parameter to index.php.
Fri, 14 Nov 08
membership_system
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5054
Multiple SQL injection vulnerabilities in Develop It Easy Membership System 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters to customer_login.php and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
Fri, 14 Nov 08
com_rssreader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5053
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5052
The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5024
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.
Fri, 14 Nov 08
firefox, seamonkey
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5023
Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5022
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5021
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.
Fri, 14 Nov 08
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5019
The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5018
The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5017
Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5016
The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.
Fri, 14 Nov 08
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5015
Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5014
jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.
Fri, 14 Nov 08
firefox, seamonkey
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5013
Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.
Fri, 14 Nov 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5012
Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.
Fri, 14 Nov 08
firefox, seamonkey
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0017
The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.
Fri, 14 Nov 08
jooblog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5051
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.
Fri, 14 Nov 08
clamav
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5050
Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.
Fri, 14 Nov 08
anti-keylogger_elite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5049
Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft Anti-Keylogger Elite 3.3.0 and earlier, and possibly other versions including 3.3.3, allows local users to gain privileges via long inputs to the (1) 0x002224A4, (2) 0x002224C0, and (3) 0x002224CC IOCTL.
Fri, 14 Nov 08
anti-trojan_elite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5048
Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and earlier, and possibly 4.2.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long inputs to the 0x00222494 IOCTL.
Fri, 14 Nov 08
rental_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5047
SQL injection vulnerability in admin/index.php in Mole Group Rental Script allows remote attackers to execute arbitrary SQL commands via the username parameter.
Fri, 14 Nov 08
pizza_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5046
SQL injection vulnerability in index.php in Mole Group Pizza Script allows remote attackers to execute arbitrary SQL commands via the manufacturers_id parameter.
Fri, 14 Nov 08
ftp_now
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5045
Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly other versions, allows remote FTP servers to cause a denial of service (crash) via a 200 server response that is exactly 1024 characters long.
Fri, 14 Nov 08
gnutls
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4989
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).
Fri, 14 Nov 08
windows_server_2003, windows_vista
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5044
Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
Fri, 14 Nov 08
metrica_service_assurance_framework
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5043
Multiple cross-site scripting (XSS) vulnerabilities in the web-based interface in IBM Metrica Service Assurance Framework allow remote authenticated users to inject arbitrary web script or HTML via (1) the elementid parameter in a generatedreportresults action to the ReportTree program, (2) the jnlpname parameter to the Launch program, or (3) the :tasklabel parameter to the ReportRequest program, related to the name of a report.
Fri, 14 Nov 08
windows
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4037
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability."
Fri, 14 Nov 08
CVE-2008-4033 (20007_office_system, expression_web, office_compatibility_pack_for_word_excel_ppt...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4033
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
Fri, 14 Nov 08
internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4029
Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability."
Fri, 14 Nov 08
photovideotube
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5042
Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php.
Fri, 14 Nov 08
ro002_router
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5041
Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default password for the "rdc123" account, which makes it easier for remote attackers to obtain access. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 14 Nov 08
myforum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5040
Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1.
Fri, 14 Nov 08
league_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5039
Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php.
Fri, 14 Nov 08
edirectory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5038
Use after free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.
Fri, 14 Nov 08
image_gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5037
SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Wed, 12 Nov 08
vlc_media_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5036
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
Wed, 12 Nov 08
hardware_management_console
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5035
The Resource Monitoring and Control (RMC) daemon in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 and 3.3.0 SP2 allows remote attackers to cause a denial of service (daemon crash or hang) via a packet with an invalid length.
Wed, 12 Nov 08
printfilters-ppd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5034
** DISPUTED ** master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. NOTE: the vendor disputes this vulnerability, stating 'this package does not have " possibility of attack with the help of symlinks"'.
Wed, 12 Nov 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5033
The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service (NULL function pointer dereference and OOPS) via unknown vectors.
Wed, 12 Nov 08
vlc_media_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5032
Multiple stack-based buffer overflows in VideoLAN VLC media player 0.5.0 through 0.9.5 allow user-assisted attackers to execute arbitrary code via (1) the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c; or (2) an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c.
Wed, 12 Nov 08
python
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5031
Multiple integer overflows in Python 2.5.2 allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.
Wed, 12 Nov 08
libcaudio
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5030
Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote attackers to execute arbitrary code via long CDDB data.
Wed, 12 Nov 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5029
The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.
Wed, 12 Nov 08
mdrmsap_activex_control, sapgui
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4387
Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer.
Wed, 12 Nov 08
monitor, nagios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5028
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
Wed, 12 Nov 08
monitor, nagios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5027
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
Wed, 12 Nov 08
sharepoint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5026
Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents.
Wed, 12 Nov 08
lotus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5011
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860.
Wed, 12 Nov 08
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5010
in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.
Wed, 12 Nov 08
CVE-2008-5009 (solstice_x.25)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5009
Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file.
Tue, 11 Nov 08
secret_rabbit_code
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5008
Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or libsamplerate) before 0.1.4, when "extreme low conversion ratios" are used, allows user-assisted attackers to have an unknown impact via a crafted audio file.
Tue, 11 Nov 08
lazarus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5007
create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory.
Tue, 11 Nov 08
imap_toolkit
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5006
smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.
Tue, 11 Nov 08
alpine, imap_toolkit
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5005
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by th...
Tue, 11 Nov 08
bloggie_lite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5004
SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 11 Nov 08
shahrood
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5003
SQL injection vulnerability in ndetail.php in Shahrood allows remote attackers to execute arbitrary SQL commands via the id parameter.
Tue, 11 Nov 08
chilkat_crypt_activex_control
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5002
Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
Tue, 11 Nov 08
ultravnc
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5001
Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified parameters, a different issue than CVE-2008-0610.
Tue, 11 Nov 08
phpx
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5000
SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via uppercase characters in the news_id parameter.
Tue, 11 Nov 08
ace, esx, esxi, player, server, workstation
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4915
The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS.
Tue, 11 Nov 08
coldfusion
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4831
Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors.
Tue, 11 Nov 08
flash_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4823
Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute.
Tue, 11 Nov 08
flash_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4822
Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.
Tue, 11 Nov 08
flash_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4821
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors.
Tue, 11 Nov 08
flash_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4820
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors.
Tue, 11 Nov 08
flash_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4819
Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
Tue, 11 Nov 08
flash_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4818
Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers.
Tue, 11 Nov 08
esx, esxi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4281
Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors.
Tue, 11 Nov 08
unistim_ip_phone
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4999
Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the original researcher was not able to reliably reproduce the issue.
Tue, 11 Nov 08
twiki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4998
** DISPUTED ** postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid."
Tue, 11 Nov 08
datafreedom-perl
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4997
** DISPUTED ** dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. NOTE: the vendor disputes this vulnerability, stating that the vector is solely "an EXAMPLE used in the manpage."
Tue, 11 Nov 08
initramfs-tools
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4996
** DISPUTED ** init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable."
Tue, 11 Nov 08
bk2site
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4995
redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/redirect.log temporary file. NOTE: this vulnerability is only limited to debug mode, which is disabled by default.
Tue, 11 Nov 08
xmcd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4994
The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.*pid temporary file.
Sat, 8 Nov 08
xen
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4993
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.
Sat, 8 Nov 08
CVE-2008-4992 (blade_t6300_server, blade_t6320_server, fire_enterprise_server_t1000, fire_enterp...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4992
The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and 7.1.3 through 7.1.3.e on UltraSPARC T1, T2, and T2+ processors allows logical domain users to access memory in other logical domains via unknown vectors.
Sat, 8 Nov 08
tru64
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4414
Unspecified vulnerability in the AdvFS showfile command in HP Tru64 UNIX 5.1B-3 and 5.1B-4 allows local users to gain privileges via unspecified vectors.
Fri, 7 Nov 08
ec-cube
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4991
SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and earlier, 1.4.7 and earlier, and 1.5.0-beta2 and earlier; and Community Edition 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the parameter.
Fri, 7 Nov 08
xcal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4988
pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pscal##### temporary file.
Fri, 7 Nov 08
xastir
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4987
xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ldconfig.tmp, (b) /tmp/ldconf.tmp, and (c) /tmp/ld.so.conf temporary files, related to the (1) get-maptools.sh and (2) get_shapelib.sh scripts.
Fri, 7 Nov 08
wims
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4986
wims 3.62 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/env#####, (b) /tmp/sed#####, and (c) /tmp/referer-home.log temporary files, related to the (1) coqweb and (2) account.sh scripts.
Fri, 7 Nov 08
vdr
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4985
vdrleaktest in vdr 1.6.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/memleaktest.log temporary file.
Fri, 7 Nov 08
scratchbox2
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4984
scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/dpkg.#####.tmp, (b) /tmp/missing_deps.#####, and (c) /tmp/sb2-pkg-chk.$tstamp.##### temporary files, related to the (1) dpkg-checkbuilddeps and (2) sb2-check-pkg-mappings scripts.
Fri, 7 Nov 08
scilab-bin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4983
scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, (c) /tmp/SciLink#####3, (d) /tmp/*.#####, (e) /tmp/*.#####.res, (f) /tmp/*.#####.err, and (g) /tmp/*.#####.diff temporary files, related to the (1) scilink, (2) scidoc, and (3) scidem scripts.
Fri, 7 Nov 08
rkhunter
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4982
rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rkhunter-debug temporary file. NOTE: this is probably a different vulnerability than CVE-2005-1270.
Fri, 7 Nov 08
realtimebattle
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4981
perl.robot in realtimebattle 1.0.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl.robot.log temporary file.
Fri, 7 Nov 08
rccp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4980
delqueueask in rccp 0.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cccp_tmp.txt temporary file.
Fri, 7 Nov 08
rancid
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4979
getipacctg in rancid 2.3.2~a8 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/ipacct.#####.prefixes, (2) /tmp/ipacct.#####.sorted, (3) /tmp/ipacct.#####.pl, and (4) /tmp/ipacct.##### temporary files.
Fri, 7 Nov 08
radiance
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4978
radiance 3R9+20080530 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/opt.fmt, (b) /tmp/out#####.fmt, (c) /tmp/tf#####.dat, (d) /tmp/gsf#####, (e) /tmp/sc#####.sh, (f) /tmp/il#####.pic, (g) /tmp/tl#####.pic, (h) /tmp/ds#####.pic, (i) /tmp/tfa#####, and (j) /tmp/sed##### temporary files, related to the (1) optics2rad, (2) pdelta, (3) dayfact, and (4) raddepend scripts.
Fri, 7 Nov 08
postfix
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4977
** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it."
Fri, 7 Nov 08
ogle, ogle-mmx
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4976
ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/ogle_audio.#####, (b) /tmp/ogle_cli.#####, (c) /tmp/ogle_ctrl.#####, (d) /tmp/ogle_gui.#####, (e) /tmp/ogle_mpeg_ps.#####, (f) /tmp/ogle_mpeg_vs.#####, (g) /tmp/ogle_nav.#####, and (h) /tmp/ogle_vout.#####, temporary files, related to the (1) ogle_audio_debug, (2) ogle_cli_debug, (3) ogle_ctrl_debug, (4) ogle_gui_debug, (5) ogle_mpeg_ps_debug, (6) ogle_mpeg_vs_debug, (7) ogle_nav_debu...
Fri, 7 Nov 08
newsgate
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4975
mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mmp##### temporary file.
Fri, 7 Nov 08
netmrg
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4974
rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*.xml and (2) /tmp/*.backup temporary files.
Fri, 7 Nov 08
myspell
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4973
i2myspell in myspell 3.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/i2my#####.1 and (2) /tmp/i2my#####.2 temporary files.
Fri, 7 Nov 08
mgt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4972
mailgo in mgt 2.31 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mailgo##### temporary file.
Fri, 7 Nov 08
mafft
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4971
mafft-homologs in mafft 6.240 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/_vf#?????, (2) /tmp/_if#?????, (3) /tmp/_pf#?????, (4) /tmp/_af#?????, (5) /tmp/_rid#?????, (6) /tmp/_res#?????, (7) /tmp/_q#?????, and (8) /tmp/_bf#????? temporary files.
Fri, 7 Nov 08
lustre-tests
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4970
runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file.
Fri, 7 Nov 08
ltp-network-test
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4969
ltp-network-test 20060918 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/vsftpd.conf, (b) /tmp/udp/2/*, (c) /tmp/tcp/2/*, (d) /tmp/udp/3/*, (e) /tmp/tcp/3/*, (f) /tmp/nfs_fsstress.udp.2.log, (g) /tmp/nfs_fsstress.udp.3.log, (h) /tmp/nfs_fsstress.tcp.2.log, (i) /tmp/nfs_fsstress.tcp.3.log, and (j) /tmp/nfs_fsstress.sardata temporary files, related to the (1) ftp_setup_vsftp_conf and (2) nfs_fsstress.sh scripts.
Fri, 7 Nov 08
lmbench
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4968
The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/sdiff.##### temporary file.
Fri, 7 Nov 08
linuxtrade
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4967
linuxtrade 3.65 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/bwk, (b) /tmp/zzz, and (c) /tmp/ggg temporary files, related to the (1) linuxtrade.bwkvol, (2) linuxtrade.wn, and (3) moneyam.helper scripts.
Fri, 7 Nov 08
linux-patch-openswan
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4966
linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/snap##### and (b) /tmp/nightly##### temporary files, related to the (1) maysnap and (2) maytest scripts.
Fri, 7 Nov 08
liguidsoap
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4965
liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/liguidsoap.liq, (2) /tmp/lig.#####.log, and (3) /tmp/emission.ogg temporary files.
Fri, 7 Nov 08
konwert
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4964
filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary files via a symlink attack on a /tmp/any-##### temporary file.
Fri, 7 Nov 08
catos, ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4963
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP packet.
Fri, 7 Nov 08
kernel, linux_kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4395
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.
Fri, 7 Nov 08
impose+
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4960
impose in impose+ 0.2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-tmp.ps and (2) /tmp/bboxx-* temporary files.
Fri, 7 Nov 08
gpsdrive-scripts
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4959
geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/geo.google, (2) /tmp/geo.yahoo, (3) /tmp/geo.coords, and (4) /tmp/geo#####.coords temporary files.
Fri, 7 Nov 08
gdrae
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4958
gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gdrae/palabra temporary file.
Fri, 7 Nov 08
gccxml
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4957
find_flags in gccxml 0.9.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file.
Fri, 7 Nov 08
fwbuilder
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4956